cilium · michi-covalent · Apr 25, 2023 · Mar 29, 2023 · Apr 20, 2023 · Apr 20, 2023
@@ -20,7 +20,6 @@ import (
 	"github.com/cilium/cilium/pkg/datapath/linux/ipsec"
 	"github.com/cilium/cilium/pkg/datapath/linux/linux_defaults"
 	"github.com/cilium/cilium/pkg/datapath/linux/route"
-	"github.com/cilium/cilium/pkg/datapath/linux/utime"
 	datapath "github.com/cilium/cilium/pkg/datapath/types"
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/endpointmanager"
@@ -29,7 +28,6 @@ import (
 	"github.com/cilium/cilium/pkg/ipcache"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/logging/logfields"
-	"github.com/cilium/cilium/pkg/maps/configmap"
 	"github.com/cilium/cilium/pkg/maps/ctmap"
 	"github.com/cilium/cilium/pkg/maps/egressmap"
 	"github.com/cilium/cilium/pkg/maps/eventsmap"
@@ -333,12 +331,6 @@ func (d *Daemon) initMaps() error {
 		return nil
 	}
 
-	if err := configmap.InitMap(); err != nil {
-		return err
-	}
-	// start configmap users after configmap.InitMap() above
-	utime.InitUTime(d.ctx, d.controllers, time.Minute)
-
 	if _, err := lxcmap.LXCMap().OpenOrCreate(); err != nil {
 		return err
 	}

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package bpf
+
+// BpfMap defines the base interface every BPF map needs to implement.
+//
+// Its main purpose is to register a BPF map via value group `bpf-maps`.
+//
+// Example:
+//
+//	type MapOut struct {
+//		 cell.Out
+//
+//		 BpfMap  bpf.BpfMap `group:"bpf-maps"`
+//	}
+type BpfMap interface{}
@@ -7,15 +7,17 @@ import (
 	"log"
 	"path/filepath"
 
+	"github.com/cilium/cilium/pkg/bpf"
 	"github.com/cilium/cilium/pkg/datapath/iptables"
 	"github.com/cilium/cilium/pkg/datapath/link"
 	linuxdatapath "github.com/cilium/cilium/pkg/datapath/linux"
+	"github.com/cilium/cilium/pkg/datapath/linux/utime"
 	"github.com/cilium/cilium/pkg/datapath/types"
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/hive"
 	"github.com/cilium/cilium/pkg/hive/cell"
 	ipcache "github.com/cilium/cilium/pkg/ipcache/types"
-	"github.com/cilium/cilium/pkg/maps/authmap"
+	"github.com/cilium/cilium/pkg/maps"
 	"github.com/cilium/cilium/pkg/option"
 	wg "github.com/cilium/cilium/pkg/wireguard/agent"
 	wgTypes "github.com/cilium/cilium/pkg/wireguard/types"
@@ -27,14 +29,17 @@ var Cell = cell.Module(
 	"datapath",
 	"Datapath",
 
+	// Provides all BPF Map which are already provided by via hive cell.
+	maps.Cell,
+
+	// Utime synchronizes utime from userspace to datapath via configmap.Map.
+	utime.Cell,
+
 	cell.Provide(
 		newWireguardAgent,
 		newDatapath,
 	),
 
-	// Provides the auth.Map which contains the authentication state between Cilium security identities.
-	authmap.Cell,
-
 	cell.Provide(func(dp types.Datapath) ipcache.NodeHandler {
 		return dp.Node()
 	}),
@@ -68,15 +73,15 @@ func newWireguardAgent(lc hive.Lifecycle) *wg.Agent {
 	return wgAgent
 }
 
-func newDatapath(lc hive.Lifecycle, wgAgent *wg.Agent) types.Datapath {
+func newDatapath(params datapathParams) types.Datapath {
 	datapathConfig := linuxdatapath.DatapathConfiguration{
 		HostDevice: defaults.HostDevice,
 		ProcFs:     option.Config.ProcFs,
 	}
 
 	iptablesManager := &iptables.IptablesManager{}
 
-	lc.Append(hive.Hook{
+	params.LC.Append(hive.Hook{
 		OnStart: func(hive.HookContext) error {
 			// FIXME enableIPForwarding should not live here
 			if err := enableIPForwarding(); err != nil {
@@ -87,5 +92,15 @@ func newDatapath(lc hive.Lifecycle, wgAgent *wg.Agent) types.Datapath {
 			return nil
 		}})
 
-	return linuxdatapath.NewDatapath(datapathConfig, iptablesManager, wgAgent)
+	return linuxdatapath.NewDatapath(datapathConfig, iptablesManager, params.WgAgent)
+}
+
+type datapathParams struct {
+	cell.In
+
+	LC      hive.Lifecycle
+	WgAgent *wg.Agent
+
+	// Force map initialisation before loader
+	BpfMaps []bpf.BpfMap `group:"bpf-maps"`
 }
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package utime
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/cilium/cilium/pkg/controller"
+	"github.com/cilium/cilium/pkg/hive"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/maps/configmap"
+)
+
+const (
+	syncControllerName     = "sync-utime"
+	syncControllerInterval = 1 * time.Minute
+)
+
+// Cell initializes and manages the utime offset synchronization.
+var Cell = cell.Module(
+	"utime",
+	"Synchronizes utime offset between userspace and datapath",
+
+	cell.Invoke(initUtimeSync),
+)
+
+func initUtimeSync(lifecycle hive.Lifecycle, configMap configmap.Map) {
+	controllerManager := controller.NewManager()
+
+	lifecycle.Append(hive.Hook{
+		OnStart: func(startCtx hive.HookContext) error {
+			ctrl := &utimeController{configMap: configMap}
+
+			// Add controller for keeping clock in sync for NTP time jumps and any difference
+			// between monotonic and boottime clocks.
+			controllerManager.UpdateController(syncControllerName,
+				controller.ControllerParams{
+					DoFunc: func(ctx context.Context) error {
+						return ctrl.sync()
+					},
+					RunInterval: syncControllerInterval,
+				},
+			)
+			return nil
+		},
+		OnStop: func(stopCtx hive.HookContext) error {
+			if err := controllerManager.RemoveController(syncControllerName); err != nil {
+				return fmt.Errorf("failed to remove controller: %w", err)
+			}
+			return nil
+		},
+	})
+}
@@ -5,21 +5,17 @@ package utime
 
 import (
 	"bufio"
-	"context"
 	"fmt"
 	"os"
 	"runtime"
 	"time"
 
