diff --git a/api/flowcollector/v1beta2/flowcollector_types.go b/api/flowcollector/v1beta2/flowcollector_types.go index 8ceef368e..9bddd1a41 100644 --- a/api/flowcollector/v1beta2/flowcollector_types.go +++ b/api/flowcollector/v1beta2/flowcollector_types.go @@ -214,7 +214,8 @@ type EBPFMetrics struct { Server MetricsServerConfig `json:"server,omitempty"` // Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default. - // +optional + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // `disableAlerts` is a list of alerts that should be disabled. @@ -299,6 +300,8 @@ type EBPFFlowFilterRule struct { // `EBPFFlowFilter` defines the desired eBPF agent configuration regarding flow filtering. type EBPFFlowFilter struct { // Set `enable` to `true` to enable the eBPF flow filtering feature. + //+kubebuilder:default:=false + //+optional Enable *bool `json:"enable,omitempty"` // [Deprecated (*)]. This setting is not used anymore. It is replaced with the `rules` list. @@ -369,7 +372,7 @@ type FlowCollectorEBPF struct { // Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces. // When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container. // Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support. - // +optional + //+kubebuilder:default:=false Privileged bool `json:"privileged,omitempty"` //+kubebuilder:default:=1048576 @@ -456,13 +459,15 @@ type FlowCollectorIPFIXReceiver struct { type FlowCollectorOpenTelemetryLogs struct { // Set `enable` to `true` to send logs to an OpenTelemetry receiver. - // +kubebuilder:default:=true + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` } type FlowCollectorOpenTelemetryMetrics struct { // Set `enable` to `true` to send metrics to an OpenTelemetry receiver. - // +kubebuilder:default:=true + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // Specify how often metrics are sent to a collector. @@ -651,7 +656,7 @@ type FlowCollectorFLP struct { ConsumerReplicas *int32 `json:"consumerReplicas,omitempty"` // If `unmanagedReplicas` is `true`, the operator will not reconcile `consumerReplicas`. This is useful when using a pod autoscaler. - // +optional + //+kubebuilder:default:=false UnmanagedReplicas bool `json:"unmanagedReplicas,omitempty"` //+kubebuilder:default:=1000 @@ -679,13 +684,15 @@ type FlowCollectorFLP struct { // `clusterName` is the name of the cluster to appear in the flows data. This is useful in a multi-cluster context. When using OpenShift, leave empty to make it automatically determined. ClusterName string `json:"clusterName,omitempty"` - //+kubebuilder:default:=false // Set `multiClusterDeployment` to `true` to enable multi clusters feature. This adds `clusterName` label to flows data + //+kubebuilder:default:=false + // +optional MultiClusterDeployment *bool `json:"multiClusterDeployment,omitempty"` - //+optional // `addZone` allows availability zone awareness by labeling flows with their source and destination zones. // This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. + //+kubebuilder:default:=false + //+optional AddZone *bool `json:"addZone,omitempty"` //+optional @@ -903,6 +910,7 @@ type LokiMonolithParams struct { // This is useful for development and demo purposes. Do not use it in production. // [Unsupported (*)]. //+kubebuilder:default:=false + //+optional InstallDemoLoki *bool `json:"installDemoLoki,omitempty"` //+kubebuilder:default:="http://loki:3100/" @@ -950,6 +958,7 @@ type FlowCollectorLoki struct { // If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle. // If they are both disabled, the Console plugin is not deployed. //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // `mode` must be set according to the installation mode of Loki:
@@ -1021,7 +1030,7 @@ type PrometheusQuerierManual struct { TLS ClientTLS `json:"tls"` // Set `true` to forward logged in user token in queries to Prometheus - // +optional + //+kubebuilder:default:=false ForwardUserToken bool `json:"forwardUserToken"` // AlertManager configuration. This is used in the console to query silenced alerts, for displaying health information. @@ -1064,6 +1073,8 @@ type PrometheusQuerier struct { // such as getting per-pod information or viewing raw flows. // If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle. // If they are both disabled, the Console plugin is not deployed. + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
