Update cmd and README

README.md

@@ -0,0 +1,85 @@
+# multi-networkpolicy-tc
+[multi-networkpolicy](https://github.com/k8snetworkplumbingwg/multi-networkpolicy) implementation
+using [Linux Traffic Control (TC)](https://tldp.org/HOWTO/Traffic-Control-HOWTO/intro.html)
+
+## Description
+
+Kubernetes provides [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+for network security.
+MultiNetworkPolicy defines an API similar to Kubernetes built-in NetworkPolicy API for secondary kubernetes networks
+defined via [NetworkAttachmentDefinition CRD](https://github.com/k8snetworkplumbingwg/multi-net-spec).
+multi-networkpolicy-tc implements MultiNetworkPolicy API using Linux TC, providing network
+security for net-attach-def networks.
+
+## Supported CNIs
+
+multi-networkpolicy-tc is intended to be used with networks provided via [accelerated bridge cni](https://github.com/k8snetworkplumbingwg/accelerated-bridge-cni).
+it is currently not compatible with other CNIs however support may be extended for additional CNIs.
+
+multi-networkpolicy-tc relies on the fact that a Pod has an SRIOV VF allocated for the network with a corresponding VF representor netdev
+which follows the kernel [switchdev model](https://www.kernel.org/doc/html/latest/networking/switchdev.html).
+
+given a MultiNetworkPolicy it generates and programs TC rules to enforce the policy.
+for more information refer to `docs/tc-rule-pipeline.md`.
+
+## Prerequisites
+
+- Linux kernel 5.17.9 or newer
+- NIC supporting switchdev and TC hardware offload such as:
+  - Nvidia Mellanox ConnectX-6Dx
+
+## Quickstart
+
+### Build
+
+This project uses go modules for dependency management and requires Go 1.18 to build.
+
+to build binary run:
+```shell
+$ make build
+```
+Binary executable is located under `build` folder
+
+### Install
+
+Install MultiNetworkPolicy CRD into Kubernetes.
+
+```
+$ git clone https://github.com/Mellanox/multi-networkpolicy-tc
+$ cd multi-networkpolicy-tc
+$ kubectl create -f deploy/multi-net-crd.yaml
+customresourcedefinition.apiextensions.k8s.io/multi-networkpolicies.k8s.cni.cncf.io created
+```
+
+Deploy multi-networkpolicy-tc into Kubernetes.
+
+```
+$ git clone https://github.com/Mellanox/multi-networkpolicy-tc
+$ cd multi-networkpolicy-tc
+$ kubectl create -f deploy/deploy.yml
+clusterrole.rbac.authorization.k8s.io/multi-networkpolicy created
+clusterrolebinding.rbac.authorization.k8s.io/multi-networkpolicy created
+serviceaccount/multi-networkpolicy created
+daemonset.apps/multi-networkpolicy-ds-amd64 created
+```
+
+## multi-network-policy-tc DaemonSet
+
+multi-network-policy-tc runs as a daemonset on each node.
+`multi-networkpolicy-tc` watches MultiNetworkPolicy object and creates TC rules on VF representor to filters packets
+ to/from interface, based on MultiNetworkPolicy.
+
+## Limitations
+
+As this project is under active development, there are several limitations which are planned to be addressed
+in the near future.
+
+- MultiNetworkPolicy Ingress rules are not supported. Ingress policy will not be enforced
+- VLAN tagged traffic is not supported network policy will not be enforced
+- QinQ traffic is not supported network policy will not be enforced
+- IPV6 traffic is not supported network policy will not be enforced
+
+## Contributing
+
+To report a bug or request a feature, open an issue in this repository.
+to contribute to the project please refer to `CONTRIBUTING.md` doc

cmd/multi-networkpolicy-tc/main.go

@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog/v2"
 
+	"github.com/Mellanox/multi-networkpolicy-tc/pkg/server"
 	"github.com/Mellanox/multi-networkpolicy-tc/pkg/utils"
 )
 
@@ -38,16 +39,20 @@ func main() {
 	ctx := utils.SetupSignalHandler()
 	initLogs(ctx)
 	defer klog.Flush()
+	opts := server.NewOptions()
+	srv, err := server.NewServer(opts)
+	if err != nil {
+		klog.Exit(err)
+	}
 
 	cmd := &cobra.Command{
 		Use:  "multi-networkpolicy-tc",
 		Long: `TBD`,
 		Run: func(cmd *cobra.Command, args []string) {
-			klog.Infof("running multi-networkpolicy-tc")
-			klog.Infof("waiting for stop signal")
-			<- ctx.Done()
+			srv.Run(ctx)
 		},
 	}
+	opts.AddFlags(cmd.Flags())
 
 	if err := cmd.Execute(); err != nil {
 		os.Exit(1)