Add example bytecode image spec + ability for bpfd to pull and extract bytecode from images #102
Conversation
astoycos
force-pushed
the
bytecode-image
branch
2 times, most recently
from
d28f3b0
to
50dc5aa
Compare
|
The first draft of this is functional, there are still some TODOs in the spec + implementation but I want to get some review before moving forward. |
astoycos
force-pushed
the
bytecode-image
branch
2 times, most recently
from
d4ab23c
to
fa41b45
Compare
|
|
||
| We provide two distinct spec variants here to ensure interoperatiblity with existing registries | ||
| and packages which do no support the new custom media types defined here. | ||
|
|
There was a problem hiding this comment.
Can you add a bullet list with the names of the two spec variants here.
There was a problem hiding this comment.
Done, this is a rough draft eventually this may turn into 2 separate documents like solo did for wasm modules here
astoycos
force-pushed
the
bytecode-image
branch
from
92c8b5d
to
fabf0eb
Compare
astoycos
changed the title
astoycos
force-pushed
the
bytecode-image
branch
2 times, most recently
from
23f91fd
to
4b5fb08
Compare
|
@dave-tucker This should be ready to go (At least for the quick and dirty version) there's still some todo's and I'd feel better with a few unit tests but for the e2e K8s demo this is a must |
bpfd/src/server/pull_bytecode.rs
Outdated
| use serde_json::Value; | ||
| use tar::Archive; | ||
|
|
||
| const CONTAINERIZED_BYTECODE_PATH: &str = "/etc/bpfd/bytecode/"; |
There was a problem hiding this comment.
This should be in /var
There was a problem hiding this comment.
So this might break @Billy99's work... If we're not running with sudo will we have the ability to create/ put files in /var/bpfd/bytecode?
There was a problem hiding this comment.
I had code changes pending on my branch to change the user from bpfctl to bpfd-clients. I can change the directory with those changes and make sure it has the correct owner.
There was a problem hiding this comment.
See #118
FYI: I change the name if needed.
| .expect("Not a valid bytecode image reference"); | ||
|
|
||
| let protocol = client::ClientProtocol::Https; | ||
| // TODO(astoycos): Add option/flag to authenticate against private image repositories |
There was a problem hiding this comment.
That should live in bpfd.toml we can have something like:
[ registry ]
[ registry.docker-io ]
username = foo
password = bar
We can then infer the registry from the image path and login if required.
Can be added later so lets add an issue to track it,
There was a problem hiding this comment.
Sounds good to me I will make an issue to track this
bpfd/src/server/pull_bytecode.rs
Outdated
| debug! {"Pulling bytecode from image path: {}", image_url} | ||
| let image: Reference = image_url | ||
| .parse() | ||
| .expect("Not a valid bytecode image reference"); |
There was a problem hiding this comment.
We should explicitly handle this error (and other errors here) vs. using expect which will panic.
i.e. .map_err(ImageError::InvalidImageUrl)?.
There was a problem hiding this comment.
+1 let me whip up some custom error types :)
Add some documentation around delivering bytecode to bpfd via container images. Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
astoycos
force-pushed
the
bytecode-image
branch
from
4b5fb08
to
79b77f0
Compare
|
Done this should be ready to go barring CI |
Add a new flag to bpfctl titled `--from-image` which will signal that the provided <PATH> is actually a valid container image URL Update bpfd to be able to pull and extract EBPF bytecode from a container image if properly configured. Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
This allows us to not have to worry about installing openSSL on different underlying distros However for use with fedora we still need to install perl :/ see -> openssl/openssl#13761 Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
Add option to only compile the bpf dispatcher written in C using clang. Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
Update dockerfile to only build C ebpf dispacher program for now, which speeds up build time. Move from the nigthly rust image to rust:1.63.0-bullseye. Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
|
rustfmt me please 😆 |
astoycos
force-pushed
the
bytecode-image
branch
from
79b77f0
to
61609fa
Compare
|
I always forget 🥇 |
Starting work on #99