bpfman
diff --git a/‎apis/v1alpha1/bpf_application_state_types.go
Lines changed: 7 additions & 2 deletions b/‎apis/v1alpha1/bpf_application_state_types.go
Lines changed: 7 additions & 2 deletions
diff --git a/‎apis/v1alpha1/bpf_application_types.go
Lines changed: 111 additions & 13 deletions b/‎apis/v1alpha1/bpf_application_types.go
Lines changed: 111 additions & 13 deletions
diff --git a/‎apis/v1alpha1/cluster_bpf_application_state_types.go
Lines changed: 7 additions & 2 deletions b/‎apis/v1alpha1/cluster_bpf_application_state_types.go
Lines changed: 7 additions & 2 deletions
@@ -64,7 +64,9 @@ type BpfApplicationProgramState struct {
 	URetProbe *UprobeProgramInfoState `json:"uretprobe,omitempty"`
 }
 
-// BpfApplicationStateStatus reflects the status of the BpfApplication on the given node
+// status reflects the status of the BpfApplication for the given node.
+// appLoadStatus and conditions provide an overall status for the given node
+// while programs provides a per eBPF program status for the given node.
 type BpfApplicationStateStatus struct {
 	// updateCount is the number of times the BpfApplicationState has been updated. Set to 1
 	// when the object is created, then it is incremented prior to each update.
@@ -92,7 +94,10 @@ type BpfApplicationStateStatus struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:scope=Namespaced
 
-// BpfApplicationState contains the per-node state of a BpfApplication.
+// BpfApplicationState contains the state of a BpfApplication instance for a
+// given Kubernetes node. When a user creates a BpfApplication instance, bpfman
+// creates a BpfApplicationState instance for each node in a Kubernetes
+// cluster.
 // +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".status.node"
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason`
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 
@@ -28,52 +28,142 @@ import (
 // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ?  has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise"
 // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ?  has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise"
 type BpfApplicationProgram struct {
-	// name is the name of the function that is the entry point for the BPF
-	// program
+	// name is a required field and is the name of the function that is the entry
+	// point for the eBPF program. name must not be an empty string, must not
+	// exceed 64 characters in length, must start with alpha characters and must
+	// only contain alphanumeric characters.
+	// +required
 	// +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+."
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=64
 	Name string `json:"name"`
 
-	// type specifies the bpf program type
+	// type is a required field used to specify the type of the eBPF program. The
+	// type dictates which eBPF hook point to use. This is where the eBPF program
+	// is executed.
+	//
+	// Allowed values are:
+	//   TC, TCX, UProbe, URetProbe, XDP
+	//
+	// When set to TC, the eBPF program can attach to network devices (interfaces).
+	// The program can be attached on either packet ingress or egress, so the
+	// program will be called on every incoming or outgoing packet seen by the
+	// network device. When using the TC program type, the tc field is required.
+	// See tc for more details on TC programs.
+	//
+	// When set to TCX, the eBPF program can attach to network devices
+	// (interfaces). The program can be attached on either packet ingress or
+	// egress, so the program will be called on every incoming or outgoing packet
+	// seen by the network device. When using the TCX program type, the tcx field
+	// is required. See tcx for more details on TCX programs.
+	//
+	// When set to UProbe, the program can attach in user-space. The UProbe is
+	// attached to a binary, library or function name, and optionally an offset in
+	// the code. When using the UProbe program type, the uprobe field is required.
+	// See uprobe for more details on UProbe programs.
+	//
+	// When set to URetProbe, the program can attach in user-space.
+	// The URetProbe is attached to the return of a binary, library or function
+	// name, and optionally an offset in the code.  When using the URetProbe
+	// program type, the uretprobe field is required. See uretprobe for more
+	// details on URetProbe programs.
+	//
+	// When set to XDP, the eBPF program can attach to network devices (interfaces)
+	// and will be called on every incoming packet received by the network device.
+	// When using the XDP program type, the xdp field is required. See xdp for more
+	// details on XDP programs.
 	// +unionDiscriminator
 	// +required
 	// +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"UProbe";"URetProbe"
 	Type EBPFProgType `json:"type"`
 
-	// xdp defines the desired state of the application's XdpPrograms.
+	// xdp is an optional field, but required when the type field is set to XDP.
+	// xdp defines the desired state of the application's XDP programs. XDP program
+	// can be attached to network devices (interfaces) and will be called on every
+	// incoming packet received by the network device. The XDP hook point is just
+	// after the packet has been received off the wire, but before the Linux kernel
+	// has allocated an sk_buff, which is used to pass the packet through the
+	// kernel networking stack.
 	// +unionMember
 	// +optional
 	XDP *XdpProgramInfo `json:"xdp,omitempty"`
 
-	// tc defines the desired state of the application's TcPrograms.
+	// tc is an optional field, but required when the type field is set to TC. tc
+	// defines the desired state of the application's TC programs. TC programs are
+	// attached to network devices (interfaces). The program can be attached on
+	// either packet ingress or egress, so the program will be called on every
+	// incoming or outgoing packet seen by the network device. The TC hook point is
+	// in Linux's Traffic Control (tc) subsystem, which is after the Linux kernel
+	// has allocated an sk_buff. TCX is newer implementation of TC with enhanced
+	// performance and better support for running multiple programs on a given
+	// network device. This makes TC useful for packet classification actions.
 	// +unionMember
 	// +optional
 	TC *TcProgramInfo `json:"tc,omitempty"`
 
-	// tcx defines the desired state of the application's TcxPrograms.
+	// tcx is an optional field, but required when the type field is set to TCX.
+	// tcx defines the desired state of the application's TCX programs. TCX
+	// programs are attached to network devices (interfaces). The program can be
+	// attached on either packet ingress or egress, so the program will be called
+	// on every incoming or outgoing packet seen by the network device. The TCX
+	// hook point is in Linux's Traffic Control (tc) subsystem, which is after the
+	// Linux kernel has allocated an sk_buff. This makes TCX useful for packet
+	// classification actions. TCX is a newer implementation of TC with enhanced
+	// performance and better support for running multiple programs on a given
+	// network device.
 	// +unionMember
 	// +optional
 	TCX *TcxProgramInfo `json:"tcx,omitempty"`
 
-	// uprobe defines the desired state of the application's UprobePrograms.
+	// uprobe is an optional field, but required when the type field is set to
+	// UProbe. uprobe defines the desired state of the application's UProbe
+	// programs. UProbe programs are user-space probes. A target must be provided,
+	// which is the library name or absolute path to a binary or library where the
+	// probe is attached. Optionally, a function name can also be provided to
+	// provide finer granularity on where the probe is attached. They can be
+	// attached at any point in the binary, library or function using the optional
+	// offset field. However, caution must be taken when using the offset, ensuring
+	// the offset is still in the desired bytecode.
 	// +unionMember
 	// +optional
 	UProbe *UprobeProgramInfo `json:"uprobe,omitempty"`
 
-	// uretprobe defines the desired state of the application's UretprobePrograms.
+	// uretprobe is an optional field, but required when the type field is set to
+	// URetProbe. uretprobe defines the desired state of the application's
+	// URetProbe programs. URetProbe programs are user-space probes. A target must
+	// be provided, which is the library name or absolute path to a binary or
+	// library where the probe is attached. Optionally, a function name can also be
+	// provided to provide finer granularity on where the probe is attached. They
+	// are attached to the return point of the binary, library or function, but can
+	// be set anywhere using the optional offset field. However, caution must be
+	// taken when using the offset, ensuring the offset is still in the desired
+	// bytecode.
 	// +unionMember
 	// +optional
 	URetProbe *UprobeProgramInfo `json:"uretprobe,omitempty"`
 }
 
-// BpfApplicationSpec defines the desired state of BpfApplication
+// spec defines the desired state of the BpfApplication. The BpfApplication
+// describes the set of one or more namespace scoped eBPF programs that should
+// be loaded for a given application and attributes for how they should be
+// loaded. eBPF programs that are grouped together under the same
+// BpfApplication instance can share maps and global data between the eBPF
+// programs loaded on the same Kubernetes Node.
 type BpfApplicationSpec struct {
 	BpfAppCommon `json:",inline"`
 
-	// programs is the list of bpf programs in the BpfApplication that should be
-	// loaded. The application can selectively choose which program(s) to run
-	// from this list based on the optional attach points provided.
+	// programs is a required field and is the list of eBPF programs in a BPF
+	// Application CRD that should be loaded in kernel memory. At least one entry
+	// is required. eBPF programs in this list will be loaded on the system based
+	// the nodeSelector. Even if an eBPF program is loaded in kernel memory, it
+	// cannot be triggered until an attachment point is provided. The different
+	// program types have different ways of attaching. The attachment points can be
+	// added at creation time or modified (added or removed) at a later time to
+	// activate or deactivate the eBPF program as desired.
+	// CAUTION: When programs are added or removed from the list, that requires all
+	// programs in the list to be reloaded, which could be temporarily service
+	// effecting. For this reason, modifying the list is currently not allowed.
+	// +required
 	// +kubebuilder:validation:MinItems:=1
 	Programs []BpfApplicationProgram `json:"programs,omitempty"`
 }
@@ -83,7 +173,15 @@ type BpfApplicationSpec struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:scope=Namespaced
 
-// BpfApplication is the Schema for the bpfapplications API
+// BpfApplication is the schema for the namespace scoped BPF Applications API.
+// Using this API allows applications to load one or more eBPF programs on a
+// Kubernetes cluster using bpfman to load the programs.
+//
+// The bpfApplication.status field reports the overall status of the
+// BpfApplication CRD. A given BpfApplication CRD can result in loading and
+// attaching multiple eBPF programs on multiple nodes, so this status is just a
+// summary. More granular per-node status details can be found in the
+// corresponding BpfApplicationState CRD that bpfman creates for each node.
 // +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector`
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason`
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 
@@ -94,7 +94,9 @@ type ClBpfApplicationProgramState struct {
 	TracePoint *ClTracepointProgramInfoState `json:"tracepoint,omitempty"`
 }
 
-// ClBpfApplicationStateStatus reflects the status of the ClusterBpfApplicationState on the given node
+// status reflects the status of the ClusterBpfApplication for the given node.
+// appLoadStatus and conditions provide an overall status for the given node
+// while programs provides a per eBPF program status for the given node.
 type ClBpfApplicationStateStatus struct {
 	// updateCount is the number of times the BpfApplicationState has been updated. Set to 1
 	// when the object is created, then it is incremented prior to each update.
@@ -123,7 +125,10 @@ type ClBpfApplicationStateStatus struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:scope=Cluster
 
-// ClusterBpfApplicationState contains the per-node state of a BpfApplication.
+// ClusterBpfApplicationState contains the state of a ClusterBpfApplication
+// instance for a given Kubernetes node. When a user creates a
+// ClusterBpfApplication instance, bpfman creates a ClusterBpfApplicationState
+// instance for each node in a Kubernetes cluster.
 // +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".status.node"
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason`
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"