From 74783d0f0f58b3e3f0182f4a5f439f37fb73bc9e Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Mon, 25 Mar 2024 12:24:09 +0100 Subject: [PATCH] Rebased & address feedback - rebased / bump FLP - read external ips config - read from config.Network rather than operator.Network, as it's considered the best source of truth --- ...observ-operator.clusterserviceversion.yaml | 9 +--- .../flows.netobserv.io_flowcollectors.yaml | 44 +++++++++++++++++ config/rbac/role.yaml | 9 +--- controllers/flp/flp_controller.go | 14 ++++-- controllers/flp/flp_pipeline_builder.go | 48 ++++++++++++++----- controllers/flp/flp_test.go | 4 +- go.mod | 10 ++-- go.sum | 20 ++++---- pkg/manager/manager.go | 3 +- .../github.com/golang/protobuf/ptypes/any.go | 7 +-- .../pkg/api/transform_network.go | 17 ++++--- vendor/modules.txt | 12 ++--- 12 files changed, 131 insertions(+), 66 deletions(-) diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index c64ca94cd..6aa1d5b34 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -909,6 +909,7 @@ spec: - config.openshift.io resources: - clusterversions + - networks verbs: - get - list @@ -1024,14 +1025,6 @@ spec: - list - update - watch - - apiGroups: - - operator.openshift.io - resources: - - networks - verbs: - - get - - list - - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 8e7ea1555..ebf5df8fa 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -1764,6 +1764,28 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap.' + items: + description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + properties: + cidrs: + description: List of CIDRs, such as `["1.2.3.4/32"]`. + items: + type: string + type: array + name: + description: Label name, used to flag matching flows. + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: @@ -4959,6 +4981,28 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + subnetLabels: + description: '`SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.' + properties: + customLabels: + description: '`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap.' + items: + description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. + properties: + cidrs: + description: List of CIDRs, such as `["1.2.3.4/32"]`. + items: + type: string + type: array + name: + description: Label name, used to flag matching flows. + type: string + type: object + type: array + openShiftAutoDetect: + description: '`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration.' + type: boolean + type: object type: object type: object status: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f75b9a390..f4972b7ef 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -61,6 +61,7 @@ rules: - config.openshift.io resources: - clusterversions + - networks verbs: - get - list @@ -176,14 +177,6 @@ rules: - list - update - watch -- apiGroups: - - operator.openshift.io - resources: - - networks - verbs: - - get - - list - - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/controllers/flp/flp_controller.go b/controllers/flp/flp_controller.go index 6b94f1fc9..b8aca413c 100644 --- a/controllers/flp/flp_controller.go +++ b/controllers/flp/flp_controller.go @@ -14,7 +14,6 @@ import ( "github.com/netobserv/network-observability-operator/pkg/manager/status" "github.com/netobserv/network-observability-operator/pkg/watchers" configv1 "github.com/openshift/api/config/v1" - operatorv1 "github.com/openshift/api/operator/v1" "gopkg.in/yaml.v2" appsv1 "k8s.io/api/apps/v1" ascv2 "k8s.io/api/autoscaling/v2" @@ -271,7 +270,7 @@ func (r *Reconciler) getOpenShiftSubnets(ctx context.Context) ([]flowslatest.Sub // Pods and Services subnets are found in CNO config if r.mgr.HasCNO() { - network := &operatorv1.Network{} + network := &configv1.Network{} err := r.Get(ctx, types.NamespacedName{Name: "cluster"}, network) if err != nil { return nil, fmt.Errorf("can't get Network information: %w", err) @@ -286,11 +285,16 @@ func (r *Reconciler) getOpenShiftSubnets(ctx context.Context) ([]flowslatest.Sub CIDRs: podCIDRs, }) } - svcCIDRs := network.Spec.ServiceNetwork - if len(svcCIDRs) > 0 { + if len(network.Spec.ServiceNetwork) > 0 { subnets = append(subnets, flowslatest.SubnetLabel{ Name: "Services", - CIDRs: svcCIDRs, + CIDRs: network.Spec.ServiceNetwork, + }) + } + if network.Spec.ExternalIP != nil && len(network.Spec.ExternalIP.AutoAssignCIDRs) > 0 { + subnets = append(subnets, flowslatest.SubnetLabel{ + Name: "ExternalIP", + CIDRs: network.Spec.ExternalIP.AutoAssignCIDRs, }) } } diff --git a/controllers/flp/flp_pipeline_builder.go b/controllers/flp/flp_pipeline_builder.go index b46e8c120..193ba0d0d 100644 --- a/controllers/flp/flp_pipeline_builder.go +++ b/controllers/flp/flp_pipeline_builder.go @@ -63,25 +63,27 @@ func (b *PipelineBuilder) AddProcessorStages() error { allLabels := append(b.detectedSubnets, b.desired.Processor.SubnetLabels.CustomLabels...) flpLabels := subnetLabelsToFLP(allLabels) - // enrich stage (transform) configuration - enrichedStage := lastStage.TransformNetwork("enrich", api.TransformNetwork{ - Rules: api.NetworkTransformRules{{ + rules := api.NetworkTransformRules{ + { Type: api.NetworkAddKubernetes, Kubernetes: &api.K8sRule{ Input: "SrcAddr", Output: "SrcK8S", AddZone: addZone, }, - }, { + }, + { Type: api.NetworkAddKubernetes, Kubernetes: &api.K8sRule{ Input: "DstAddr", Output: "DstK8S", AddZone: addZone, }, - }, { + }, + { Type: api.NetworkReinterpretDirection, - }, { + }, + { Type: api.NetworkAddKubernetesInfra, KubernetesInfra: &api.K8sInfraRule{ Inputs: []string{ @@ -101,14 +103,38 @@ func (b *PipelineBuilder) AddProcessorStages() error { }, }, }, - }}, + }, + } + + if len(flpLabels) > 0 { + rules = append(rules, []api.NetworkTransformRule{ + { + Type: api.NetworkAddSubnetLabel, + AddSubnetLabel: &api.NetworkAddSubnetLabelRule{ + Input: "SrcAddr", + Output: "SrcSubnetLabel", + }, + }, + { + Type: api.NetworkAddSubnetLabel, + AddSubnetLabel: &api.NetworkAddSubnetLabelRule{ + Input: "DstAddr", + Output: "DstSubnetLabel", + }, + }, + }...) + } + + // enrich stage (transform) configuration + enrichedStage := lastStage.TransformNetwork("enrich", api.TransformNetwork{ + Rules: rules, DirectionInfo: api.NetworkTransformDirectionInfo{ ReporterIPField: "AgentIP", SrcHostField: "SrcK8S_HostIP", DstHostField: "DstK8S_HostIP", FlowDirectionField: "FlowDirection", }, - IPCategories: flpLabels, + SubnetLabels: flpLabels, }) // loki stage (write) configuration @@ -475,10 +501,10 @@ func getKafkaSASL(sasl *flowslatest.SASLConfig, volumePrefix string, volumes *vo } } -func subnetLabelsToFLP(labels []flowslatest.SubnetLabel) []api.NetworkTransformIPCategory { - var cats []api.NetworkTransformIPCategory +func subnetLabelsToFLP(labels []flowslatest.SubnetLabel) []api.NetworkTransformSubnetLabel { + var cats []api.NetworkTransformSubnetLabel for _, subnetLabel := range labels { - cats = append(cats, api.NetworkTransformIPCategory{ + cats = append(cats, api.NetworkTransformSubnetLabel{ Name: subnetLabel.Name, CIDRs: subnetLabel.CIDRs, }) diff --git a/controllers/flp/flp_test.go b/controllers/flp/flp_test.go index 3033dbab2..0fdebd218 100644 --- a/controllers/flp/flp_test.go +++ b/controllers/flp/flp_test.go @@ -755,8 +755,8 @@ func TestLabels(t *testing.T) { cfg := getConfig() info := reconcilers.Common{Namespace: "ns"} - builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) - tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}) + builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) + tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) // Deployment depl := tBuilder.deployment(annotate("digest")) diff --git a/go.mod b/go.mod index e3911ee8f..bc0c0d7fb 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.21.7 require ( github.com/go-logr/logr v1.4.1 - github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240322124726-d2b2352bfe0f + github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240325101510-5feb3c603334 github.com/onsi/ginkgo/v2 v2.16.0 github.com/onsi/gomega v1.31.1 github.com/openshift/api v0.0.0-20220112145620-704957ce4980 @@ -15,10 +15,10 @@ require ( github.com/stretchr/testify v1.9.0 go.uber.org/zap v1.27.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.29.2 + k8s.io/api v0.29.3 k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 + k8s.io/apimachinery v0.29.3 + k8s.io/client-go v0.29.3 k8s.io/kube-aggregator v0.29.2 k8s.io/utils v0.0.0-20231127182322-b307cd553661 sigs.k8s.io/controller-runtime v0.17.2 @@ -40,7 +40,7 @@ require ( github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect diff --git a/go.sum b/go.sum index 49c18a7f8..27810750b 100644 --- a/go.sum +++ b/go.sum @@ -81,8 +81,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -155,8 +155,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240322124726-d2b2352bfe0f h1:JwOGw6FxAjknAaK9LciiDBEXmz5e6/KbU742bshpyW8= -github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240322124726-d2b2352bfe0f/go.mod h1:4RRivFK1Yvbrw76TB65PGAkDlleQE3O/h+0yNqofuFk= +github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240325101510-5feb3c603334 h1:46pTt4NT7s5buSwTe9YS+Vn+62kqFU1+vZ5I1QqcypQ= +github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240325101510-5feb3c603334/go.mod h1:aiCIZopeZfHuI1/jt/Gg2Cns2y4DOanIVJrOFRergYU= github.com/netobserv/prometheus-common v0.48.0-netobserv h1:yNde6dteyK69t7l3k8CcR2uM6q+S10xgCap7mofvvV8= github.com/netobserv/prometheus-common v0.48.0-netobserv/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -395,15 +395,15 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE= k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index 778cef585..322e1fa3a 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -21,7 +21,6 @@ import ( //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings;clusterroles;rolebindings;roles,verbs=get;list;create;delete;update;watch //+kubebuilder:rbac:groups=console.openshift.io,resources=consoleplugins,verbs=get;create;delete;update;patch;list;watch //+kubebuilder:rbac:groups=operator.openshift.io,resources=consoles,verbs=get;list;update;watch -//+kubebuilder:rbac:groups=operator.openshift.io,resources=networks,verbs=get;list;watch //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors/status,verbs=get;update;patch //+kubebuilder:rbac:groups=flows.netobserv.io,resources=flowcollectors/finalizers,verbs=update @@ -30,7 +29,7 @@ import ( //+kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=list;create;update;watch //+kubebuilder:rbac:groups=apiregistration.k8s.io,resources=apiservices,verbs=list;get;watch //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors;prometheusrules,verbs=get;create;delete;update;patch;list;watch -//+kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions,verbs=get;list;watch +//+kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions;networks,verbs=get;list;watch //+kubebuilder:rbac:groups=loki.grafana.com,resources=network,resourceNames=logs,verbs=get;create //+kubebuilder:rbac:urls="/metrics",verbs=get diff --git a/vendor/github.com/golang/protobuf/ptypes/any.go b/vendor/github.com/golang/protobuf/ptypes/any.go index 85f9f5736..fdff3fdb4 100644 --- a/vendor/github.com/golang/protobuf/ptypes/any.go +++ b/vendor/github.com/golang/protobuf/ptypes/any.go @@ -127,9 +127,10 @@ func Is(any *anypb.Any, m proto.Message) bool { // The allocated message is stored in the embedded proto.Message. // // Example: -// var x ptypes.DynamicAny -// if err := ptypes.UnmarshalAny(a, &x); err != nil { ... } -// fmt.Printf("unmarshaled message: %v", x.Message) +// +// var x ptypes.DynamicAny +// if err := ptypes.UnmarshalAny(a, &x); err != nil { ... } +// fmt.Printf("unmarshaled message: %v", x.Message) // // Deprecated: Use the any.UnmarshalNew method instead to unmarshal // the any message contents into a new instance of the underlying message. diff --git a/vendor/github.com/netobserv/flowlogs-pipeline/pkg/api/transform_network.go b/vendor/github.com/netobserv/flowlogs-pipeline/pkg/api/transform_network.go index 012a6cbd5..b78b6665c 100644 --- a/vendor/github.com/netobserv/flowlogs-pipeline/pkg/api/transform_network.go +++ b/vendor/github.com/netobserv/flowlogs-pipeline/pkg/api/transform_network.go @@ -22,7 +22,7 @@ type TransformNetwork struct { KubeConfigPath string `yaml:"kubeConfigPath,omitempty" json:"kubeConfigPath,omitempty" doc:"path to kubeconfig file (optional)"` ServicesFile string `yaml:"servicesFile,omitempty" json:"servicesFile,omitempty" doc:"path to services file (optional, default: /etc/services)"` ProtocolsFile string `yaml:"protocolsFile,omitempty" json:"protocolsFile,omitempty" doc:"path to protocols file (optional, default: /etc/protocols)"` - IPCategories []NetworkTransformIPCategory `yaml:"ipCategories,omitempty" json:"ipCategories,omitempty" doc:"configure IP categories"` + SubnetLabels []NetworkTransformSubnetLabel `yaml:"subnetLabels,omitempty" json:"subnetLabels,omitempty" doc:"configure subnet and IPs custom labels"` DirectionInfo NetworkTransformDirectionInfo `yaml:"directionInfo,omitempty" json:"directionInfo,omitempty" doc:"information to reinterpret flow direction (optional, to use with reinterpret_direction rule)"` } @@ -48,7 +48,7 @@ const ( NetworkAddKubernetes TransformNetworkOperationEnum = "add_kubernetes" // add output kubernetes fields from input NetworkAddKubernetesInfra TransformNetworkOperationEnum = "add_kubernetes_infra" // add output kubernetes isInfra field from input NetworkReinterpretDirection TransformNetworkOperationEnum = "reinterpret_direction" // reinterpret flow direction at the node level (instead of net interface), to ease the deduplication process - NetworkAddIPCategory TransformNetworkOperationEnum = "add_ip_category" // categorize IPs based on known subnets configuration + NetworkAddSubnetLabel TransformNetworkOperationEnum = "add_subnet_label" // categorize IPs based on known subnets configuration ) type NetworkTransformRule struct { @@ -57,7 +57,7 @@ type NetworkTransformRule struct { Kubernetes *K8sRule `yaml:"kubernetes,omitempty" json:"kubernetes,omitempty" doc:"Kubernetes rule configuration"` AddSubnet *NetworkAddSubnetRule `yaml:"add_subnet,omitempty" json:"add_subnet,omitempty" doc:"Add subnet rule configuration"` AddLocation *NetworkGenericRule `yaml:"add_location,omitempty" json:"add_location,omitempty" doc:"Add location rule configuration"` - AddIPCategory *NetworkGenericRule `yaml:"add_ip_category,omitempty" json:"add_ip_category,omitempty" doc:"Add ip category rule configuration"` + AddSubnetLabel *NetworkAddSubnetLabelRule `yaml:"add_subnet_label,omitempty" json:"add_subnet_label,omitempty" doc:"Add subnet label rule configuration"` AddService *NetworkAddServiceRule `yaml:"add_service,omitempty" json:"add_service,omitempty" doc:"Add service rule configuration"` } @@ -92,6 +92,11 @@ type NetworkAddSubnetRule struct { SubnetMask string `yaml:"subnet_mask,omitempty" json:"subnet_mask,omitempty" doc:"subnet mask field"` } +type NetworkAddSubnetLabelRule struct { + Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"` + Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"` +} + type NetworkAddServiceRule struct { Input string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"` Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"` @@ -108,7 +113,7 @@ type NetworkTransformDirectionInfo struct { type NetworkTransformRules []NetworkTransformRule -type NetworkTransformIPCategory struct { - CIDRs []string `yaml:"cidrs,omitempty" json:"cidrs,omitempty" doc:"list of CIDRs to match a category"` - Name string `yaml:"name,omitempty" json:"name,omitempty" doc:"name of the category"` +type NetworkTransformSubnetLabel struct { + CIDRs []string `yaml:"cidrs,omitempty" json:"cidrs,omitempty" doc:"list of CIDRs to match a label"` + Name string `yaml:"name,omitempty" json:"name,omitempty" doc:"name of the label"` } diff --git a/vendor/modules.txt b/vendor/modules.txt index b9dcb9fb5..cd763d347 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -49,8 +49,8 @@ github.com/gogo/protobuf/sortkeys # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da ## explicit github.com/golang/groupcache/lru -# github.com/golang/protobuf v1.5.3 -## explicit; go 1.9 +# github.com/golang/protobuf v1.5.4 +## explicit; go 1.17 github.com/golang/protobuf/proto github.com/golang/protobuf/ptypes github.com/golang/protobuf/ptypes/any @@ -109,7 +109,7 @@ github.com/munnerz/goautoneg # github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f ## explicit github.com/mwitkow/go-conntrack -# github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240322124726-d2b2352bfe0f +# github.com/netobserv/flowlogs-pipeline v0.1.12-0.20240325101510-5feb3c603334 ## explicit; go 1.21 github.com/netobserv/flowlogs-pipeline/pkg/api github.com/netobserv/flowlogs-pipeline/pkg/config @@ -325,7 +325,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.29.2 +# k8s.io/api v0.29.3 ## explicit; go 1.21 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -392,7 +392,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 -# k8s.io/apimachinery v0.29.2 +# k8s.io/apimachinery v0.29.3 ## explicit; go 1.21 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -443,7 +443,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/client-go v0.29.2 +# k8s.io/client-go v0.29.3 ## explicit; go 1.21 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1