bpfman-operator: Support Load/Attach Split

This commit introduces support for bpfman’s load-attach split from bpfman PR
refactoring and CRD changes to align with this new model.

Key Changes:

- Remove "*Program" CRDs and related code in favor of the BpfApplication CRD,
  which can contain multiple eBPF programs.
- Replace BpfProgram CRD with BpfApplicationState, which stores per-node state
  information for all eBPF programs in a BpfApplication.
- Rename CRDs for better alignment with Kubernetes conventions:
  - BpfApplication => ClusterBpfApplication (Cluster-scoped)
  - BpfNsApplication => BpfApplication (Namespace-scoped)
- The BpfApplication CRDs have been modified to include an optional list of
  attach points for each program, enabling pre-loading programs before
  attachment and supporting dynamic attachment updates.
- Redesign the bpfman-agent controller to natively support BpfApplications.

Fixes: #397

Signed-off-by: Andre Fredette <[email protected]>

Author: anfredette

PROJECT

@@ -11,69 +11,6 @@ plugins:
 projectName: bpfman-operator
 repo: github.com/bpfman
 resources:
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: BpfProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: XdpProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: TcProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: TcxProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: TracePointProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: KprobeProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: UprobeProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: FentryProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-  controller: true
-  domain: bpfman.io
-  kind: FexitProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
 - api:
     crdVersion: v1
   controller: true
@@ -86,47 +23,21 @@ resources:
     namespaced: true
   controller: true
   domain: bpfman.io
-  kind: BpfNsProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-    namespaced: true
-  controller: true
-  domain: bpfman.io
-  kind: XdpNsProgram
+  kind: ClusterBpfApplication
   path: github.com/bpfman/bpfman-operator/apis/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
-    namespaced: true
   controller: true
   domain: bpfman.io
-  kind: TcNsProgram
+  kind: BpfApplicationState
   path: github.com/bpfman/bpfman-operator/apis/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
-    namespaced: true
-  controller: true
-  domain: bpfman.io
-  kind: TcxNsProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-    namespaced: true
-  controller: true
-  domain: bpfman.io
-  kind: UprobeNsProgram
-  path: github.com/bpfman/bpfman-operator/apis/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-    namespaced: true
   controller: true
   domain: bpfman.io
-  kind: BpfNsApplication
+  kind: ClusterBpfApplicationState
   path: github.com/bpfman/bpfman-operator/apis/v1alpha1
   version: v1alpha1
 version: "3"

TODO.md

@@ -0,0 +1,29 @@
+# Intro
+
+The operator is integrated with Dave's load/attach split code.
+
+# Testing:
+
+- Unit tests for the agent and the operator
+- All sample yamls work (except for bpfman.io_v1alpha1_test1_clusterbpfapplication.yaml which is a negative test.)
+
+# TODO:
+
+(In no particular order.)
+
+- Scrub logs (need to remove some and make some Info logs Debug)
+- Figure out why `k apply -f
+  config/samples/bpfman.io_v1alpha1_test1_clusterbpfapplication.yaml` works for
+  kprobe, fentry and fexit, but is rejected for the other program types.
+- Delete the "test" sample programs when I'm done using them for testing.
+- Get the bpfman examples and regression tests working (probably after)
+
+# TODO (After merge)
+- Possibly more of the scrubbing mentioned above.
+- Make more of the bpfman-agent controller code common.
+- Change ContainerSelector to PodSelector for xdp, tc and tcx programs. xdp, tc
+  and tcx programs can't attach to multiple containers in a pod because they are
+  all in the same namespace.  Technically, xdp and tc can because of the way we
+  implemented the dispatchers, but it probably doesn't make sense.  Tcx errors
+  out if you try to do it.
+- Update documentation