F40 Change proposal: Bpfman as default eBPF manager (Self-Contained)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wiki -> https://fedoraproject.org/wiki/Changes/DefaultBpfman

This is a *proposed* Change for Fedora Linux.
This document represents a proposed Change. As part of the [Changes
process](https://docs.fedoraproject.org/en-US/program_management/changes_policy/),
proposals are publicly announced in order to receive community
feedback. This proposal will only be implemented if approved by the
Fedora Engineering Steering Committee.


== Summary ==

bpfman: An eBPF Manager
bpfman operates as an eBPF manager, focusing on simplifying the
deployment and administration of eBPF programs. Its notable features
encompass:

* System Overview: Provides insights into how eBPF is utilized in your system.
* eBPF Program Loader: Includes a built-in program loader that
supports program cooperation for XDP and TC programs, as well as
deployment of eBPF programs from OCI images.
* eBPF Filesystem Management: Manages the eBPF filesystem,
facilitating the deployment of eBPF applications without requiring
additional privileges.

We do aim to have this included in Fedora so it becomes the de-facto
and easy way to load eBPF programs.

== Owner ==
* Name: [[User:dmellado| Daniel Mellado]]
* Email: dmellado@xxxxxxxxxxxxxxxxx
* Name: [[davetucker| Dave Tucker]]
* Email: datucker@xxxxxxxxxx
* Name: [[tohojo| Toke Høiland-Jørgensen]]
* Email: thoiland@xxxxxxxxxx



== Detailed Description ==

bpfman operates as an eBPF manager, focusing on simplifying the
deployment and administration of eBPF programs. bpfman is a software
stack that aims to make it easy to load, unload, modify and monitor
eBPF programs whether on a single host, or in a Kubernetes cluster.
bpfman includes the following core components:

* bpfman: A system daemon that supports loading, unloading, modifying
and monitoring of eBPF programs exposed over a gRPC API.
* eBPF CRDS: bpfman provides a set of CRDs (XdpProgram, TcProgram,
etc.) that provide a way to express intent to load eBPF programs as
well as a bpfman generated CRD (BpfProgram) used to represent the
runtime state of loaded programs.
* bpfman-agent: The agent runs in a container in the bpfman daemonset
and ensures that the requested eBPF programs for a given node are in
the desired state.
* bpfman-operator: An operator, built using Operator SDK, that manages
the installation and lifecycle of bpfman-agent and the CRDs in a
Kubernetes cluster.

bpfman is developed in Rust and built on top of Aya, a Rust eBPF library.

== Feedback =
N/A


== Benefit to Fedora ==
bpfman is a software stack simplifying the management of eBPF programs
in Kubernetes clusters or on individual hosts. It comprises a system
daemon (bpfman), eBPF Custom Resource Definitions (CRDs), an agent
(bpfman-agent), and an operator (bpfman-operator). Developed in Rust
on the Aya library, bpfman offers improved security, visibility,
multi-program support, and enhanced productivity for developers.

For Fedora, integrating bpfman would streamline eBPF program loading.
It enhances security by restricting privileges to the controlled
bpfman daemon, simplifies deployment in Kubernetes clusters, and
offers improved visibility into running eBPF programs. This
integration aligns with Fedora's commitment to providing efficient and
secure solutions, making it easier for users to leverage the benefits
of eBPF in their systems.



== Scope ==
* Proposal owners:Submit / review pull-requests and packages to Fedora

* Other developers:
https://copr.fedorainfracloud.org/coprs/g/ebpf-sig/bpfman-next/
migrate these packages from copr to Fedora alongside proposal owners

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)

* Alignment with Community Initiatives: N/A


== Upgrade/compatibility impact ==
N/A

== How To Test ==
N/A

== User Experience ==

Users would be able to easily load eBPF programs within Fedora in a
way more simpler way than currently using bpfman.

== Dependencies ==


== Contingency Plan ==

* Contingency mechanism: (What to do?  Who will do it?) N/A (not a
System Wide Change)

* Contingency deadline: N/A (not a System Wide Change)

* Blocks release? N/A (not a System Wide Change), No


== Documentation ==

* https://bpfman.io/main/


== Release Notes ==

-- 
Aoife Moloney

Fedora Operations Architect

Fedora Project

Matrix: @amoloney:fedora.im

IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux