Skip to content

Documentation update, health rules polishing #2389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jotak merged 4 commits into from
Feb 2, 2026
Merged

Documentation update, health rules polishing #2389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
219adf4
Documentation update, health rules polishing
jotak Jan 29, 2026
7dc9c6f
Regenerate asciidoc
jotak Jan 29, 2026
16bf7e8
fix test
jotak Jan 29, 2026
ec31385
Update CSV desc with loki demo mode
jotak Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions api/flowcollector/v1beta2/flowcollector_alert_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ const (
HealthRuleExternalEgressHighTrend HealthRuleTemplate = "ExternalEgressHighTrend"
HealthRuleExternalIngressHighTrend HealthRuleTemplate = "ExternalIngressHighTrend"
HealthRuleIngress5xxErrors HealthRuleTemplate = "Ingress5xxErrors"
HealthRuleIngressLatencyTrend HealthRuleTemplate = "IngressLatencyTrend"
HealthRuleIngressHTTPLatencyTrend HealthRuleTemplate = "IngressHTTPLatencyTrend"

GroupByNode HealthRuleGroupBy = "Node"
GroupByNamespace HealthRuleGroupBy = "Namespace"
Expand All @@ -47,10 +47,10 @@ const (
type FLPHealthRule struct {
// Health rule template name.
// Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressLatencyTrend`.
// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
// Note: `NetObservNoFlows` and `NetObservLokiError` are alert-only and cannot be used as health rules.
// More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
// +kubebuilder:validation:Enum:="PacketDropsByKernel";"PacketDropsByDevice";"IPsecErrors";"NetpolDenied";"LatencyHighTrend";"DNSErrors";"DNSNxDomain";"ExternalEgressHighTrend";"ExternalIngressHighTrend";"Ingress5xxErrors";"IngressLatencyTrend"
// More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
// +kubebuilder:validation:Enum:="PacketDropsByKernel";"PacketDropsByDevice";"IPsecErrors";"NetpolDenied";"LatencyHighTrend";"DNSErrors";"DNSNxDomain";"ExternalEgressHighTrend";"ExternalIngressHighTrend";"Ingress5xxErrors";"IngressHTTPLatencyTrend"
// +required
Template HealthRuleTemplate `json:"template,omitempty"`

Expand Down Expand Up @@ -211,7 +211,7 @@ func (g *FLPHealthRule) IsAllowed(spec *FlowCollectorSpec) (bool, string) {
if !spec.Agent.EBPF.IsNetworkEventsEnabled() {
return false, fmt.Sprintf("HealthRule %s requires the %s agent feature to be enabled", g.Template, NetworkEvents)
}
case AlertNoFlows, AlertLokiError, HealthRulePacketDropsByDevice, HealthRuleExternalEgressHighTrend, HealthRuleExternalIngressHighTrend, HealthRuleIngress5xxErrors, HealthRuleIngressLatencyTrend:
case AlertNoFlows, AlertLokiError, HealthRulePacketDropsByDevice, HealthRuleExternalEgressHighTrend, HealthRuleExternalIngressHighTrend, HealthRuleIngress5xxErrors, HealthRuleIngressHTTPLatencyTrend:
return true, ""
}
return true, ""
Expand Down
2 changes: 1 addition & 1 deletion api/flowcollector/v1beta2/flowcollector_defaults.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ var (
},
},
{
Template: HealthRuleIngressLatencyTrend,
Template: HealthRuleIngressHTTPLatencyTrend,
Variants: []HealthRuleVariant{
{
Thresholds: HealthRuleThresholds{
Expand Down
7 changes: 4 additions & 3 deletions api/flowcollector/v1beta2/flowcollector_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -588,14 +588,14 @@ type FLPMetrics struct {

// `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
// Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`.
// More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
// `LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
// More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
// +optional
DisableAlerts []HealthRuleTemplate `json:"disableAlerts"`

