Latest revision as of 15:49, 26 March 2024

Add bpfman to Fedora (Self-Contained Change proposal)

Summary

bpfman: An eBPF Manager bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. Its notable features encompass:

System Overview: Provides insights into how eBPF is utilized in your system.
eBPF Program Loader: Includes a built-in program loader that supports program cooperation for XDP and TC programs, as well as deployment of eBPF programs from OCI images.
eBPF Filesystem Management: Manages the eBPF filesystem, facilitating the deployment of eBPF applications without requiring additional privileges.

We do aim to have this included in Fedora 40 and besides the packaging work wanted to create a Self Contained change for wide communication to the community. It provides an easy way to load eBPF program and eventually we'd like for it to become a de-facto standard, but that's outside of the scope of this change.

Owner

Name: Daniel Mellado
Email: dmellado@fedoraproject.org
Name: Dave Tucker
Email: datucker@redhat.com
Name: Toke Høiland-Jørgensen
Email: thoiland@redhat.com

Current status

Targeted release: Fedora Linux 41
Last updated: 2024-03-26
Discussion thread
Announced
FESCo issue: #3153
Tracker bug: #2271633
Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. bpfman is a software stack that aims to make it easy to load, unload, modify and monitor eBPF programs whether on a single host, or in a Kubernetes cluster. bpfman includes the following core components:

bpfman: A system daemon that supports loading, unloading, modifying and monitoring of eBPF programs exposed over a gRPC API.
eBPF CRDS: bpfman provides a set of CRDs (XdpProgram, TcProgram, etc.) that provide a way to express intent to load eBPF programs as well as a bpfman generated CRD (BpfProgram) used to represent the runtime state of loaded programs.
bpfman-agent: The agent runs in a container in the bpfman daemonset and ensures that the requested eBPF programs for a given node are in the desired state.
bpfman-operator: An operator, built using Operator SDK, that manages the installation and lifecycle of bpfman-agent and the CRDs in a Kubernetes cluster.

bpfman is developed in Rust and built on top of Aya, a Rust eBPF library.

Feedback

N/A

Benefit to Fedora

bpfman is a software stack simplifying the management of eBPF programs in Kubernetes clusters or on individual hosts. It comprises a system daemon (bpfman), eBPF Custom Resource Definitions (CRDs), an agent (bpfman-agent), and an operator (bpfman-operator). Developed in Rust on the Aya library, bpfman offers improved security, visibility, multi-program support, and enhanced productivity for developers.

For Fedora, integrating bpfman would streamline eBPF program loading. It enhances security by restricting privileges to the controlled bpfman daemon, simplifies deployment in Kubernetes clusters, and offers improved visibility into running eBPF programs. This integration aligns with Fedora's commitment to providing efficient and secure solutions, making it easier for users to leverage the benefits of eBPF in their systems.

Scope

Proposal owners:Submit / review pull-requests and packages to Fedora
Other developers: https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman-next/ migrate these packages from copr to Fedora alongside proposal owners
Release engineering: #Releng issue number
Policies and guidelines: N/A (not needed for this Change)
Trademark approval: N/A (not needed for this Change)
Alignment with Community Initiatives: N/A

Upgrade/compatibility impact

N/A

How To Test

N/A

User Experience

Users would be able to easily load eBPF programs within Fedora in a way more simpler way than currently using bpfman.

Dependencies

Contingency Plan

Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
Contingency deadline: N/A (not a System Wide Change)
Blocks release? N/A (not a System Wide Change), No

