Example EBPF Proxy Implementation

** Dependencies -> Docker OR Podman -> go >= 1.17 -> LLVM (sudo dnf install llvm) -> GLIBC (sudo dnf install glibc-devel.i686) -> Disable Firewalld (sudo systemctl disable firewalld)

This ebpf program was adapted from Cilium's implementation of kube-proxy, but pulled out and configured to run separated from Cilium's control plane.

** ALL CREDIT FOR THE EBPF PROGRAM WRITTEN IN C SHOULD GO TO CILIUM DEVELOPERS **

Compile + run program

This will automatically use cillium/ebpf to compile the C ebpf program into bytecode using clang, build go bindings, and attach the program to the connect4 syscall in the default cgroup all via a simple go program.

Simply run

make run

to spin up a backend pod, and start the program with the VIP 169.1.1.1 which will be proxied to the backend pod by our ebpf program

To see the logs from the ebpf program run

sudo cat /sys/kernel/debug/tracing/trace_pipe

Licensing

The user space components of this example are licensed under the MIT License.

The bpf code template (defined in cgroup_connect3.c) was adapted from the bpf templates defined in the Cilium Project and continues to use the same license defined there, i.e the 2-Clause BSD License. This is confirmed by the following commit.