// `healthRules` is a list of health rules to be created for Prometheus, organized by templates and variants.
// Each health rule can be configured to generate either alerts or recording rules based on the mode field.
// More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
// More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
// +optional
HealthRules *[]FLPHealthRule `json:"healthRules"`
}
Expand Down Expand Up @@ -901,6 +901,7 @@ type LokiMicroservicesParams struct {
type LokiMonolithParams struct {
// Set `installDemoLoki` to `true` to automatically create Loki deployment, service and storage.
// This is useful for development and demo purposes. Do not use it in production.
// [Unsupported (*)].
//+kubebuilder:default:=false
InstallDemoLoki *bool `json:"installDemoLoki,omitempty"`

Expand Down
4 changes: 2 additions & 2 deletions api/flowcollector/v1beta2/flowcollector_validation_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,7 +394,7 @@ func (v *validator) isFLPHealthRuleGroupBySupported(template HealthRuleTemplate,
return variant.GroupBy != GroupByWorkload
case HealthRuleIPsecErrors:
return variant.GroupBy != GroupByWorkload && variant.GroupBy != GroupByNamespace
case HealthRuleIngress5xxErrors, HealthRuleIngressLatencyTrend:
case HealthRuleIngress5xxErrors, HealthRuleIngressHTTPLatencyTrend:
return variant.GroupBy != GroupByNode && variant.GroupBy != GroupByWorkload
case HealthRulePacketDropsByKernel, HealthRuleDNSErrors, HealthRuleDNSNxDomain, HealthRuleExternalEgressHighTrend, HealthRuleExternalIngressHighTrend, HealthRuleLatencyHighTrend, HealthRuleNetpolDenied:
return true
Expand Down Expand Up @@ -463,7 +463,7 @@ func GetElligibleMetricsForAlert(template HealthRuleTemplate, alertDef *HealthRu
case HealthRuleNetpolDenied:
metricPatterns = []string{`%s_network_policy_events_total`}
totalMetricPatterns = []string{"%s_flows_total"}
case AlertNoFlows, AlertLokiError, HealthRulePacketDropsByDevice, HealthRuleIngress5xxErrors, HealthRuleIngressLatencyTrend:
case AlertNoFlows, AlertLokiError, HealthRulePacketDropsByDevice, HealthRuleIngress5xxErrors, HealthRuleIngressHTTPLatencyTrend:
// nothing - these rules don't use NetObserv metrics
return nil, nil
}
Expand Down
13 changes: 7 additions & 6 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4156,6 +4156,7 @@ spec:
description: |-
Set `installDemoLoki` to `true` to automatically create Loki deployment, service and storage.
This is useful for development and demo purposes. Do not use it in production.
[Unsupported (*)].
type: boolean
tenantID:
default: netobserv
Expand Down Expand Up @@ -5835,16 +5836,16 @@ spec:
description: |-
`disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`.
More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
items:
type: string
type: array
healthRules:
description: |-
`healthRules` is a list of health rules to be created for Prometheus, organized by templates and variants.
Each health rule can be configured to generate either alerts or recording rules based on the mode field.
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
items:
properties:
mode:
Expand All @@ -5863,9 +5864,9 @@ spec:
description: |-
Health rule template name.
Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressLatencyTrend`.
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
Note: `NetObservNoFlows` and `NetObservLokiError` are alert-only and cannot be used as health rules.
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
enum:
- PacketDropsByKernel
- PacketDropsByDevice
Expand All @@ -5877,7 +5878,7 @@ spec:
- ExternalEgressHighTrend
- ExternalIngressHighTrend
- Ingress5xxErrors
- IngressLatencyTrend
- IngressHTTPLatencyTrend
type: string
variants:
description: A list of variants for this template
Expand Down
22 changes: 12 additions & 10 deletions bundle/manifests/netobserv-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -525,10 +525,10 @@ spec:
name: flowmetrics.flows.netobserv.io
version: v1alpha1
description: |-
NetObserv Operator is an OpenShift / Kubernetes operator for network observability. It deploys a monitoring pipeline that consists in:
NetObserv Operator is an OpenShift / Kubernetes operator for network observability. It deploys a monitoring pipeline consisting in:
- an eBPF agent, that generates network flows from captured packets
- flowlogs-pipeline, a component that collects, enriches and exports these flows
- when used in OpenShift, a Console plugin for flows visualization with powerful filtering options, a topology representation and more
- a web console for flows visualization with powerful filtering options, a topology representation and more

Flow data is then available in multiple ways, each optional:

Expand All @@ -548,16 +548,20 @@ spec:

- Installing using [Grafana's official documentation](https://grafana.com/docs/loki/latest/). Here also we wrote a ["distributed Loki" step by step guide](https://github.com/netobserv/documents/blob/main/loki_distributed.md).

For a quick try that is not suitable for production and not scalable (it deploys a single pod, configures a 10GB storage PVC, with 24 hours of retention), you can simply run the following commands:
For a quick try that is not suitable for production and not scalable, the demo mode can be configured in `FlowCollector` with:

```
kubectl create namespace netobserv
kubectl apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents/5410e65b8e05aaabd1244a9524cfedd8ac8c56b5/examples/zero-click-loki/1-storage.yaml) -n netobserv
kubectl apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents/5410e65b8e05aaabd1244a9524cfedd8ac8c56b5/examples/zero-click-loki/2-loki.yaml) -n netobserv
```yaml
spec:
loki:
mode: Monolithic
monolithic:
installDemoLoki: true
```

It deploys a single pod, configures a 10GB storage PVC, with 24 hours of retention.

If you prefer to not use Loki, you must set `spec.loki.enable` to `false` in `FlowCollector`.
In that case, you can still get the Prometheus metrics or export raw flows to a custom collector. But be aware that some of the Console plugin features will be disabled. For instance, you will not be able to view raw flows there, and the metrics / topology will have a more limited level of details, missing information such as pods or IPs.
In that case, you still get the Prometheus metrics or export raw flows to a custom collector. But be aware that some of the Console plugin features will be disabled. For instance, you will not be able to view raw flows there, and the metrics / topology will have a more limited level of details, missing information such as pods or IPs.

### Kafka

Expand Down Expand Up @@ -585,8 +589,6 @@ spec:

- Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you might have to configure differently if you used another installation method. Make sure to disable it (`spec.loki.enable`) if you don't want to use Loki.

- Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.10.1-community/docs/QuickFilters.md).

- Kafka (`spec.deploymentModel: Kafka` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created.

- Exporters (`spec.exporters`) an optional list of exporters to which to send enriched flows. KAFKA and IPFIX exporters are supported. This allows you to define any custom storage or processing that can read from Kafka or use the IPFIX standard.
Expand Down
13 changes: 7 additions & 6 deletions config/crd/bases/flows.netobserv.io_flowcollectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3824,6 +3824,7 @@ spec:
description: |-
Set `installDemoLoki` to `true` to automatically create Loki deployment, service and storage.
This is useful for development and demo purposes. Do not use it in production.
[Unsupported (*)].
type: boolean
tenantID:
default: netobserv
Expand Down Expand Up @@ -5397,16 +5398,16 @@ spec:
description: |-
`disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`.
More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
items:
type: string
type: array
healthRules:
description: |-
`healthRules` is a list of health rules to be created for Prometheus, organized by templates and variants.
Each health rule can be configured to generate either alerts or recording rules based on the mode field.
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
items:
properties:
mode:
Expand All @@ -5425,9 +5426,9 @@ spec:
description: |-
Health rule template name.
Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressLatencyTrend`.
`LatencyHighTrend`, `DNSErrors`, `DNSNxDomain`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `Ingress5xxErrors`, `IngressHTTPLatencyTrend`.
Note: `NetObservNoFlows` and `NetObservLokiError` are alert-only and cannot be used as health rules.
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
More information on health rules: https://github.com/netobserv/network-observability-operator/blob/main/docs/HealthRules.md
enum:
- PacketDropsByKernel
- PacketDropsByDevice
Expand All @@ -5439,7 +5440,7 @@ spec:
- ExternalEgressHighTrend
- ExternalIngressHighTrend
- Ingress5xxErrors
- IngressLatencyTrend
- IngressHTTPLatencyTrend
type: string
variants:
description: A list of variants for this template
Expand Down
Loading