pkg/maps/egressmap: refactor into a cell

[lmb]

pkg/maps/egressmap: refactor policy map into a cell

Rework the egressmap from a global variable into a Cell. The map still has
singleton behaviour due to map pinning, but at least for unit tests we can
opt out of pinning and isolate the map from global changes.

Stop writing out EGRESS_POLICY_MAP_SIZE into node_config.h since the map
definition in C is never actually used. The map size is configured via a
command line parameter instead. Hardcode the previously used default value
to avoid errors when running BPF unit tests. This is simpler than wiring the
new PolicyConfig into HeaderfileWriter.

Reuse the MapOut strategy from configmap and authmap to ensure that the
egressmap is initialized by the agent before the loader is invoked. 
Otherwise map creation might use the (incorrect) MaxElems from the compiled
C code.

Signed-off-by: Lorenz Bauer <lmb@isovalent.com>

hivetest: add Lifecycle to make testing easier

hive requires splitting up object lifecycle into New, Start, Stop. It does
this by injecting a hive.Lifecycle into constructors. This in turn means
that we need a lifecycle to create objects during testing.

Implement a minimal hive.Lifecycle for use in testing, which doesn't 
distinguish between New and Start phases and instead immediately executes
any start hooks. Stop hooks are invoked at test cleanup time.

Signed-off-by: Lorenz Bauer <lmb@isovalent.com>

Refactor egressgateway specific maps into a cell

Updates: #23782

[lmb]

/test-runtime

[lmb]

/test-runtime

[lmb]

/test-runtime

[lmb]

/test

[lmb]

This is to keep the BPF unit tests happy.

[viktor-kurchenko]

So, value must be hardcoded and constant is not allowed?

[lmb]

I removed the define for EGRESS_POLICY_MAP_SIZE so that I can get rid of the entry in node_config.h which is written out at runtime. It's difficult to plumb the size requested via config / command line into node_config.h without relying on option.Config global which I wanted to avoid.

So: we could keep the define but move it to maps.h. That runs the risk of some C code relying on that define with the assumption that it reflects the configured value. So I opted to remove the define instead.

[viktor-kurchenko]

Thanks!

[lmb]

The current state of the PR is not good to merge, since it doesn't enforce a dependency between the loader component and the map.

[lmb]

/test-runtime

[lmb]

Maybe we can get away without this? Ties into the whole "optional hive feature".

[lmb]

/test

Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed:

Click to show.

Test Name

K8sDatapathServicesTest Checks N/S loadbalancing With host policy Tests NodePort

Failure Output

FAIL: Can not connect to service "http://192.168.56.12:30861" from outside cluster (1/10)

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/1953/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.26-kernel-net-next so I can create one.

Then please upload the Jenkins artifacts to that issue.

[jibi]

Looks good, thanks! Just one nit and a question

[jibi]

nit: extra dot at the end

[lmb]

Hmm I don't understand, sorry.

[mhofstetter]

LGTM - thanks for introducing the generic MapOut type

[lmb]

/test

[lmb]

Travis error is probably a stuck test #23509

[joamaki]

hivetest package looks good to me

[lmb]

runtime test is #25178

[joestringer]

Please make the tests green and get all codeowner groups' review.

[lmb]

@viktor-kurchenko could you take another look and approve?

[lmb]

/test

[thorn3r]

LGTM, this was a nice lil intro to hive for me 😎 nice work

[lmb]

I added ready-to-merge accidentally but am now getting 500 when trying to remove it.