NETOBSERV-2545: Add quick filters for external traffic

api/flowcollector/v1beta2/flowcollector_types.go

@@ -677,12 +677,12 @@ type FlowCollectorFLP struct {
 	MultiClusterDeployment *bool `json:"multiClusterDeployment,omitempty"`
 
 	//+optional
-	// `addZone` allows availability zone awareness by labelling flows with their source and destination zones.
+	// `addZone` allows availability zone awareness by labeling flows with their source and destination zones.
 	// This feature requires the "topology.kubernetes.io/zone" label to be set on nodes.
 	AddZone *bool `json:"addZone,omitempty"`
 
 	//+optional
-	// `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic.
+	// `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic.
 	// When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`.
 	SubnetLabels SubnetLabels `json:"subnetLabels,omitempty"`
 
@@ -1037,8 +1037,8 @@ type PrometheusQuerier struct {
 	Enable *bool `json:"enable,omitempty"`
 
 	// `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:<br>
-	// - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring<br>
-	// - Use `Manual` for a manual setup<br>
+	// - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.<br>
+	// - Use `Manual` for a manual setup.<br>
 	//+unionDiscriminator
 	//+kubebuilder:validation:Enum=Manual;Auto
 	//+kubebuilder:default:="Auto"
@@ -1055,10 +1055,8 @@ type PrometheusQuerier struct {
 	Timeout *metav1.Duration `json:"timeout,omitempty"` // Warning: keep as pointer, else default is ignored
 }
 
-// FlowCollectorConsolePlugin defines the desired ConsolePlugin state of FlowCollector
+// FlowCollectorConsolePlugin defines the desired ConsolePlugin state of FlowCollector.
 type FlowCollectorConsolePlugin struct {
-	// Important: Run "make generate" to regenerate code after modifying this file
-
 	//+kubebuilder:default:=true
 	// Enables the console plugin deployment.
 	Enable *bool `json:"enable,omitempty"`
@@ -1074,18 +1072,18 @@ type FlowCollectorConsolePlugin struct {
 
 	//+kubebuilder:validation:Enum=IfNotPresent;Always;Never
 	//+kubebuilder:default:=IfNotPresent
-	// `imagePullPolicy` is the Kubernetes pull policy for the image defined above
+	// `imagePullPolicy` is the Kubernetes pull policy for the image defined above.
 	ImagePullPolicy string `json:"imagePullPolicy,omitempty"`
 
 	//+kubebuilder:default:={requests:{memory:"50Mi",cpu:"100m"},limits:{memory:"100Mi"}}
 	// `resources`, in terms of compute resources, required by this container.
-	// For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+	// For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
 	// +optional
 	Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"`
 
 	//+kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic
 	//+kubebuilder:default:=info
-	// `logLevel` for the console plugin backend
+	// `logLevel` for the console plugin backend.
 	LogLevel string `json:"logLevel,omitempty"`
 
 	// `autoscaler` [deprecated (*)] spec of a horizontal pod autoscaler to set up for the plugin Deployment.
@@ -1094,12 +1092,13 @@ type FlowCollectorConsolePlugin struct {
 	Autoscaler FlowCollectorHPA `json:"autoscaler,omitempty"`
 
 	//+kubebuilder:default:={enable:true}
-	// `portNaming` defines the configuration of the port-to-service name translation
+	// `portNaming` defines the configuration of the port-to-service name translation.
 	PortNaming ConsolePluginPortConfig `json:"portNaming,omitempty"`
 
-	//+kubebuilder:default:={{name:"Applications",filter:{"flow_layer":"\"app\""},default:true},{name:"Infrastructure",filter:{"flow_layer":"\"infra\""}},{name:"Pods network",filter:{"src_kind":"\"Pod\"","dst_kind":"\"Pod\""},default:true},{name:"Services network",filter:{"dst_kind":"\"Service\""}}}
+	//+kubebuilder:default:={{name:"Applications",filter:{"flow_layer":"\"app\""},default:true},{name:"Infrastructure",filter:{"flow_layer":"\"infra\""}},{name:"Pods network",filter:{"src_kind":"\"Pod\"","dst_kind":"\"Pod\""},default:true},{name:"Services network",filter:{"dst_kind":"\"Service\""}},{name:"External ingress",filter:{"src_subnet_label":"\"\",EXT:"}},{name:"External egress",filter:{"dst_subnet_label":"\"\",EXT:"}}}
 	// +optional
-	// `quickFilters` configures quick filter presets for the Console plugin
+	// `quickFilters` configures quick filter presets for the Console plugin.
+	// Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`).
 	QuickFilters []QuickFilter `json:"quickFilters"`
 
 	// `advanced` allows setting some aspects of the internal configuration of the console plugin.
@@ -1447,16 +1446,18 @@ type AdvancedPluginConfig struct {
 	Scheduling *SchedulingConfig `json:"scheduling,omitempty"`
 }
 
-// `SubnetLabels` allows you to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.
+// `SubnetLabels` allows you to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift.
 type SubnetLabels struct {
 	// `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the
 	// OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect
 	// external traffic: flows that are not labeled for those subnets are external to the cluster. Enabled by default on OpenShift.
 	//+optional
 	OpenShiftAutoDetect *bool `json:"openShiftAutoDetect,omitempty"`
 
-	// `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.
-	// If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap.
+	// `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services.
+	// External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.<br/>
+	// If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.<br/>
+	// If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.<br/>
 	//+optional
 	CustomLabels []SubnetLabel `json:"customLabels,omitempty"`
 }

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -3057,15 +3057,15 @@ spec:
                   imagePullPolicy:
                     default: IfNotPresent
                     description: '`imagePullPolicy` is the Kubernetes pull policy
-                      for the image defined above'
+                      for the image defined above.'
                     enum:
                     - IfNotPresent
                     - Always
                     - Never
                     type: string
                   logLevel:
                     default: info
-                    description: '`logLevel` for the console plugin backend'
+                    description: '`logLevel` for the console plugin backend.'
                     enum:
                     - trace
                     - debug
@@ -3079,7 +3079,7 @@ spec:
                     default:
                       enable: true
                     description: '`portNaming` defines the configuration of the port-to-service
-                      name translation'
+                      name translation.'
                     properties:
                       enable:
                         default: true
@@ -3111,8 +3111,15 @@ spec:
                     - filter:
                         dst_kind: '"Service"'
                       name: Services network
-                    description: '`quickFilters` configures quick filter presets for
-                      the Console plugin'
+                    - filter:
+                        src_subnet_label: '"",EXT:'
+                      name: External ingress
+                    - filter:
+                        dst_subnet_label: '"",EXT:'
+                      name: External egress
+                    description: |-
+                      `quickFilters` configures quick filter presets for the Console plugin.
+                      Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`).
                     items:
                       description: '`QuickFilter` defines preset configuration for
                         Console''s quick filters'
@@ -3153,7 +3160,7 @@ spec:
                         memory: 50Mi
                     description: |-
                       `resources`, in terms of compute resources, required by this container.
-                      For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                      For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
                     properties:
                       claims:
                         description: |-
@@ -4278,7 +4285,7 @@ spec:
                 properties:
                   addZone:
                     description: |-
-                      `addZone` allows availability zone awareness by labelling flows with their source and destination zones.
+                      `addZone` allows availability zone awareness by labeling flows with their source and destination zones.
                       This feature requires the "topology.kubernetes.io/zone" label to be set on nodes.
                     type: boolean
                   advanced:
@@ -6140,13 +6147,15 @@ spec:
                     type: object
                   subnetLabels:
                     description: |-
-                      `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic.
+                      `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic.
                       When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`.
                     properties:
                       customLabels:
                         description: |-
-                          `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.
-                          If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap.
+                          `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services.
+                          External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.<br/>
+                          If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.<br/>
+                          If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.<br/>
                         items:
                           description: SubnetLabel allows to label subnets and IPs,
                             such as to identify cluster-external workloads or web
@@ -6295,8 +6304,8 @@ spec:
                         default: Auto
                         description: |-
                           `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:<br>
-                          - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring<br>
-                          - Use `Manual` for a manual setup<br>
+                          - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.<br>
+                          - Use `Manual` for a manual setup.<br>
                         enum:
                         - Manual
                         - Auto

bundle/manifests/netobserv-operator.clusterserviceversion.yaml

@@ -121,6 +121,18 @@ metadata:
                     "dst_kind": "\"Service\""
                   },
                   "name": "Services network"
+                },
+                {
+                  "filter": {
+                    "src_subnet_label": "\"\",EXT:"
+                  },
+                  "name": "External ingress"
+                },
+                {
+                  "filter": {
+                    "dst_subnet_label": "\"\",EXT:"
+                  },
+                  "name": "External egress"
                 }
               ],
               "replicas": 1,
@@ -227,7 +239,7 @@ metadata:
     categories: Monitoring, Networking, Observability
     console.openshift.io/plugins: '["netobserv-plugin"]'
     containerImage: quay.io/netobserv/network-observability-operator:1.10.0-community
-    createdAt: "2025-12-15T14:07:54Z"
+    createdAt: "2026-01-08T08:41:48Z"
     description: Network flows collector and monitoring solution
     operatorframework.io/initialization-resource: '{"apiVersion":"flows.netobserv.io/v1beta2",
       "kind":"FlowCollector","metadata":{"name":"cluster"},"spec": {}}'