$ curl -L https://github.com/bpfman/bpfman/releases/download/v0.5.1/go-xdp-counter-install-selinux.yaml -o go-xdp-counter-install-selinux.yaml
As a cluster administrator, you can deploy containerized eBPF applications with the eBPF Manager Operator.
For the example eBPF program deployed in this procedure, the sample manifest does the following:
First, it creates basic Kubernetes objects like Namespace
, ServiceAccount
, and ClusterRoleBinding
. It also creates a XdpProgram
object, which is a custom resource definition (CRD) that eBPF Manager provides, that loads the eBPF XDP program. Each program type has it’s own CRD, but they are similar in what they do. For more information, see Loading eBPF Programs On Kubernetes.
Second, it creates a daemon set which runs a user space program that reads the eBPF maps that the eBPF program is populating. This eBPF map is volume mounted using a Container Storage Interface (CSI) driver. By volume mounting the eBPF map in the container in lieu of accessing it on the host, the application pod can access the eBPF maps without being privileged. For more information on how the CSI is configured, see See Deploying an eBPF enabled application On Kubernetes.
eBPF Manager Operator is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
As a cluster administrator, you can deploy an eBPF program to nodes on your cluster. In this procedure, a sample containerized eBPF program is installed in the go-xdp-counter
namespace.
You have installed the OpenShift CLI (oc
).
You have an account with administrator privileges.
You have installed the eBPF Manager Operator.
To download the manifest, enter the following command:
$ curl -L https://github.com/bpfman/bpfman/releases/download/v0.5.1/go-xdp-counter-install-selinux.yaml -o go-xdp-counter-install-selinux.yaml
To deploy the sample eBPF application, enter the following command:
$ oc create -f go-xdp-counter-install-selinux.yaml
namespace/go-xdp-counter created
serviceaccount/bpfman-app-go-xdp-counter created
clusterrolebinding.rbac.authorization.k8s.io/xdp-binding created
daemonset.apps/go-xdp-counter-ds created
xdpprogram.bpfman.io/go-xdp-counter-example created
selinuxprofile.security-profiles-operator.x-k8s.io/bpfman-secure created
To confirm that the eBPF sample application deployed successfully, enter the following command:
$ oc get all -o wide -n go-xdp-counter
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/go-xdp-counter-ds-4m9cw 1/1 Running 0 44s 10.129.0.92 ci-ln-dcbq7d2-72292-ztrkp-master-1 <none> <none>
pod/go-xdp-counter-ds-7hzww 1/1 Running 0 44s 10.130.0.86 ci-ln-dcbq7d2-72292-ztrkp-master-2 <none> <none>
pod/go-xdp-counter-ds-qm9zx 1/1 Running 0 44s 10.128.0.101 ci-ln-dcbq7d2-72292-ztrkp-master-0 <none> <none>
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
daemonset.apps/go-xdp-counter-ds 3 3 3 3 3 <none> 44s go-xdp-counter quay.io/bpfman-userspace/go-xdp-counter:v0.5.0 name=go-xdp-counter
To confirm that the example XDP program is running, enter the following command:
$ oc get xdpprogram go-xdp-counter-example
NAME BPFFUNCTIONNAME NODESELECTOR STATUS
go-xdp-counter-example xdp_stats {} ReconcileSuccess
To confirm that the XDP program is collecting data, enter the following command:
$ oc logs <pod_name> -n go-xdp-counter
Replace <pod_name>
with the name of an XDP program pod, such as go-xdp-counter-ds-4m9cw
.
2024/08/13 15:20:06 15016 packets received
2024/08/13 15:20:06 93581579 bytes received
2024/08/13 15:20:09 19284 packets received
2024/08/13 15:20:09 99638680 bytes received
2024/08/13 15:20:12 23522 packets received
2024/08/13 15:20:12 105666062 bytes received
2024/08/13 15:20:15 27276 packets received
2024/08/13 15:20:15 112028608 bytes received
2024/08/13 15:20:18 29470 packets received
2024/08/13 15:20:18 112732299 bytes received
2024/08/13 15:20:21 32588 packets received
2024/08/13 15:20:21 113813781 bytes received