@@ -1087,13 +1098,15 @@ type PrometheusQuerier struct { // FlowCollectorConsolePlugin defines the desired ConsolePlugin state of FlowCollector. type FlowCollectorConsolePlugin struct { - //+kubebuilder:default:=true // Enables the console plugin deployment. + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // Deploy as a standalone console, instead of a plugin of the OpenShift Console. // This is not recommended when using with OpenShift, as it doesn't provide an integrated experience. // [Unsupported (*)]. + //+kubebuilder:default:=false Standalone bool `json:"standalone,omitempty"` //+kubebuilder:validation:Minimum=0 @@ -1102,7 +1115,7 @@ type FlowCollectorConsolePlugin struct { Replicas *int32 `json:"replicas,omitempty"` // If `unmanagedReplicas` is `true`, the operator will not reconcile `replicas`. This is useful when using a pod autoscaler. - // +optional + //+kubebuilder:default:=false UnmanagedReplicas bool `json:"unmanagedReplicas,omitempty"` //+kubebuilder:validation:Enum=IfNotPresent;Always;Never @@ -1145,8 +1158,9 @@ type FlowCollectorConsolePlugin struct { // Configuration of the port to service name translation feature of the console plugin type ConsolePluginPortConfig struct { - //+kubebuilder:default:=true // Enable the console plugin port-to-service name translation + //+kubebuilder:default:=true + //+optional Enable *bool `json:"enable,omitempty"` // `portNames` defines additional port names to use in the console, @@ -1165,7 +1179,7 @@ type QuickFilter struct { // +kubebuilder:MinProperties:=1 Filter map[string]string `json:"filter"` // `default` defines whether this filter should be active by default or not - // +optional + //+kubebuilder:default:=false Default bool `json:"default,omitempty"` } @@ -1462,11 +1476,11 @@ type AdvancedPluginConfig struct { //+optional Args []string `json:"args,omitempty"` - //+kubebuilder:default:=true - //+optional // `register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator. // When set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command: // `oc patch console.operator.openshift.io cluster --type='json' -p '[{"op": "add", "path": "/spec/plugins/-", "value": "netobserv-plugin"}]'` + //+kubebuilder:default:=true + //+optional Register *bool `json:"register,omitempty"` //+kubebuilder:validation:Minimum=1 @@ -1486,6 +1500,7 @@ type SubnetLabels struct { // `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the // OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect // external traffic: flows that are not labeled for those subnets are external to the cluster. Enabled by default on OpenShift. + //+kubebuilder:default:=true //+optional OpenShiftAutoDetect *bool `json:"openShiftAutoDetect,omitempty"` diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index 168fcc542..6ac794d90 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -1199,6 +1199,7 @@ spec: - Egress type: string enable: + default: false description: Set `enable` to `true` to enable the eBPF flow filtering feature. type: boolean @@ -1457,6 +1458,7 @@ spec: type: string type: array enable: + default: true description: Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default. type: boolean @@ -1556,6 +1558,7 @@ spec: type: object type: object privileged: + default: false description: |- Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container. @@ -3127,6 +3130,7 @@ spec: Console''s quick filters' properties: default: + default: false description: '`default` defines whether this filter should be active by default or not' type: boolean @@ -3221,12 +3225,14 @@ spec: type: object type: object standalone: + default: false description: |- Deploy as a standalone console, instead of a plugin of the OpenShift Console. This is not recommended when using with OpenShift, as it doesn't provide an integrated experience. [Unsupported (*)]. type: boolean unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `replicas`. This is useful when using a pod autoscaler. type: boolean @@ -4307,6 +4313,7 @@ spec: enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. properties: addZone: + default: false description: |- `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. @@ -6227,6 +6234,7 @@ spec: type: object type: array openShiftAutoDetect: + default: true description: |- `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect @@ -6234,6 +6242,7 @@ spec: type: boolean type: object unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `consumerReplicas`. This is useful when using a pod autoscaler. @@ -6248,6 +6257,7 @@ spec: settings, used in the Console plugin. properties: enable: + default: true description: |- When `enable` is `true`, the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible. It is enbaled by default: set it to `false` to disable this feature. @@ -6355,6 +6365,7 @@ spec: type: string type: object forwardUserToken: + default: false description: Set `true` to forward logged in user token in queries to Prometheus type: boolean @@ -6444,6 +6455,8 @@ spec: description: '`url` is the address of an existing Prometheus service to use for querying metrics.' type: string + required: + - forwardUserToken type: object mode: default: Auto diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index 662e6bba7..1159ea6d9 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -45,38 +45,20 @@ metadata: "lo" ], "interfaces": [], - "privileged": false, "sampling": 50 - }, - "type": "eBPF" - }, - "consolePlugin": { - "enable": true + } }, "deploymentModel": "Service", - "exporters": [], "loki": { - "enable": true, - "lokiStack": { - "name": "loki" - }, "mode": "Monolithic", "monolithic": { "url": "http://loki.netobserv.svc.cluster.local.:3100/" } }, "namespace": "netobserv", - "networkPolicy": { - "additionalNamespaces": [], - "enable": true - }, "processor": { - "consumerReplicas": 3, "metrics": { "disableAlerts": [] - }, - "slicesConfig": { - "enable": false } } } diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 3ccc59be5..5ab49582a 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -1120,6 +1120,7 @@ spec: - Egress type: string enable: + default: false description: Set `enable` to `true` to enable the eBPF flow filtering feature. type: boolean icmpCode: @@ -1349,6 +1350,7 @@ spec: type: string type: array enable: + default: true description: Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default. type: boolean server: @@ -1434,6 +1436,7 @@ spec: type: object type: object privileged: + default: false description: |- Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container. @@ -2926,6 +2929,7 @@ spec: description: '`QuickFilter` defines preset configuration for Console''s quick filters' properties: default: + default: false description: '`default` defines whether this filter should be active by default or not' type: boolean filter: @@ -3017,12 +3021,14 @@ spec: type: object type: object standalone: + default: false description: |- Deploy as a standalone console, instead of a plugin of the OpenShift Console. This is not recommended when using with OpenShift, as it doesn't provide an integrated experience. [Unsupported (*)]. type: boolean unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `replicas`. This is useful when using a pod autoscaler. type: boolean type: object @@ -3956,6 +3962,7 @@ spec: enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. properties: addZone: + default: false description: |- `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. @@ -5759,6 +5766,7 @@ spec: type: object type: array openShiftAutoDetect: + default: true description: |- `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect @@ -5766,6 +5774,7 @@ spec: type: boolean type: object unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `consumerReplicas`. This is useful when using a pod autoscaler. type: boolean type: object @@ -5776,6 +5785,7 @@ spec: description: Prometheus querying configuration, such as client settings, used in the Console plugin. properties: enable: + default: true description: |- When `enable` is `true`, the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible. It is enbaled by default: set it to `false` to disable this feature. @@ -5863,6 +5873,7 @@ spec: type: string type: object forwardUserToken: + default: false description: Set `true` to forward logged in user token in queries to Prometheus type: boolean tls: @@ -5933,6 +5944,8 @@ spec: default: http://prometheus:9090 description: '`url` is the address of an existing Prometheus service to use for querying metrics.' type: string + required: + - forwardUserToken type: object mode: default: Auto diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml index 141bf29da..62c20e340 100644 --- a/config/samples/flows_v1beta2_flowcollector.yaml +++ b/config/samples/flows_v1beta2_flowcollector.yaml @@ -3,21 +3,20 @@ kind: FlowCollector metadata: name: cluster spec: - namespace: netobserv - deploymentModel: Service - networkPolicy: - enable: true - additionalNamespaces: [] + namespace: netobserv # default + deploymentModel: Service # default + # networkPolicy: + # enable: true # default on OVN-Kubernetes, false otherwise + # additionalNamespaces: [] agent: - type: eBPF + # type: eBPF # default ebpf: - # imagePullPolicy: IfNotPresent - # logLevel: info + # imagePullPolicy: IfNotPresent # default + # logLevel: info # default sampling: 50 cacheActiveTimeout: 5s cacheMaxFlows: 100000 - # Change privileged to "true" on old kernel version not knowing CAP_BPF or when using "PacketDrop" feature - privileged: false + # privileged: false # default - Change to "true" on old kernels not knowing CAP_BPF or when using "PacketDrop" feature # features: # - "PacketDrop" # - "DNSTracking" @@ -29,9 +28,13 @@ spec: # - "IPSec" interfaces: [] excludeInterfaces: ["lo"] - # kafkaBatchSize: 1048576 + # kafkaBatchSize: 1048576 # default + # metrics: + # enable: true # default + # server: + # port: 9400 #flowFilter: - # enable: true + # enable: false # default - set to true to enable flow filtering # rules: # - action: Accept # cidr: 0.0.0.0/0 @@ -52,21 +55,18 @@ spec: # cidr: 2.2.2.2/24 # protocol: TCP # sourcePorts: 53 - # metrics: - # server: - # port: 9400 - # Custom optionnal resources configuration + # Custom optional resources configuration # resources: # requests: # memory: 50Mi # cpu: 100m # limits: # memory: 800Mi - # kafka: + # kafka: # Only needed when deploymentModel: Kafka # address: "kafka-cluster-kafka-bootstrap.netobserv" # topic: network-flows # tls: - # enable: false + # enable: false # default # caCert: # type: secret # name: kafka-cluster-cluster-ca-cert @@ -77,15 +77,15 @@ spec: # certFile: user.crt # certKey: user.key processor: - # imagePullPolicy: IfNotPresent - # logLevel: info - # Change logTypes to "Conversations", "EndedConversations" or "All" to enable conversation tracking - # logTypes: Flows + # imagePullPolicy: IfNotPresent # default + # logLevel: info # default + # logTypes: Flows # default - Change to "Conversations", "EndedConversations" or "All" for conversation tracking + # multiClusterDeployment: false # default - Set to true to add clusterName label # Append a unique cluster name to each record # clusterName: - # addZone: true + # addZone: false # default - Set to true to add zone awareness # subnetLabels: - # openShiftAutoDetect: true + # openShiftAutoDetect: true # default on OpenShift # customLabels: # - cidrs: [] # name: "" @@ -93,7 +93,7 @@ spec: # server: # port: 9401 disableAlerts: [] - # includeList: + # includeList: # Defaults to a standard set of metrics, override here if needed # - "node_ingress_bytes_total" # - "node_ingress_packets_total" # - "workload_ingress_bytes_total" @@ -102,7 +102,7 @@ spec: # - "namespace_drop_packets_total" # - "node_drop_packets_total" # - "namespace_rtt_seconds" - # healthRules: + # healthRules: # Default health rules are configured, override here if needed # - template: PacketDropsByKernel # mode: Alert # or "Recording" to generate recording rules instead of alerts # variants: @@ -122,14 +122,15 @@ spec: # info: "5" # groupBy: Namespace # lowVolumeThreshold: "5" - slicesConfig: - enable: false - # collectionMode: AllowList - # namespacesAllowList: - # - /openshift-.*|netobserv.*/ + # slicesConfig: + # enable: false # default - Set to true to enable FlowCollectorSlice feature + # collectionMode: AlwaysCollect # default + # namespacesAllowList: + # - /openshift-.*|netobserv.*/ # FLP replicas - consumerReplicas: 3 - # Custom optionnal resources configuration + # consumerReplicas: 3 # default + # unmanagedReplicas: false # default - Set to true when using external autoscaler + # Custom optional resources configuration # resources: # requests: # memory: 100Mi @@ -137,8 +138,8 @@ spec: # limits: # memory: 800Mi # deduper: - # mode: Sample - # sampling: 100 + # mode: Disabled # default - Set to "Sample" or "Drop" to enable + # sampling: 50 # default # filters: # - query: | # (SrcK8S_Namespace="netobserv" OR (SrcK8S_Namespace="openshift-console" AND DstK8S_Namespace="netobserv")) @@ -150,111 +151,112 @@ spec: # # Any of: MAC, IP, Interface # index: [MAC] loki: - enable: true + # enable: true # default # Change mode to "LokiStack" to use with the loki operator mode: Monolithic monolithic: # NB: trailing dot (...local.:3100) is a DNS optimization for exact name match without extra search url: 'http://loki.netobserv.svc.cluster.local.:3100/' - # tenantID: netobserv + # tenantID: netobserv # default # tls: - # enable: false + # enable: false # default # caCert: # type: configmap # name: loki-gateway-ca-bundle # certFile: service-ca.crt - # Enable automatic install for dev / demo purposes - # installDemoLoki: true - lokiStack: - name: loki - # Change loki operator instance namespace - # namespace: loki-operator + # installDemoLoki: false # default - Enable for dev/demo purposes ONLY + # lokiStack: # Only needed when mode: LokiStack + # name: loki # default + # namespace: # defaults to spec.namespace # Console plugin read timeout - # readTimeout: 30s + # readTimeout: 30s # default # # Write stage configuration - # writeTimeout: 10s - # writeBatchWait: 1s - # writeBatchSize: 10485760 + # writeTimeout: 10s # default + # writeBatchWait: 1s # default + # writeBatchSize: 10485760 # default # prometheus: # querier: - # enable: true - # mode: Auto - # timeout: 30s - consolePlugin: - enable: true - # imagePullPolicy: IfNotPresent - # logLevel: info - # Scaling configuration - # replicas: 1 - # autoscaler: - # status: Disabled - # minReplicas: 1 - # maxReplicas: 3 - # metrics: - # - type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 50 - # Custom optionnal port-to-service name translation - # portNaming: - # enable: true - # portNames: - # "3100": loki - # Custom optionnal filter presets - # quickFilters: - # - name: Applications - # filter: - # flow_layer: '"app"' - # default: true - # - name: Infrastructure - # filter: - # flow_layer: '"infra"' - # - name: Pods network - # filter: - # src_kind: '"Pod"' - # dst_kind: '"Pod"' - # default: true - # - name: Services network - # filter: - # dst_kind: '"Service"' - # - name: External ingress - # filter: - # src_subnet_label: '"",EXT:' - # - name: External egress - # filter: - # dst_subnet_label: '"",EXT:' - # Custom optionnal resources configuration - # resources: - # requests: - # memory: 50Mi - # cpu: 100m - # limits: - # memory: 100Mi - exporters: [] - # - type: Kafka - # kafka: - # address: "kafka-cluster-kafka-bootstrap.netobserv" - # topic: netobserv-flows-export - # or - # - type: IPFIX - # ipfix: - # # see https://github.com/netobserv/flowlogs-pipeline/blob/main/contrib/kubernetes/ipfix-collector-stdout.yaml - # targetHost: "flp-ipfix-stdout.netobserv.svc.cluster.local" - # targetPort: 2055 - # transport: UDP - # enterpriseID: 2021 - # or - # - type: OpenTelemetry - # openTelemetry: - # targetHost: "1.2.3.4:443" - # targetPort: 4317 - # protocol: grpc - # logs: - # enable: true - # metrics: - # enable: true - # prefix: netobserv - # pushTimeInterval: 20s - # expiryTime: 2m + # enable: true # default + # mode: Auto # default + # timeout: 30s # default + # consolePlugin: + # enable: true # default + # standalone: false # default + # imagePullPolicy: IfNotPresent # default + # logLevel: info # default + # # Scaling configuration + # replicas: 1 # default + # unmanagedReplicas: false # default - Set to true when using external autoscaler + # autoscaler: # deprecated + # status: Disabled + # minReplicas: 1 + # maxReplicas: 3 + # metrics: + # - type: Resource + # resource: + # name: cpu + # target: + # type: Utilization + # averageUtilization: 50 + # # Custom optional port-to-service name translation + # portNaming: + # enable: true # default + # portNames: + # "3100": loki + # # Custom optional filter presets (defaults provided, override here if needed) + # quickFilters: + # - name: Applications + # filter: + # flow_layer: '"app"' + # default: true + # - name: Infrastructure + # filter: + # flow_layer: '"infra"' + # - name: Pods network + # filter: + # src_kind: '"Pod"' + # dst_kind: '"Pod"' + # default: true + # - name: Services network + # filter: + # dst_kind: '"Service"' + # - name: External ingress + # filter: + # src_subnet_label: '"",EXT:' + # - name: External egress + # filter: + # dst_subnet_label: '"",EXT:' + # # Custom optional resources configuration + # resources: + # requests: + # memory: 50Mi + # cpu: 100m + # limits: + # memory: 100Mi + # exporters: # empty by default, uncomment examples below to add exporters + # Example: Kafka exporter + # - type: Kafka + # kafka: + # address: "kafka-cluster-kafka-bootstrap.netobserv" + # topic: netobserv-flows-export + # Example: IPFIX exporter + # - type: IPFIX + # ipfix: + # # see https://github.com/netobserv/flowlogs-pipeline/blob/main/contrib/kubernetes/ipfix-collector-stdout.yaml + # targetHost: "flp-ipfix-stdout.netobserv.svc.cluster.local" + # targetPort: 2055 + # transport: UDP + # enterpriseID: 2021 + # Example: OpenTelemetry exporter + # - type: OpenTelemetry + # openTelemetry: + # targetHost: "1.2.3.4:443" + # targetPort: 4317 + # protocol: grpc + # logs: + # enable: true # default + # metrics: + # enable: true # default + # prefix: netobserv + # pushTimeInterval: 20s + # expiryTime: 2m diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md index 6b9a932f3..e391a9141 100644 --- a/docs/FlowCollector.md +++ b/docs/FlowCollector.md @@ -368,6 +368,8 @@ Otherwise it is matched as a case-sensitive string.
Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container. Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.
+
+ Default: false
false @@ -2239,6 +2241,8 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports: boolean Set `enable` to `true` to enable the eBPF flow filtering feature.
+
+ Default: false
false @@ -2510,6 +2514,8 @@ Possible values are:
boolean Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default.
+
+ Default: true
false @@ -3087,6 +3093,8 @@ For more information, see https://kubernetes.io/docs/concepts/configuration/mana Deploy as a standalone console, instead of a plugin of the OpenShift Console. This is not recommended when using with OpenShift, as it doesn't provide an integrated experience. [Unsupported (*)].
+
+ Default: false
false @@ -3094,6 +3102,8 @@ This is not recommended when using with OpenShift, as it doesn't provide an inte boolean If `unmanagedReplicas` is `true`, the operator will not reconcile `replicas`. This is useful when using a pod autoscaler.
+
+ Default: false
false @@ -5912,6 +5922,8 @@ for example, `filter: {"src_namespace": "namespace1,namespace2"}`.
boolean `default` defines whether this filter should be active by default or not
+
+ Default: false
false @@ -8425,6 +8437,8 @@ enriches them, generates metrics, and forwards them to the Loki persistence laye `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes.
+
+ Default: false
false @@ -8592,6 +8606,8 @@ When a subnet matches the source or destination IP of a flow, a corresponding fi boolean If `unmanagedReplicas` is `true`, the operator will not reconcile `consumerReplicas`. This is useful when using a pod autoscaler.
+
+ Default: false
false @@ -12136,6 +12152,8 @@ If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subne `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect external traffic: flows that are not labeled for those subnets are external to the cluster. Enabled by default on OpenShift.
+
+ Default: true
false @@ -12242,6 +12260,8 @@ Not all queries are transposable from Loki to Prometheus. Hence, if Loki is disa such as getting per-pod information or viewing raw flows. If both Prometheus and Loki are enabled, Prometheus takes precedence and Loki is used as a fallback for queries that Prometheus cannot handle. If they are both disabled, the Console plugin is not deployed.
+
+ Default: true
false @@ -12282,6 +12302,15 @@ Prometheus configuration for `Manual` mode. + forwardUserToken + boolean + + Set `true` to forward logged in user token in queries to Prometheus
+
+ Default: false
+ + true + alertManager object @@ -12290,13 +12319,6 @@ When used in OpenShift it can be left empty to use the Console API instead. [Unsupported (*)].
false - - forwardUserToken - boolean - - Set `true` to forward logged in user token in queries to Prometheus
- - false tls object diff --git a/helm/crds/flows.netobserv.io_flowcollectors.yaml b/helm/crds/flows.netobserv.io_flowcollectors.yaml index 360026bde..f3718e694 100644 --- a/helm/crds/flows.netobserv.io_flowcollectors.yaml +++ b/helm/crds/flows.netobserv.io_flowcollectors.yaml @@ -1124,6 +1124,7 @@ spec: - Egress type: string enable: + default: false description: Set `enable` to `true` to enable the eBPF flow filtering feature. type: boolean icmpCode: @@ -1353,6 +1354,7 @@ spec: type: string type: array enable: + default: true description: Set `enable` to `false` to disable eBPF agent metrics collection. It is enabled by default. type: boolean server: @@ -1438,6 +1440,7 @@ spec: type: object type: object privileged: + default: false description: |- Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container. @@ -2930,6 +2933,7 @@ spec: description: '`QuickFilter` defines preset configuration for Console''s quick filters' properties: default: + default: false description: '`default` defines whether this filter should be active by default or not' type: boolean filter: @@ -3021,12 +3025,14 @@ spec: type: object type: object standalone: + default: false description: |- Deploy as a standalone console, instead of a plugin of the OpenShift Console. This is not recommended when using with OpenShift, as it doesn't provide an integrated experience. [Unsupported (*)]. type: boolean unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `replicas`. This is useful when using a pod autoscaler. type: boolean type: object @@ -3960,6 +3966,7 @@ spec: enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. properties: addZone: + default: false description: |- `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. @@ -5763,6 +5770,7 @@ spec: type: object type: array openShiftAutoDetect: + default: true description: |- `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect @@ -5770,6 +5778,7 @@ spec: type: boolean type: object unmanagedReplicas: + default: false description: If `unmanagedReplicas` is `true`, the operator will not reconcile `consumerReplicas`. This is useful when using a pod autoscaler. type: boolean type: object @@ -5780,6 +5789,7 @@ spec: description: Prometheus querying configuration, such as client settings, used in the Console plugin. properties: enable: + default: true description: |- When `enable` is `true`, the Console plugin queries flow metrics from Prometheus instead of Loki whenever possible. It is enbaled by default: set it to `false` to disable this feature. @@ -5867,6 +5877,7 @@ spec: type: string type: object forwardUserToken: + default: false description: Set `true` to forward logged in user token in queries to Prometheus type: boolean tls: @@ -5937,6 +5948,8 @@ spec: default: http://prometheus:9090 description: '`url` is the address of an existing Prometheus service to use for querying metrics.' type: string + required: + - forwardUserToken type: object mode: default: Auto diff --git a/internal/controller/flowcollector_controller_iso_test.go b/internal/controller/flowcollector_controller_iso_test.go index 8c5de03c4..abda958c1 100644 --- a/internal/controller/flowcollector_controller_iso_test.go +++ b/internal/controller/flowcollector_controller_iso_test.go @@ -81,6 +81,9 @@ func flowCollectorIsoSpecs() { DropUnusedFields: ptr.To(false), }, LogTypes: ptr.To(flowslatest.LogTypeAll), + SubnetLabels: flowslatest.SubnetLabels{ + OpenShiftAutoDetect: ptr.To(true), + }, Metrics: flowslatest.FLPMetrics{ Server: flowslatest.MetricsServerConfig{ Port: ptr.To(int32(12347)),