Skip to content

Instantly share code, notes, and snippets.

@astoycos

astoycos/bpf-in-ovs.md

Created September 19, 2022 18:40
Show Gist options
  • Save astoycos/502907a4020985b4fb92ef341774c92d to your computer and use it in GitHub Desktop.
Save astoycos/502907a4020985b4fb92ef341774c92d to your computer and use it in GitHub Desktop.
Download ZIP
Running a TC example BPF program on an Ovn-K Kind cluster
Raw
bpf-in-ovs.md
  1. Spin up an ovn-k kind cluster
  • git clone https://github.com/ovn-org/ovn-kubernetes
  • ./contrib/kind.sh
  1. Start the Aya Loader pod
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: aya-loader
spec:
  hostNetwork: true
  hostPID: true
  nodeSelector: 
     kubernetes.io/hostname: ovn-worker2
  containers:
  - name: rust
    image: rustlang/rust:nightly
    args:
    - /bin/bash
    securityContext:
      privileged: true
    volumeMounts: 
    - name: net-namespace
      mountPath: /var/run/netns
    stdin: true
    stdinOnce: true
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    tty: true
  volumes: 
  - name: net-namespace
    hostPath: 
      path: /var/run/netns
EOF
  1. Exec into it

kubectl exec -it aya-loader /bin/bash

  1. Install rust gnu toolchain and bpf-linker
  • rustup component add rust-src --toolchain nightly-x86_64-unknown-linux-gnu
  • cargo install bpf-linker
  1. Get program

git clone https://github.com/astoycos/tcbpfd

  1. Build program

cargo xtask build-ebpf && cargo build

  1. Run Program on specified interface

./target/debug/tcbpfd --iface <INTERACE NAME>

NOTE: To run attached to the pod side of a container interface simply use ip netns to list network namespaces and ip netns exec /bin/bash before running the program.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment