From 3bd04ea7d9ad2be6505c645650ddaa15c1631496 Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Mon, 5 Feb 2024 17:02:38 +0100 Subject: [PATCH] NETOBSERV-1426: detect external workloads / openshift subnets --- .../v1alpha1/zz_generated.conversion.go | 1 + .../v1beta1/flowcollector_types.go | 22 +++ .../v1beta1/zz_generated.conversion.go | 70 ++++++++ .../v1beta1/zz_generated.deepcopy.go | 48 ++++++ .../v1beta2/flowcollector_types.go | 22 +++ .../v1beta2/zz_generated.deepcopy.go | 48 ++++++ .../flows.netobserv.io_flowcollectors.yaml | 58 +++++++ ...observ-operator.clusterserviceversion.yaml | 14 ++ .../flows.netobserv.io_flowcollectors.yaml | 58 +++++++ config/rbac/role.yaml | 8 + .../samples/flows_v1beta2_flowcollector.yaml | 2 + controllers/flp/flp_common_objects.go | 36 +++-- controllers/flp/flp_controller.go | 80 +++++++++- controllers/flp/flp_ingest_objects.go | 4 +- controllers/flp/flp_ingest_reconciler.go | 4 +- controllers/flp/flp_monolith_objects.go | 4 +- controllers/flp/flp_monolith_reconciler.go | 4 +- controllers/flp/flp_pipeline_builder.go | 95 +++++++---- controllers/flp/flp_test.go | 18 +-- controllers/flp/flp_transfo_objects.go | 4 +- controllers/flp/flp_transfo_reconciler.go | 4 +- controllers/flp/metrics_api_test.go | 2 +- docs/FlowCollector.md | 150 ++++++++++++++++++ ...ned.flows.netobserv.io_flowcollectors.yaml | 40 +++++ pkg/helper/flowcollector.go | 4 + pkg/manager/manager.go | 3 +- 26 files changed, 731 insertions(+), 72 deletions(-) diff --git a/apis/flowcollector/v1alpha1/zz_generated.conversion.go b/apis/flowcollector/v1alpha1/zz_generated.conversion.go index 899103749..6fd368c13 100644 --- a/apis/flowcollector/v1alpha1/zz_generated.conversion.go +++ b/apis/flowcollector/v1alpha1/zz_generated.conversion.go @@ -650,6 +650,7 @@ func autoConvert_v1beta2_FlowCollectorFLP_To_v1alpha1_FlowCollectorFLP(in *v1bet // WARNING: in.ClusterName requires manual conversion: does not exist in peer-type // WARNING: in.MultiClusterDeployment requires manual conversion: does not exist in peer-type // WARNING: in.AddZone requires manual conversion: does not exist in peer-type + // WARNING: in.SubnetLabels requires manual conversion: does not exist in peer-type // WARNING: in.Advanced requires manual conversion: does not exist in peer-type return nil } diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go index 60658d5cc..a2c729f79 100644 --- a/apis/flowcollector/v1beta1/flowcollector_types.go +++ b/apis/flowcollector/v1beta1/flowcollector_types.go @@ -493,6 +493,10 @@ type FlowCollectorFLP struct { // This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. AddZone *bool `json:"addZone,omitempty"` + //+optional + // `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. + SubnetLabels SubnetLabels `json:"subnetLabels,omitempty"` + // `debug` allows setting some aspects of the internal configuration of the flow processor. // This section is aimed exclusively for debugging and fine-grained performance optimizations, // such as `GOGC` and `GOMAXPROCS` env vars. Users setting its values do it at their own risk. @@ -832,6 +836,24 @@ type DebugConfig struct { Env map[string]string `json:"env,omitempty"` } +// `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. +type SubnetLabels struct { + // `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the + // OpenShift install configuration and the Cluster Network Operator configuration. + //+optional + OpenShiftAutoDetect *bool `json:"openShiftAutoDetect,omitempty"` + + // `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. + //+optional + CustomLabels []SubnetLabel `json:"customLabels,omitempty"` +} + +// SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. +type SubnetLabel struct { + CIDRs []string `json:"cidrs,omitempty"` + Name string `json:"name,omitempty"` +} + // Add more exporter types below type ExporterType string diff --git a/apis/flowcollector/v1beta1/zz_generated.conversion.go b/apis/flowcollector/v1beta1/zz_generated.conversion.go index 65897b2f2..e4197a313 100644 --- a/apis/flowcollector/v1beta1/zz_generated.conversion.go +++ b/apis/flowcollector/v1beta1/zz_generated.conversion.go @@ -168,6 +168,26 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*SubnetLabel)(nil), (*v1beta2.SubnetLabel)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_SubnetLabel_To_v1beta2_SubnetLabel(a.(*SubnetLabel), b.(*v1beta2.SubnetLabel), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1beta2.SubnetLabel)(nil), (*SubnetLabel)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta2_SubnetLabel_To_v1beta1_SubnetLabel(a.(*v1beta2.SubnetLabel), b.(*SubnetLabel), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*SubnetLabels)(nil), (*v1beta2.SubnetLabels)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels(a.(*SubnetLabels), b.(*v1beta2.SubnetLabels), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1beta2.SubnetLabels)(nil), (*SubnetLabels)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels(a.(*v1beta2.SubnetLabels), b.(*SubnetLabels), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*DebugConfig)(nil), (*v1beta2.AdvancedAgentConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1beta1_DebugConfig_To_v1beta2_AdvancedAgentConfig(a.(*DebugConfig), b.(*v1beta2.AdvancedAgentConfig), scope) }); err != nil { @@ -618,6 +638,9 @@ func autoConvert_v1beta1_FlowCollectorFLP_To_v1beta2_FlowCollectorFLP(in *FlowCo out.ClusterName = in.ClusterName out.MultiClusterDeployment = (*bool)(unsafe.Pointer(in.MultiClusterDeployment)) out.AddZone = (*bool)(unsafe.Pointer(in.AddZone)) + if err := Convert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels(&in.SubnetLabels, &out.SubnetLabels, s); err != nil { + return err + } // WARNING: in.Debug requires manual conversion: does not exist in peer-type return nil } @@ -639,6 +662,9 @@ func autoConvert_v1beta2_FlowCollectorFLP_To_v1beta1_FlowCollectorFLP(in *v1beta out.ClusterName = in.ClusterName out.MultiClusterDeployment = (*bool)(unsafe.Pointer(in.MultiClusterDeployment)) out.AddZone = (*bool)(unsafe.Pointer(in.AddZone)) + if err := Convert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels(&in.SubnetLabels, &out.SubnetLabels, s); err != nil { + return err + } // WARNING: in.Advanced requires manual conversion: does not exist in peer-type return nil } @@ -1009,3 +1035,47 @@ func autoConvert_v1beta2_ServerTLS_To_v1beta1_ServerTLS(in *v1beta2.ServerTLS, o out.ProvidedCaFile = (*FileReference)(unsafe.Pointer(in.ProvidedCaFile)) return nil } + +func autoConvert_v1beta1_SubnetLabel_To_v1beta2_SubnetLabel(in *SubnetLabel, out *v1beta2.SubnetLabel, s conversion.Scope) error { + out.CIDRs = *(*[]string)(unsafe.Pointer(&in.CIDRs)) + out.Name = in.Name + return nil +} + +// Convert_v1beta1_SubnetLabel_To_v1beta2_SubnetLabel is an autogenerated conversion function. +func Convert_v1beta1_SubnetLabel_To_v1beta2_SubnetLabel(in *SubnetLabel, out *v1beta2.SubnetLabel, s conversion.Scope) error { + return autoConvert_v1beta1_SubnetLabel_To_v1beta2_SubnetLabel(in, out, s) +} + +func autoConvert_v1beta2_SubnetLabel_To_v1beta1_SubnetLabel(in *v1beta2.SubnetLabel, out *SubnetLabel, s conversion.Scope) error { + out.CIDRs = *(*[]string)(unsafe.Pointer(&in.CIDRs)) + out.Name = in.Name + return nil +} + +// Convert_v1beta2_SubnetLabel_To_v1beta1_SubnetLabel is an autogenerated conversion function. +func Convert_v1beta2_SubnetLabel_To_v1beta1_SubnetLabel(in *v1beta2.SubnetLabel, out *SubnetLabel, s conversion.Scope) error { + return autoConvert_v1beta2_SubnetLabel_To_v1beta1_SubnetLabel(in, out, s) +} + +func autoConvert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels(in *SubnetLabels, out *v1beta2.SubnetLabels, s conversion.Scope) error { + out.OpenShiftAutoDetect = (*bool)(unsafe.Pointer(in.OpenShiftAutoDetect)) + out.CustomLabels = *(*[]v1beta2.SubnetLabel)(unsafe.Pointer(&in.CustomLabels)) + return nil +} + +// Convert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels is an autogenerated conversion function. +func Convert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels(in *SubnetLabels, out *v1beta2.SubnetLabels, s conversion.Scope) error { + return autoConvert_v1beta1_SubnetLabels_To_v1beta2_SubnetLabels(in, out, s) +} + +func autoConvert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels(in *v1beta2.SubnetLabels, out *SubnetLabels, s conversion.Scope) error { + out.OpenShiftAutoDetect = (*bool)(unsafe.Pointer(in.OpenShiftAutoDetect)) + out.CustomLabels = *(*[]SubnetLabel)(unsafe.Pointer(&in.CustomLabels)) + return nil +} + +// Convert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels is an autogenerated conversion function. +func Convert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels(in *v1beta2.SubnetLabels, out *SubnetLabels, s conversion.Scope) error { + return autoConvert_v1beta2_SubnetLabels_To_v1beta1_SubnetLabels(in, out, s) +} diff --git a/apis/flowcollector/v1beta1/zz_generated.deepcopy.go b/apis/flowcollector/v1beta1/zz_generated.deepcopy.go index 48ebf3e72..06b806c13 100644 --- a/apis/flowcollector/v1beta1/zz_generated.deepcopy.go +++ b/apis/flowcollector/v1beta1/zz_generated.deepcopy.go @@ -362,6 +362,7 @@ func (in *FlowCollectorFLP) DeepCopyInto(out *FlowCollectorFLP) { *out = new(bool) **out = **in } + in.SubnetLabels.DeepCopyInto(&out.SubnetLabels) in.Debug.DeepCopyInto(&out.Debug) } @@ -689,3 +690,50 @@ func (in *ServerTLS) DeepCopy() *ServerTLS { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SubnetLabel) DeepCopyInto(out *SubnetLabel) { + *out = *in + if in.CIDRs != nil { + in, out := &in.CIDRs, &out.CIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetLabel. +func (in *SubnetLabel) DeepCopy() *SubnetLabel { + if in == nil { + return nil + } + out := new(SubnetLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SubnetLabels) DeepCopyInto(out *SubnetLabels) { + *out = *in + if in.OpenShiftAutoDetect != nil { + in, out := &in.OpenShiftAutoDetect, &out.OpenShiftAutoDetect + *out = new(bool) + **out = **in + } + if in.CustomLabels != nil { + in, out := &in.CustomLabels, &out.CustomLabels + *out = make([]SubnetLabel, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetLabels. +func (in *SubnetLabels) DeepCopy() *SubnetLabels { + if in == nil { + return nil + } + out := new(SubnetLabels) + in.DeepCopyInto(out) + return out +} diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go index f029e2f67..7e10d5f21 100644 --- a/apis/flowcollector/v1beta2/flowcollector_types.go +++ b/apis/flowcollector/v1beta2/flowcollector_types.go @@ -450,6 +450,10 @@ type FlowCollectorFLP struct { // This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. AddZone *bool `json:"addZone,omitempty"` + //+optional + // `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. + SubnetLabels SubnetLabels `json:"subnetLabels,omitempty"` + // `advanced` allows setting some aspects of the internal configuration of the flow processor. // This section is aimed mostly for debugging and fine-grained performance optimizations, // such as `GOGC` and `GOMAXPROCS` env vars. Users setting its values do it at their own risk. @@ -983,6 +987,24 @@ type AdvancedPluginConfig struct { Port *int32 `json:"port,omitempty"` } +// `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. +type SubnetLabels struct { + // `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the + // OpenShift install configuration and the Cluster Network Operator configuration. + //+optional + OpenShiftAutoDetect *bool `json:"openShiftAutoDetect,omitempty"` + + // `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. + //+optional + CustomLabels []SubnetLabel `json:"customLabels,omitempty"` +} + +// SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. +type SubnetLabel struct { + CIDRs []string `json:"cidrs,omitempty"` + Name string `json:"name,omitempty"` +} + // Add more exporter types below type ExporterType string diff --git a/apis/flowcollector/v1beta2/zz_generated.deepcopy.go b/apis/flowcollector/v1beta2/zz_generated.deepcopy.go index d659b863a..55b4d742e 100644 --- a/apis/flowcollector/v1beta2/zz_generated.deepcopy.go +++ b/apis/flowcollector/v1beta2/zz_generated.deepcopy.go @@ -472,6 +472,7 @@ func (in *FlowCollectorFLP) DeepCopyInto(out *FlowCollectorFLP) { *out = new(bool) **out = **in } + in.SubnetLabels.DeepCopyInto(&out.SubnetLabels) if in.Advanced != nil { in, out := &in.Advanced, &out.Advanced *out = new(AdvancedProcessorConfig) @@ -852,3 +853,50 @@ func (in *ServerTLS) DeepCopy() *ServerTLS { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SubnetLabel) DeepCopyInto(out *SubnetLabel) { + *out = *in + if in.CIDRs != nil { + in, out := &in.CIDRs, &out.CIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetLabel. +func (in *SubnetLabel) DeepCopy() *SubnetLabel { + if in == nil { + return nil + } + out := new(SubnetLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SubnetLabels) DeepCopyInto(out *SubnetLabels) { + *out = *in + if in.OpenShiftAutoDetect != nil { + in, out := &in.OpenShiftAutoDetect, &out.OpenShiftAutoDetect + *out = new(bool) + **out = **in + } + if in.CustomLabels != nil { + in, out := &in.CustomLabels, &out.CustomLabels + *out = make([]SubnetLabel, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetLabels. +func (in *SubnetLabels) DeepCopy() *SubnetLabels { + if in == nil { + return nil + } + out := new(SubnetLabels) + in.DeepCopyInto(out) + return out +} diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index 881876e93..651157ff3 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -5055,6 +5055,35 @@ spec: Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`subnetLabels` allows to define custom labels on + subnets and IPs or to enable automatic labelling of recognized + subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and + IPs labelling, such as to identify cluster-external workloads + or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, + such as to identify cluster-external workloads or web + services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, + to detect automatically the machines, pods and services + subnets based on the OpenShift install configuration and + the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: @@ -8008,6 +8037,35 @@ spec: Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`SubnetLabels` allows to define custom labels on + subnets and IPs or to enable automatic labelling of recognized + subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and + IPs labelling, such as to identify cluster-external workloads + or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, + such as to identify cluster-external workloads or web + services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, + to detect automatically the machines, pods and services + subnets based on the OpenShift install configuration and + the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index d9005ecb0..72b9bec3f 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -752,6 +752,12 @@ spec: path: processor.metrics.includeList - displayName: Port path: processor.metrics.server.port + - displayName: Subnet labels + path: processor.subnetLabels + - displayName: Custom labels + path: processor.subnetLabels.customLabels + - displayName: Open shift auto detect + path: processor.subnetLabels.openShiftAutoDetect statusDescriptors: - description: Namespace where console plugin and flowlogs-pipeline have been deployed. @@ -1020,6 +1026,14 @@ spec: - list - update - watch + - apiGroups: + - operator.openshift.io + resources: + - networks + verbs: + - get + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 8459f7f60..62b0c6c2d 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -5041,6 +5041,35 @@ spec: Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`subnetLabels` allows to define custom labels on + subnets and IPs or to enable automatic labelling of recognized + subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and + IPs labelling, such as to identify cluster-external workloads + or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, + such as to identify cluster-external workloads or web + services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, + to detect automatically the machines, pods and services + subnets based on the OpenShift install configuration and + the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: @@ -7994,6 +8023,35 @@ spec: Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`SubnetLabels` allows to define custom labels on + subnets and IPs or to enable automatic labelling of recognized + subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and + IPs labelling, such as to identify cluster-external workloads + or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, + such as to identify cluster-external workloads or web + services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, + to detect automatically the machines, pods and services + subnets based on the OpenShift install configuration and + the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 707342f2f..f75b9a390 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -176,6 +176,14 @@ rules: - list - update - watch +- apiGroups: + - operator.openshift.io + resources: + - networks + verbs: + - get + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml index 22200224b..a43afd0ee 100644 --- a/config/samples/flows_v1beta2_flowcollector.yaml +++ b/config/samples/flows_v1beta2_flowcollector.yaml @@ -51,6 +51,8 @@ spec: # Append a unique cluster name to each record # clusterName: # addZone: true + # subnetLabelling: + # openShiftAutoDetect: true metrics: server: port: 9102 diff --git a/controllers/flp/flp_common_objects.go b/controllers/flp/flp_common_objects.go index 8cc080d6d..8a21ebbd2 100644 --- a/controllers/flp/flp_common_objects.go +++ b/controllers/flp/flp_common_objects.go @@ -50,21 +50,22 @@ var FlpConfSuffix = map[ConfKind]string{ } type Builder struct { - info *reconcilers.Instance - labels map[string]string - selector map[string]string - desired *flowslatest.FlowCollectorSpec - flowMetrics *metricslatest.FlowMetricList - promTLS *flowslatest.CertificateReference - confKind ConfKind - volumes volumes.Builder - loki *helper.LokiConfig - pipeline *PipelineBuilder + info *reconcilers.Instance + labels map[string]string + selector map[string]string + desired *flowslatest.FlowCollectorSpec + flowMetrics *metricslatest.FlowMetricList + detectedSubnets []flowslatest.SubnetLabel + promTLS *flowslatest.CertificateReference + confKind ConfKind + volumes volumes.Builder + loki *helper.LokiConfig + pipeline *PipelineBuilder } type builder = Builder -func NewBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, ck ConfKind) (Builder, error) { +func NewBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel, ck ConfKind) (Builder, error) { version := helper.ExtractVersion(info.Image) name := name(ck) var promTLS *flowslatest.CertificateReference @@ -93,11 +94,12 @@ func NewBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSp selector: map[string]string{ "app": name, }, - desired: desired, - flowMetrics: flowMetrics, - confKind: ck, - promTLS: promTLS, - loki: info.Loki, + desired: desired, + flowMetrics: flowMetrics, + detectedSubnets: detectedSubnets, + confKind: ck, + promTLS: promTLS, + loki: info.Loki, }, nil } @@ -146,7 +148,7 @@ func (b *builder) NewKafkaPipeline() PipelineBuilder { } func (b *builder) initPipeline(ingest config.PipelineBuilderStage) PipelineBuilder { - pipeline := newPipelineBuilder(b.desired, b.flowMetrics, b.info.Loki, b.info.ClusterID, &b.volumes, &ingest) + pipeline := newPipelineBuilder(b.desired, b.flowMetrics, b.detectedSubnets, b.info.Loki, b.info.ClusterID, &b.volumes, &ingest) b.pipeline = &pipeline return pipeline } diff --git a/controllers/flp/flp_controller.go b/controllers/flp/flp_controller.go index 688f1b0a3..6ec426bec 100644 --- a/controllers/flp/flp_controller.go +++ b/controllers/flp/flp_controller.go @@ -14,9 +14,12 @@ import ( "github.com/netobserv/network-observability-operator/pkg/manager/status" "github.com/netobserv/network-observability-operator/pkg/watchers" configv1 "github.com/openshift/api/config/v1" + operatorv1 "github.com/openshift/api/operator/v1" + "gopkg.in/yaml.v2" appsv1 "k8s.io/api/apps/v1" ascv2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/handler" @@ -74,7 +77,7 @@ func Start(ctx context.Context, mgr *manager.Manager) error { type subReconciler interface { context(context.Context) context.Context cleanupNamespace(context.Context) - reconcile(context.Context, *flowslatest.FlowCollector, *metricslatest.FlowMetricList) error + reconcile(context.Context, *flowslatest.FlowCollector, *metricslatest.FlowMetricList, []flowslatest.SubnetLabel) error getStatus() *status.Instance } @@ -132,6 +135,16 @@ func (r *Reconciler) reconcile(ctx context.Context, clh *helper.Client, fc *flow } } + // Auto-detect subnets + var subnetLabels []flowslatest.SubnetLabel + if r.mgr.IsOpenShift() && helper.AutoDetectOpenShiftNetworks(&fc.Spec.Processor) { + var err error + subnetLabels, err = r.getOpenShiftSubnets(ctx) + if err != nil { + log.Error(err, "error while reading subnet definitions") + } + } + // List custom metrics fm := metricslatest.FlowMetricList{} if err := r.Client.List(ctx, &fm, &client.ListOptions{Namespace: ns}); err != nil { @@ -162,7 +175,7 @@ func (r *Reconciler) reconcile(ctx context.Context, clh *helper.Client, fc *flow } for _, sr := range reconcilers { - if err := sr.reconcile(sr.context(ctx), fc, &fm); err != nil { + if err := sr.reconcile(sr.context(ctx), fc, &fm, subnetLabels); err != nil { return sr.getStatus().Error("FLPReconcileError", err) } } @@ -253,3 +266,66 @@ func reconcileLokiRoles(ctx context.Context, r *reconcilers.Common, b *builder) } return nil } + +func (r *Reconciler) getOpenShiftSubnets(ctx context.Context) ([]flowslatest.SubnetLabel, error) { + var subnets []flowslatest.SubnetLabel + + // Pods and Services subnets are found in CNO config + if r.mgr.HasCNO() { + network := &operatorv1.Network{} + err := r.Get(ctx, types.NamespacedName{Name: "cluster"}, network) + if err != nil { + return nil, fmt.Errorf("can't get Network information: %w", err) + } + var podCIDRs []string + for _, podsNet := range network.Spec.ClusterNetwork { + podCIDRs = append(podCIDRs, podsNet.CIDR) + } + if len(podCIDRs) > 0 { + subnets = append(subnets, flowslatest.SubnetLabel{ + Name: "Pods", + CIDRs: podCIDRs, + }) + } + svcCIDRs := network.Spec.ServiceNetwork + if len(svcCIDRs) > 0 { + subnets = append(subnets, flowslatest.SubnetLabel{ + Name: "Services", + CIDRs: svcCIDRs, + }) + } + } + + // Nodes subnet found in CM cluster-config-v1 (kube-system) + cm := &corev1.ConfigMap{} + if err := r.Get(ctx, types.NamespacedName{Name: "cluster-config-v1", Namespace: "kube-system"}, cm); err != nil { + return nil, fmt.Errorf(`can't read "cluster-config-v1" ConfigMap: %w`, err) + } + + type clusterConfig struct { + Networking struct { + MachineNetwork struct { + CIDR []string + } + } + } + + var rawConfig string + var ok bool + if rawConfig, ok = cm.Data["install-config"]; !ok { + return nil, fmt.Errorf(`can't find key "install-config" in "cluster-config-v1" ConfigMap`) + } + var config clusterConfig + if err := yaml.Unmarshal([]byte(rawConfig), config); err != nil { + return nil, fmt.Errorf(`can't deserialize content of "cluster-config-v1" ConfigMap: %w`, err) + } + + if len(config.Networking.MachineNetwork.CIDR) > 0 { + subnets = append(subnets, flowslatest.SubnetLabel{ + Name: "Machines", + CIDRs: config.Networking.MachineNetwork.CIDR, + }) + } + + return subnets, nil +} diff --git a/controllers/flp/flp_ingest_objects.go b/controllers/flp/flp_ingest_objects.go index a8916725b..767ae9f14 100644 --- a/controllers/flp/flp_ingest_objects.go +++ b/controllers/flp/flp_ingest_objects.go @@ -16,8 +16,8 @@ type ingestBuilder struct { generic builder } -func newIngestBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList) (ingestBuilder, error) { - gen, err := NewBuilder(info, desired, flowMetrics, ConfKafkaIngester) +func newIngestBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) (ingestBuilder, error) { + gen, err := NewBuilder(info, desired, flowMetrics, detectedSubnets, ConfKafkaIngester) return ingestBuilder{ generic: gen, }, err diff --git a/controllers/flp/flp_ingest_reconciler.go b/controllers/flp/flp_ingest_reconciler.go index b867d18e6..12ed10bd6 100644 --- a/controllers/flp/flp_ingest_reconciler.go +++ b/controllers/flp/flp_ingest_reconciler.go @@ -62,7 +62,7 @@ func (r *ingesterReconciler) getStatus() *status.Instance { return &r.Status } -func (r *ingesterReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList) error { +func (r *ingesterReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) error { // Retrieve current owned objects err := r.Managed.FetchAll(ctx) if err != nil { @@ -77,7 +77,7 @@ func (r *ingesterReconciler) reconcile(ctx context.Context, desired *flowslatest r.Status.SetReady() // will be overidden if necessary, as error or pending - builder, err := newIngestBuilder(r.Instance, &desired.Spec, flowMetrics) + builder, err := newIngestBuilder(r.Instance, &desired.Spec, flowMetrics, detectedSubnets) if err != nil { return err } diff --git a/controllers/flp/flp_monolith_objects.go b/controllers/flp/flp_monolith_objects.go index 3c3e4db22..1f610538b 100644 --- a/controllers/flp/flp_monolith_objects.go +++ b/controllers/flp/flp_monolith_objects.go @@ -16,8 +16,8 @@ type monolithBuilder struct { generic builder } -func newMonolithBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList) (monolithBuilder, error) { - gen, err := NewBuilder(info, desired, flowMetrics, ConfMonolith) +func newMonolithBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) (monolithBuilder, error) { + gen, err := NewBuilder(info, desired, flowMetrics, detectedSubnets, ConfMonolith) return monolithBuilder{ generic: gen, }, err diff --git a/controllers/flp/flp_monolith_reconciler.go b/controllers/flp/flp_monolith_reconciler.go index 1afe914de..7a36e768a 100644 --- a/controllers/flp/flp_monolith_reconciler.go +++ b/controllers/flp/flp_monolith_reconciler.go @@ -64,7 +64,7 @@ func (r *monolithReconciler) getStatus() *status.Instance { return &r.Status } -func (r *monolithReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList) error { +func (r *monolithReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) error { // Retrieve current owned objects err := r.Managed.FetchAll(ctx) if err != nil { @@ -79,7 +79,7 @@ func (r *monolithReconciler) reconcile(ctx context.Context, desired *flowslatest r.Status.SetReady() // will be overidden if necessary, as error or pending - builder, err := newMonolithBuilder(r.Instance, &desired.Spec, flowMetrics) + builder, err := newMonolithBuilder(r.Instance, &desired.Spec, flowMetrics, detectedSubnets) if err != nil { return err } diff --git a/controllers/flp/flp_pipeline_builder.go b/controllers/flp/flp_pipeline_builder.go index 38fecf90a..024352268 100644 --- a/controllers/flp/flp_pipeline_builder.go +++ b/controllers/flp/flp_pipeline_builder.go @@ -22,16 +22,18 @@ import ( type PipelineBuilder struct { *config.PipelineBuilderStage - desired *flowslatest.FlowCollectorSpec - flowMetrics metricslatest.FlowMetricList - volumes *volumes.Builder - loki *helper.LokiConfig - clusterID string + desired *flowslatest.FlowCollectorSpec + flowMetrics metricslatest.FlowMetricList + detectedSubnets []flowslatest.SubnetLabel + volumes *volumes.Builder + loki *helper.LokiConfig + clusterID string } func newPipelineBuilder( desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, + detectedSubnets []flowslatest.SubnetLabel, loki *helper.LokiConfig, clusterID string, volumes *volumes.Builder, @@ -41,6 +43,7 @@ func newPipelineBuilder( PipelineBuilderStage: pipeline, desired: desired, flowMetrics: *flowMetrics, + detectedSubnets: detectedSubnets, loki: loki, clusterID: clusterID, volumes: volumes, @@ -54,35 +57,55 @@ func (b *PipelineBuilder) AddProcessorStages() error { addZone := helper.IsZoneEnabled(&b.desired.Processor) + // Get all subnet labels + allLabels := append(b.detectedSubnets, b.desired.Processor.SubnetLabels.CustomLabels...) + flpLabels := subnetLabelsToFLP(allLabels) + // enrich stage (transform) configuration - enrichedStage := lastStage.TransformNetwork("enrich", api.TransformNetwork{ - Rules: api.NetworkTransformRules{{ - Input: "SrcAddr", - Output: "SrcK8S", - Type: api.AddKubernetesRuleType, - Kubernetes: &api.K8sRule{ - AddZone: addZone, + rules := api.NetworkTransformRules{{ + Input: "SrcAddr", + Output: "SrcK8S", + Type: api.AddKubernetesRuleType, + Kubernetes: &api.K8sRule{ + AddZone: addZone, + }, + }, { + Input: "DstAddr", + Output: "DstK8S", + Type: api.AddKubernetesRuleType, + Kubernetes: &api.K8sRule{ + AddZone: addZone, + }, + }, { + Type: api.ReinterpretDirectionRuleType, + }, { + Type: api.OpAddKubernetesInfra, + KubernetesInfra: &api.K8sInfraRule{ + Inputs: []string{ + "SrcAddr", + "DstAddr", }, - }, { - Input: "DstAddr", - Output: "DstK8S", - Type: api.AddKubernetesRuleType, - Kubernetes: &api.K8sRule{ - AddZone: addZone, + Output: "K8S_FlowLayer", + InfraPrefix: b.desired.Namespace, + }, + }} + + if len(flpLabels) > 0 { + rules = append(rules, []api.NetworkTransformRule{ + { + Input: "SrcAddr", + Output: "SrcSubnetLabel", + Type: api.OpAddIPCategory, }, - }, { - Type: api.ReinterpretDirectionRuleType, - }, { - Type: api.OpAddKubernetesInfra, - KubernetesInfra: &api.K8sInfraRule{ - Inputs: []string{ - "SrcAddr", - "DstAddr", - }, - Output: "K8S_FlowLayer", - InfraPrefix: b.desired.Namespace, + { + Input: "DstAddr", + Output: "DstSubnetLabel", + Type: api.OpAddIPCategory, }, - }}, + }...) + } + enrichedStage := lastStage.TransformNetwork("enrich", api.TransformNetwork{ + Rules: rules, DirectionInfo: api.NetworkTransformDirectionInfo{ ReporterIPField: "AgentIP", SrcHostField: "SrcK8S_HostIP", @@ -90,6 +113,7 @@ func (b *PipelineBuilder) AddProcessorStages() error { FlowDirectionField: "FlowDirection", IfDirectionField: "IfDirection", }, + IPCategories: flpLabels, }) // loki stage (write) configuration @@ -461,3 +485,14 @@ func getKafkaSASL(sasl *flowslatest.SASLConfig, volumePrefix string, volumes *vo ClientSecretPath: secretPath, } } + +func subnetLabelsToFLP(labels []flowslatest.SubnetLabel) []api.NetworkTransformIPCategory { + var cats []api.NetworkTransformIPCategory + for _, subnetLabel := range labels { + cats = append(cats, api.NetworkTransformIPCategory{ + Name: subnetLabel.Name, + CIDRs: subnetLabel.CIDRs, + }) + } + return cats +} diff --git a/controllers/flp/flp_test.go b/controllers/flp/flp_test.go index afdb92176..0f826c25b 100644 --- a/controllers/flp/flp_test.go +++ b/controllers/flp/flp_test.go @@ -171,14 +171,14 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec func monoBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) monolithBuilder { loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: ns, Loki: &loki} - b, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}) + b, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) return b } func transfBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) transfoBuilder { loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: ns, Loki: &loki} - b, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}) + b, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) return b } @@ -553,7 +553,7 @@ func TestServiceMonitorChanged(t *testing.T) { // Check labels change info := reconcilers.Common{Namespace: "namespace2"} - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics) + b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) third := b.generic.serviceMonitor() report = helper.NewChangeReport("") @@ -561,7 +561,7 @@ func TestServiceMonitorChanged(t *testing.T) { assert.Contains(report.String(), "ServiceMonitor labels changed") // Check scheme changed - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics) + b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) fourth := b.generic.serviceMonitor() fourth.Spec.Endpoints[0].Scheme = "https" @@ -606,7 +606,7 @@ func TestPrometheusRuleChanged(t *testing.T) { // Check labels change info := reconcilers.Common{Namespace: "namespace2"} - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics) + b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) third := b.generic.prometheusRule() report = helper.NewChangeReport("") @@ -755,9 +755,9 @@ func TestLabels(t *testing.T) { cfg := getConfig() info := reconcilers.Common{Namespace: "ns"} - builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) - tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) - iBuilder, _ := newIngestBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) + builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) + tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) + iBuilder, _ := newIngestBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) // Deployment depl := tBuilder.deployment(annotate("digest")) @@ -840,7 +840,7 @@ func TestPipelineConfig(t *testing.T) { // Kafka Ingester cfg.DeploymentModel = flowslatest.DeploymentModelKafka info := reconcilers.Common{Namespace: ns} - bi, _ := newIngestBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) + bi, _ := newIngestBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) cm, _, err = bi.configMap() assert.NoError(err) _, pipeline = validatePipelineConfig(t, cm) diff --git a/controllers/flp/flp_transfo_objects.go b/controllers/flp/flp_transfo_objects.go index 70138afe8..787106186 100644 --- a/controllers/flp/flp_transfo_objects.go +++ b/controllers/flp/flp_transfo_objects.go @@ -16,8 +16,8 @@ type transfoBuilder struct { generic builder } -func newTransfoBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList) (transfoBuilder, error) { - gen, err := NewBuilder(info, desired, flowMetrics, ConfKafkaTransformer) +func newTransfoBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) (transfoBuilder, error) { + gen, err := NewBuilder(info, desired, flowMetrics, detectedSubnets, ConfKafkaTransformer) return transfoBuilder{ generic: gen, }, err diff --git a/controllers/flp/flp_transfo_reconciler.go b/controllers/flp/flp_transfo_reconciler.go index 009d46b9c..a265584fa 100644 --- a/controllers/flp/flp_transfo_reconciler.go +++ b/controllers/flp/flp_transfo_reconciler.go @@ -65,7 +65,7 @@ func (r *transformerReconciler) getStatus() *status.Instance { return &r.Status } -func (r *transformerReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList) error { +func (r *transformerReconciler) reconcile(ctx context.Context, desired *flowslatest.FlowCollector, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel) error { // Retrieve current owned objects err := r.Managed.FetchAll(ctx) if err != nil { @@ -80,7 +80,7 @@ func (r *transformerReconciler) reconcile(ctx context.Context, desired *flowslat r.Status.SetReady() // will be overidden if necessary, as error or pending - builder, err := newTransfoBuilder(r.Instance, &desired.Spec, flowMetrics) + builder, err := newTransfoBuilder(r.Instance, &desired.Spec, flowMetrics, detectedSubnets) if err != nil { return err } diff --git a/controllers/flp/metrics_api_test.go b/controllers/flp/metrics_api_test.go index dc4baadb2..449ae055d 100644 --- a/controllers/flp/metrics_api_test.go +++ b/controllers/flp/metrics_api_test.go @@ -34,7 +34,7 @@ func defaultBuilderWithMetrics(metrics *metricslatest.FlowMetricList) (monolithB cfg := getConfig() loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: "namespace", Loki: &loki} - return newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, metrics) + return newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, metrics, nil) } func metric(metrics api.MetricsItems, name string) *api.MetricsItem { diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md index dd66cd20f..a2b2b03a9 100644 --- a/docs/FlowCollector.md +++ b/docs/FlowCollector.md @@ -7594,6 +7594,13 @@ TLS client configuration for Loki URL. Default: map[limits:map[memory:800Mi] requests:map[cpu:100m memory:100Mi]]
false + + subnetLabels + object + + `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.
+ + false @@ -8868,6 +8875,74 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. +### FlowCollector.spec.processor.subnetLabels +[↩ Parent](#flowcollectorspecprocessor-1) + + + +`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
customLabels[]object + `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.
+
false
openShiftAutoDetectboolean + `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.
+
false
+ + +### FlowCollector.spec.processor.subnetLabels.customLabels[index] +[↩ Parent](#flowcollectorspecprocessorsubnetlabels) + + + +SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
cidrs[]string +
+
false
namestring +
+
false
+ + ### FlowCollector.status [↩ Parent](#flowcollector-1) @@ -12777,6 +12852,13 @@ TLS client configuration for Loki URL. Default: map[limits:map[memory:800Mi] requests:map[cpu:100m memory:100Mi]]
false + + subnetLabels + object + + `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.
+ + false @@ -14123,6 +14205,74 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. +### FlowCollector.spec.processor.subnetLabels +[↩ Parent](#flowcollectorspecprocessor-1) + + + +`SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
customLabels[]object + `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.
+
false
openShiftAutoDetectboolean + `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.
+
false
+ + +### FlowCollector.spec.processor.subnetLabels.customLabels[index] +[↩ Parent](#flowcollectorspecprocessorsubnetlabels-1) + + + +SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
cidrs[]string +
+
false
namestring +
+
false
+ + ### FlowCollector.status [↩ Parent](#flowcollector-1) diff --git a/hack/cloned.flows.netobserv.io_flowcollectors.yaml b/hack/cloned.flows.netobserv.io_flowcollectors.yaml index 8cc54eff6..f00f400b7 100644 --- a/hack/cloned.flows.netobserv.io_flowcollectors.yaml +++ b/hack/cloned.flows.netobserv.io_flowcollectors.yaml @@ -3508,6 +3508,26 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: @@ -5546,6 +5566,26 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.' + items: + description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + properties: + cidrs: + items: + type: string + type: array + name: + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: diff --git a/pkg/helper/flowcollector.go b/pkg/helper/flowcollector.go index fc58199dd..cbba33ee6 100644 --- a/pkg/helper/flowcollector.go +++ b/pkg/helper/flowcollector.go @@ -259,3 +259,7 @@ func GetAdvancedPluginConfig(specConfig *flowslatest.AdvancedPluginConfig) flows return debugConfig } + +func AutoDetectOpenShiftNetworks(spec *flowslatest.FlowCollectorFLP) bool { + return spec.SubnetLabels.OpenShiftAutoDetect != nil && *spec.SubnetLabels.OpenShiftAutoDetect +} diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index 6c90cea59..778cef585 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -20,7 +20,8 @@ import ( //+kubebuilder:rbac:groups=core,resources=endpoints,verbs=get;list;watch //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings;clusterroles;rolebindings;roles,verbs=get;list;create;delete;update;watch //+kubebuilder:rbac:groups=console.openshift.io,resources=consoleplugins,verbs=get;create;delete;update;patch;list;watch -//+kubebuilder:rbac:groups=operator.openshift.io,resources=consoles,verbs=get;update;list;update;watch +//+kubebuilder:rbac:groups=operator.openshift.io,resources=consoles,verbs=get;list;update;watch +//+kubebuilder:rbac:groups=operator.openshift.io,resources=networks,verbs=get;list;watch //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors/status,verbs=get;update;patch //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors/finalizers,verbs=update