Documentation

https://bpfman.io/main/

Release Notes

@@ Line 1: / Line 1: @@
-= Fedora 40: Bpfman as default eBPF manager (Self-Contained Change proposal) =
+= Add bpfman to Fedora (Self-Contained Change proposal) =
 == Summary ==
 <!-- A sentence or two summarizing what this change is and what it will do. This information is used for the overall changeset summary page for each release. Note that motivation for the change should be in the Benefit to Fedora section below, and this part should answer the question "What?" rather than "Why?". -->
+bpfman: An eBPF Manager
+bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. Its notable features encompass:
+* System Overview: Provides insights into how eBPF is utilized in your system.
+* eBPF Program Loader: Includes a built-in program loader that supports program cooperation for XDP and TC programs, as well as deployment of eBPF programs from OCI images.
+* eBPF Filesystem Management: Manages the eBPF filesystem, facilitating the deployment of eBPF applications without requiring additional privileges.
+We do aim to have this included in Fedora 40 and besides the packaging work wanted to create a Self Contained change for wide communication to the community. It provides an easy way to load eBPF program and eventually we'd like for it to become a de-facto standard, but that's outside of the scope of this change.
 == Owner ==
@@ Line 9: / Line 17: @@
 This should link to your home wiki page so we know who you are.
 -->
-* Name: [[User:FASAcountName| Your Name]]
+* Name: [[User:dmellado| Daniel Mellado]]
-<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
+* Email: dmellado@fedoraproject.org
-* Email: <your email address so we can contact you, invite you to meetings, etc. Please provide your Bugzilla email address if it is different from your email in FAS>
+* Name: [[davetucker| Dave Tucker]]
+* Email: datucker@redhat.com
+* Name: [[tohojo| Toke Høiland-Jørgensen]]
+* Email: thoiland@redhat.com
 <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
 * FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
 -->
 == Current status ==
-[[Category:ChangePageIncomplete]]
+[[Category:ChangeAcceptedF41]]
 <!-- When your change proposal page is completed and ready for review and announcement -->
 <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
@@ Line 28: / Line 38: @@
 <!-- [[Category:SystemWideChange]] -->
-* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f<VERSION>/ Fedora Linux <VERSION>]
+* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f41/ Fedora Linux 41]
 * Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}
 <!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page
@@ Line 36: / Line 46: @@
 ON_QA -> change is fully code complete
 -->
-* [<will be assigned by the Wrangler> devel thread]
+* [https://discussion.fedoraproject.org/t/f40-change-proposal-bpfman-as-default-ebpf-manager-self-contained/101507 Discussion thread]
-* FESCo issue: <will be assigned by the Wrangler>
+* [https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/AJBVVHN4D3Z2M2WRPIFOPWRI2B4VNGOG/ Announced]
-* Tracker bug: <will be assigned by the Wrangler>
+* FESCo issue: [https://pagure.io/fesco/issue/3153 #3153]
+* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2271633 #2271633]
 * Release notes tracker: <will be assigned by the Wrangler>
 == Detailed Description ==
 <!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
+bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. bpfman is a software stack that aims to make it easy to load, unload, modify and monitor eBPF programs whether on a single host, or in a Kubernetes cluster. bpfman includes the following core components:
+* bpfman: A system daemon that supports loading, unloading, modifying and monitoring of eBPF programs exposed over a gRPC API.
+* eBPF CRDS: bpfman provides a set of CRDs (XdpProgram, TcProgram, etc.) that provide a way to express intent to load eBPF programs as well as a bpfman generated CRD (BpfProgram) used to represent the runtime state of loaded programs.
+* bpfman-agent: The agent runs in a container in the bpfman daemonset and ensures that the requested eBPF programs for a given node are in the desired state.
+* bpfman-operator: An operator, built using Operator SDK, that manages the installation and lifecycle of bpfman-agent and the CRDs in a Kubernetes cluster.
+bpfman is developed in Rust and built on top of Aya, a Rust eBPF library.
 == Feedback ==
 <!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
+N/A
 == Benefit to Fedora ==
@@ Line 75: / Line 95: @@
       https://fedoraproject.org/wiki/Changes/perl5.26 (major upgrade to a popular software stack, visible to users of that stack)
 -->
+bpfman is a software stack simplifying the management of eBPF programs in Kubernetes clusters or on individual hosts. It comprises a system daemon (bpfman), eBPF Custom Resource Definitions (CRDs), an agent (bpfman-agent), and an operator (bpfman-operator). Developed in Rust on the Aya library, bpfman offers improved security, visibility, multi-program support, and enhanced productivity for developers.
+For Fedora, integrating bpfman would streamline eBPF program loading. It enhances security by restricting privileges to the controlled bpfman daemon, simplifies deployment in Kubernetes clusters, and offers improved visibility into running eBPF programs. This integration aligns with Fedora's commitment to providing efficient and secure solutions, making it easier for users to leverage the benefits of eBPF in their systems.
 == Scope ==
-* Proposal owners:
+* Proposal owners:Submit / review pull-requests and packages to Fedora
 <!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
+* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman-next/ migrate these packages from copr to Fedora alongside proposal owners
-* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
 * Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.
 The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
 * Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Do the packaging guidelines or other documents need to be updated for this feature?  If so, does it need to happen before or after the implementation is done?  If a FPC ticket exists, add a link here. Please submit a pull request with the proposed changes before submitting your Change proposal. -->
 * Trademark approval: N/A (not needed for this Change)
 <!-- If your Change may require trademark approval (for example, if it is a new Spin), file a ticket ( https://pagure.io/Fedora-Council/tickets/issues ) requesting trademark approval from the Fedora Council. This approval will be done via the Council's consensus-based process. -->
+* Alignment with Community Initiatives: N/A
-* Alignment with Community Initiatives:
 <!-- Does your proposal align with the current Fedora Community Initiatives: https://docs.fedoraproject.org/en-US/project/initiatives/ ? It's okay if it doesn't, but it's something to consider -->
@@ Line 100: / Line 119: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+N/A
 == How To Test ==
@@ Line 118: / Line 137: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+N/A
 == User Experience ==
@@ Line 131: / Line 150: @@
   - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
 -->
+Users would be able to easily load eBPF programs within Fedora in a way more simpler way than currently using bpfman.
 == Dependencies ==
@@ Line 145: / Line 165: @@
 * Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
-* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+* Blocks release? N/A (not a System Wide Change), No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 == Documentation ==
 <!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
+* https://bpfman.io/main/
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
-N/A (not a System Wide Change)
 == Release Notes ==

Search

Changes/DefaultBpfman: Difference between revisions