New 'node-agent' that listens to pod events and loads eBPF programs

.github/workflows/build.yaml

@@ -16,7 +16,6 @@ env:
   REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize
 
 jobs:
-
   build:
     if: (github.event_name == 'push' && github.repository == 'otterize/network-mapper') || github.event.pull_request.head.repo.full_name == 'otterize/network-mapper'
     name: Build
@@ -110,6 +109,60 @@ jobs:
           build-args: |
             "VERSION=0.0.${{ github.run_id }}"
 
+  # entire workflow is duplicated (sorry) since we can't
+  # cross-compile the arm64 agent on amd64 builders.
+  # This is because the vmlinux.h generation needs
+  # information from the an arm64 kernel.
+  # TODO: refactor to avoid duplication
+  build-node-agent:
+    if: (github.event_name == 'push' && github.repository == 'otterize/network-mapper') || github.event.pull_request.head.repo.full_name == 'otterize/network-mapper'
+    name: Build (agent)
+    runs-on: ubuntu-latest
+    outputs:
+      registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test
+
+    steps:
+      - id: registry
+        run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+        with:
+          driver-opts: network=host
+
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: _json_key_base64
+          password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: otterize
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Test & Build production image
+        uses: docker/build-push-action@v2
+        with:
+          context: src/
+          file: build/agent.Dockerfile
+          tags: ${{ env.REGISTRY }}/agent:${{ github.sha }}
+          push: true
+          network: host
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            "VERSION=0.0.${{ github.run_id }}"
+
   e2e-test:
     uses: ./.github/workflows/e2e-test.yaml
     name: Trigger e2e tests

.github/workflows/lint.yml

@@ -23,12 +23,16 @@ jobs:
           go-version: '1.21.3'
       - uses: actions/checkout@v3
       - name: Install dependencies
-        run: sudo apt update && sudo apt install libpcap-dev # required for the linter to be able to lint github.com/google/gopacket
+        run: |
+          sudo apt update && sudo apt install libpcap-dev clang libelf-dev libbpf-dev
       - name: go generate
-        run: go generate ./...
+        run: | 
+          go generate -tags ebpf ./...
+
         working-directory: src
       - name: go vet
-        run: go vet ./...
+        run: |
+          go vet ./...
         working-directory: src/
       - name: check git diff
         run: git diff --exit-code
@@ -41,7 +45,12 @@ jobs:
           go-version: '1.21.3'
       - uses: actions/checkout@v3
       - name: Install dependencies
-        run: sudo apt update && sudo apt install libpcap-dev # required for the linter to be able to lint github.com/google/gopacket
+        run: |
+          sudo apt update && sudo apt install libpcap-dev clang libelf-dev libbpf-dev
+      - name: go generate
+        run: |
+          go generate -tags ebpf ./...
+        working-directory: src
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:

.gitignore

@@ -17,3 +17,7 @@
 # IDE
 .idea/
 *.iml
+
+# BPF specific files
+*.o
+vmlinux.h

Makefile

@@ -0,0 +1,121 @@
+PROMPT_COLOR=\033[36m
+PROMPT_NC=\033[0m # No Color
+
+HELM_CHARTS_PATH = ../helm-charts/otterize-kubernetes
+
+OTRZ_CLUSTER = https://app.staging.otterize.com/api
+OTRZ_NAMESPACE = otterize-system
+OTRZ_IMAGE_TAG = 0.0.0
+OTRZ_IMAGE_REGISTRY = otterize
+OTRZ_AGENT_IMAGE_NAME = agent
+OTRZ_MAPPER_IMAGE_NAME = mapper
+OTRZ_AGENT_IMAGE_FULL_NAME = $(OTRZ_IMAGE_REGISTRY)/$(OTRZ_AGENT_IMAGE_NAME):$(OTRZ_IMAGE_TAG)
+OTRZ_MAPPER_IMAGE_FULL_NAME = $(OTRZ_IMAGE_REGISTRY)/$(OTRZ_MAPPER_IMAGE_NAME):$(OTRZ_IMAGE_TAG)
+
+LIMA_K8S_TEMPLATE = ./dev/lima-k8s.yaml
+LIMA_CLUSTER_NAME = k8s-$(DOCKER_TARGET_ARCH)
+LIMA_KUBECONFIG_PATH = $(HOME)/.kube/lima
+LIMA_TEMP_DIR = /tmp/lima/
+DOCKER_TARGET_ARCH = arm64
+LIMA_TARGET_ARCH = aarch64
+
+# Include .env file if it exists
+ifneq (,$(wildcard ./.env))
+    include .env
+    export
+endif
+
+help: ## Show help message
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n"} /^[$$()% a-zA-Z_-]+:.*?##/ { printf "  ${PROMPT_COLOR}%-25s${PROMPT_NC} %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+# Image building targets
+
+build-agent: ## Builds the node agent image
+	@echo "${PROMPT_COLOR}Building agent image '$(OTRZ_AGENT_IMAGE_FULL_NAME)'...${PROMPT_NC}"
+	docker buildx build --platform linux/$(DOCKER_TARGET_ARCH) -t $(OTRZ_AGENT_IMAGE_FULL_NAME) --file build/$(OTRZ_AGENT_IMAGE_NAME).Dockerfile src/
+
+build-mapper: ## Builds the mapper image
+	@echo "${PROMPT_COLOR}Building mapper image '$(OTRZ_MAPPER_IMAGE_FULL_NAME)'...${PROMPT_NC}"
+	docker buildx build --platform linux/$(DOCKER_TARGET_ARCH) -t $(OTRZ_MAPPER_IMAGE_FULL_NAME) --file build/$(OTRZ_MAPPER_IMAGE_NAME).Dockerfile src/
+
+# Lima-specific targets - used for local development on macOS
+
+lima-install: ## Installs lima if not already installed
+	@echo "${PROMPT_COLOR}Installing Lima...${PROMPT_NC}"
+	brew list lima || brew install lima
+
+lima-k8s: ## Starts Lima with k8s template
+	@echo "${PROMPT_COLOR}Starting Lima with the template '$(LIMA_K8S_TEMPLATE)'...${PROMPT_NC}"
+	limactl start $(LIMA_K8S_TEMPLATE) --arch $(LIMA_TARGET_ARCH) --name $(LIMA_CLUSTER_NAME)
+
+lima-kubeconfig: ## Copies kubeconfig from lima to host
+	@echo "${PROMPT_COLOR}Copying kubeconfig from Lima to host...${PROMPT_NC}"
+	cp $(shell limactl list $(LIMA_CLUSTER_NAME) --format '{{.Dir}}/copied-from-guest/kubeconfig.yaml') $(LIMA_KUBECONFIG_PATH)
+	@echo "${PROMPT_COLOR}Run 'export KUBECONFIG=$(LIMA_KUBECONFIG_PATH)' to use the kubeconfig.${PROMPT_NC}"
+
+lima-copy-images: ## Copies the images to lima
+	@echo "${PROMPT_COLOR}Copying images to Lima...${PROMPT_NC}"
+	mkdir -p $(LIMA_TEMP_DIR)images
+
+	docker save -o $(LIMA_TEMP_DIR)images/$(OTRZ_AGENT_IMAGE_NAME).tar $(OTRZ_AGENT_IMAGE_FULL_NAME)
+	docker save -o $(LIMA_TEMP_DIR)images/$(OTRZ_MAPPER_IMAGE_NAME).tar $(OTRZ_MAPPER_IMAGE_FULL_NAME)
+
+	limactl copy $(LIMA_TEMP_DIR)images/$(OTRZ_AGENT_IMAGE_NAME).tar $(LIMA_CLUSTER_NAME):/tmp/$(OTRZ_AGENT_IMAGE_NAME).tar