 	"golang.org/x/sys/unix"
 
-	"github.com/cilium/cilium/pkg/controller"
 	"github.com/cilium/cilium/pkg/maps/configmap"
 )
 
 const (
-	ctrlName = "sync-utime"
-
 	btimeInfoFilepath = "/proc/stat"
 	nClockSamples     = 10
 
@@ -63,46 +59,23 @@ func (t UTime) String() string {
 }
 
 type utimeController struct {
-	index  configmap.Index
-	offset UTime
-}
-
-type controllerManager interface {
-	UpdateController(name string, params controller.ControllerParams)
-}
-
-func InitUTime(ctx context.Context, mgr controllerManager, interval time.Duration) {
-	ctrl := &utimeController{
-		index: configmap.UTimeOffset,
-	}
-
-	// Add controller for keeping clock in sync for NTP time jumps and any difference
-	// between monotonic and boottime clocks.
-	mgr.UpdateController(ctrlName,
-		controller.ControllerParams{
-			DoFunc: func(ctx context.Context) error {
-				return ctrl.sync()
-			},
-			RunInterval: interval,
-			Context:     ctx,
-		},
-	)
+	configMap configmap.Map
+	offset    UTime
 }
 
 func (u *utimeController) sync() error {
-	offset := GetCurrentUTimeOffset()
+	offset := getCurrentUTimeOffset()
 	if offset != u.offset {
-		err := configmap.Update(u.index, uint64(offset))
-		if err != nil {
-			return err
+		if err := u.configMap.Update(configmap.UTimeOffset, uint64(offset)); err != nil {
+			return fmt.Errorf("failed to update utime offset: %w", err)
 		}
 		u.offset = offset
 	}
 	return nil
 }
 
-// GetCurrentUTimeOffset returns the current time offset to be configured for the datapath
-func GetCurrentUTimeOffset() UTime {
+// getCurrentUTimeOffset returns the current time offset to be configured for the datapath
+func getCurrentUTimeOffset() UTime {
 	// boottime is in seconds since Unix epoch, delta is clock drift in nanoseconds
 	boottime, err := getBoottime()
 	if err != nil {

@@ -4,6 +4,7 @@
 package authmap
 
 import (
+	"github.com/cilium/cilium/pkg/bpf"
 	"github.com/cilium/cilium/pkg/hive"
 	"github.com/cilium/cilium/pkg/hive/cell"
 	"github.com/cilium/cilium/pkg/option"
@@ -20,7 +21,7 @@ var Cell = cell.Module(
 	cell.Provide(newAuthMap),
 )
 
-func newAuthMap(lifecycle hive.Lifecycle) (Map, error) {
+func newAuthMap(lifecycle hive.Lifecycle) MapOut {
 	authMap := newMap(option.Config.AuthMapEntries)
 
 	lifecycle.Append(hive.Hook{
@@ -32,5 +33,15 @@ func newAuthMap(lifecycle hive.Lifecycle) (Map, error) {
 		},
 	})
 
-	return authMap, nil
+	return MapOut{
+		AuthMap: authMap,
+		BpfMap:  authMap,
+	}
+}
+
+type MapOut struct {
+	cell.Out
+
+	AuthMap Map
+	BpfMap  bpf.BpfMap `group:"bpf-maps"`
 }
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package maps
+
+import (
+	"github.com/cilium/cilium/pkg/hive/cell"
+	"github.com/cilium/cilium/pkg/maps/authmap"
+	"github.com/cilium/cilium/pkg/maps/configmap"
+)
+
+// Cell contains all cells which are providing BPF Maps.
+var Cell = cell.Module(
+	"maps",
+	"BPF Maps",
+
+	// Provides the auth.Map which contains the authentication state between Cilium security identities.
+	authmap.Cell,
+
+	// ConfigMap stores runtime configuration state for the Cilium datapath.
+	configmap.Cell,
+)
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package configmap
+
+import (
+	"github.com/cilium/cilium/pkg/bpf"
+	"github.com/cilium/cilium/pkg/hive"
+	"github.com/cilium/cilium/pkg/hive/cell"
+)
+
+// Cell initializes and manages the config map.
+var Cell = cell.Module(
+	"config-map",
+	"eBPF map config contains runtime configuration state for the Cilium datapath",
+
+	cell.Provide(newMap),
+)
+
+func newMap(lifecycle hive.Lifecycle) MapOut {
+	configmap := newConfigMap()
+
+	lifecycle.Append(hive.Hook{
+		OnStart: func(startCtx hive.HookContext) error {
+			return configmap.init()
+		},
+		OnStop: func(stopCtx hive.HookContext) error {
+			return configmap.close()
+		},
+	})
+
+	return MapOut{
+		ConfigMap: configmap,
+		BpfMap:    configmap,
+	}
+}
+
+type MapOut struct {
+	cell.Out
+
+	ConfigMap Map
+	BpfMap    bpf.BpfMap `group:"bpf-maps"`
+}