+	limactl copy $(LIMA_TEMP_DIR)images/$(OTRZ_MAPPER_IMAGE_NAME).tar $(LIMA_CLUSTER_NAME):/tmp/$(OTRZ_MAPPER_IMAGE_NAME).tar
+
+	LIMA_INSTANCE=$(LIMA_CLUSTER_NAME) lima sudo ctr -n=k8s.io images import /tmp/$(OTRZ_AGENT_IMAGE_NAME).tar
+	LIMA_INSTANCE=$(LIMA_CLUSTER_NAME) lima sudo ctr -n=k8s.io images import /tmp/$(OTRZ_MAPPER_IMAGE_NAME).tar
+
+lima-restart-otterize: ## Restarts Otterize pods running in the lima kubernetes cluster
+	@echo "${PROMPT_COLOR}Restarting Otterize pods...${PROMPT_NC}"
+	LIMA_INSTANCE=$(LIMA_CLUSTER_NAME) lima kubectl delete pods --all -n $(OTRZ_NAMESPACE)
+
+lima-update-images: build-mapper build-agent lima-copy-images lima-restart-otterize ## Builds and updates the mapper image in the lima kubernetes cluster and restarts the pods
+
+lima-install-otterize: ## Installs Otterize in the lima kubernetes cluster with the provided client ID and client secret
+	@if [ -z "$(CLIENT_ID)" ]; then \
+	  read -p "Client ID: " client_id; \
+	else \
+	  client_id=$(CLIENT_ID); \
+	fi; \
+	if [ -z "$(CLIENT_SECRET)" ]; then \
+	  read -p "Client Secret: " client_secret; \
+	else \
+	  client_secret=$(CLIENT_SECRET); \
+	fi; \
+    helm --kubeconfig=$(LIMA_KUBECONFIG_PATH) dep up ../helm-charts/otterize-kubernetes; \
+    helm --kubeconfig=$(LIMA_KUBECONFIG_PATH) upgrade --install \
+    	otterize $(HELM_CHARTS_PATH) -n $(OTRZ_NAMESPACE) --create-namespace \
+		--set global.otterizeCloud.apiAddress=$(OTRZ_CLUSTER) \
+		--set global.otterizeCloud.credentials.clientId=$$client_id \
+		--set global.otterizeCloud.credentials.clientSecret=$$client_secret \
+		--set intentsOperator.operator.mode=defaultShadow \
+		--set networkMapper.agent.enable=true \
+		--set networkMapper.agent.image=$(OTRZ_AGENT_IMAGE_NAME) \
+		--set networkMapper.agent.pullPolicy=Never \
+		--set networkMapper.agent.tag=$(OTRZ_IMAGE_TAG) \
+		--set networkMapper.debug=true \
+		--set networkMapper.experimental.ebpf=true \
+		--set networkMapper.mapper.image=$(OTRZ_MAPPER_IMAGE_NAME) \
+		--set networkMapper.mapper.pullPolicy=Never \
+		--set networkMapper.mapper.tag=$(OTRZ_IMAGE_TAG) \
+		--wait
+
+
+setup-lima: lima-install lima-k8s lima-kubeconfig lima-update-images lima-install-otterize ## Setup Lima with kubernetes template
+	@echo "${PROMPT_COLOR}Setup completed.${PROMPT_NC}"
+	LIMA_INSTANCE=$(LIMA_CLUSTER_NAME) lima kubectl get pods -n otterize-system
+
+clean-lima: ## Cleans up lima environment
+	@echo "${PROMPT_COLOR}Cleaning up '$(LIMA_K8S_TEMPLATE)'...${PROMPT_NC}"
+	limactl stop -f $(LIMA_CLUSTER_NAME)
+	limactl delete $(LIMA_CLUSTER_NAME)
+
+push-to-aws: build-mapper build-agent
+	aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 353146681200.dkr.ecr.us-east-1.amazonaws.com
+
+	docker tag otterize/mapper:0.0.0 353146681200.dkr.ecr.us-east-1.amazonaws.com/network-mapper:0.0.0
+	docker push 353146681200.dkr.ecr.us-east-1.amazonaws.com/network-mapper:0.0.0
+
+	docker tag otterize/agent:0.0.0 353146681200.dkr.ecr.us-east-1.amazonaws.com/node-agent:0.0.0
+	docker push 353146681200.dkr.ecr.us-east-1.amazonaws.com/node-agent:0.0.0

build/agent.Dockerfile

@@ -0,0 +1,58 @@
+FROM golang:1.22.1 AS ebpf-buildenv
+
+RUN apt-get update
+RUN apt-get install -y clang llvm libelf-dev libbpf-dev linux-headers-generic bpftool
+RUN ln -sf /usr/include/$(uname -m)-linux-gnu/asm /usr/include/asm
+
+WORKDIR /src
+
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
+go mod download
+EOR
+
+COPY . /src/
+
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
+go generate -tags ebpf ./ebpf/...
+EOR
+
+FROM --platform=$BUILDPLATFORM golang:1.22.1-alpine AS buildenv
+RUN apk add --no-cache ca-certificates git protoc
+RUN apk add build-base libpcap-dev
+WORKDIR /src
+
+# restore dependencies
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+
+FROM --platform=$BUILDPLATFORM buildenv AS test
+# install dependencies for "envtest" package
+#
+#RUN go test ./node-agent/...
+
+FROM --platform=$BUILDPLATFORM test AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+COPY --from=ebpf-buildenv /src/ebpf /src/ebpf
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
+CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -trimpath -o /otterize-node-agent ./node-agent/cmd/agent
+EOR
+
+
+# add version file
+ARG VERSION
+RUN echo -n $VERSION > /version
+
+FROM ubuntu:24.04
+COPY --from=builder /otterize-node-agent /otterize/bin/otterize-node-agent
+COPY --from=builder /version .
+
+EXPOSE 9090
+ENTRYPOINT ["/otterize/bin/otterize-node-agent"]

build/bpfman.Dockerfile

@@ -0,0 +1,20 @@
+FROM --platform=$TARGETPLATFORM golang:1.22.1 AS ebpf-buildenv
+
+WORKDIR /src
+COPY go.mod go.sum ./
+
+RUN apt-get update
+RUN apt-get install -y clang llvm libelf-dev libbpf-dev linux-headers-generic
+RUN ln -sf /usr/include/$(uname -m)-linux-gnu/asm /usr/include/asm
+RUN go mod download
+
+COPY ebpf/ ./ebpf/
+
+# Generate ebpf code
+ARG TARGETARCH
+RUN GOARCH=$TARGETARCH go generate -tags ebpf ./ebpf/...
+
+FROM quay.io/bpfman/bpfman AS bpfman
+COPY --from=ebpf-buildenv /src/ebpf/ /otterize/ebpf/
+
+ENTRYPOINT ["./bpfman-rpc", "--timeout=0"]

build/mapper.Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22.1-alpine as buildenv
+FROM --platform=$BUILDPLATFORM golang:1.22.1-alpine AS buildenv
 RUN apk add --no-cache ca-certificates git protoc
 RUN apk add build-base libpcap-dev
 WORKDIR /src
@@ -9,18 +9,25 @@ RUN go mod download
 
 COPY . .
 
-FROM buildenv as test
+FROM buildenv AS test
 # install dependencies for "envtest" package
-RUN go install sigs.k8s.io/controller-runtime/tools/[email protected] && \
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
+go install sigs.k8s.io/controller-runtime/tools/[email protected] && \
     source <(setup-envtest use -p env) && \
     mkdir -p /usr/local/kubebuilder && \
     ln -s "$KUBEBUILDER_ASSETS" /usr/local/kubebuilder/bin
-RUN go test ./mapper/...
+go test ./mapper/...
+EOR
 
-FROM test as builder
+FROM test AS builder
 ARG TARGETOS
 ARG TARGETARCH
-RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -trimpath -o /main ./mapper/cmd
+
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
+CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -trimpath -o /main ./mapper/cmd
+EOR
 
 # add version file
 ARG VERSION