NETOBSERV-1642: Ovs monitoring feature

Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
netobserv · Jun 3, 2024 · d14bb5f · d14bb5f
1 parent a90617d
commit d14bb5f
Show file tree

Hide file tree

Showing 12 changed files with 158 additions and 17 deletions.
diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go
@@ -150,14 +150,16 @@ type FlowCollectorIPFIX struct {
 // Agent feature, can be one of:<br>
 // - `PacketDrop`, to track packet drops.<br>
 // - `DNSTracking`, to track specific information on DNS traffic.<br>
-// - `FlowRTT`, to track TCP latency. [Unsupported (*)].<br>
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT"
+// - `FlowRTT`, to track TCP latency [Unsupported (*)].<br>
+// - `OvsMonitor`, to track OVS flows.<br>
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"OvsMonitor"
 type AgentFeature string
 
 const (
 	PacketDrop  AgentFeature = "PacketDrop"
 	DNSTracking AgentFeature = "DNSTracking"
 	FlowRTT     AgentFeature = "FlowRTT"
+	OvsMonitor  AgentFeature = "OvsMonitor"
 )
 
 // Name of an eBPF agent alert.
@@ -320,6 +322,7 @@ type FlowCollectorEBPF struct {
 	// If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
 	// - `DNSTracking`: enable the DNS tracking feature.<br>
 	// - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+	// - `OvsMonitor`: enable the OVS monitoring feature.<br>
 	// +optional
 	Features []AgentFeature `json:"features,omitempty"`
 

diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go
@@ -158,13 +158,15 @@ type FlowCollectorIPFIX struct {
 // - `PacketDrop`, to track packet drops.<br>
 // - `DNSTracking`, to track specific information on DNS traffic.<br>
 // - `FlowRTT`, to track TCP latency.<br>
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT"
+// - `OvsMonitor`, to track OVS flows.<br>
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"OvsMonitor"
 type AgentFeature string
 
 const (
 	PacketDrop  AgentFeature = "PacketDrop"
 	DNSTracking AgentFeature = "DNSTracking"
 	FlowRTT     AgentFeature = "FlowRTT"
+	OvsMonitor  AgentFeature = "OvsMonitor"
 )
 
 // Name of an eBPF agent alert.
@@ -327,6 +329,7 @@ type FlowCollectorEBPF struct {
 	// If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
 	// - `DNSTracking`: enable the DNS tracking feature.<br>
 	// - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+	// - `OvsMonitor`: enable the OVS monitoring feature.<br>
 	// +optional
 	Features []AgentFeature `json:"features,omitempty"`
 

diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -133,16 +133,19 @@ spec:
                           If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
                           - `DNSTracking`: enable the DNS tracking feature.<br>
                           - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+                          - `OvsMonitor`: enable the OVS monitoring feature.<br>
                         items:
                           description: |-
                             Agent feature, can be one of:<br>
                             - `PacketDrop`, to track packet drops.<br>
                             - `DNSTracking`, to track specific information on DNS traffic.<br>
-                            - `FlowRTT`, to track TCP latency. [Unsupported (*)].<br>
+                            - `FlowRTT`, to track TCP latency [Unsupported (*)].<br>
+                            - `OvsMonitor`, to track OVS flows.<br>
                           enum:
                           - PacketDrop
                           - DNSTracking
                           - FlowRTT
+                          - OvsMonitor
                           type: string
                         type: array
                       flowFilter:
@@ -3654,16 +3657,19 @@ spec:
                           If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
                           - `DNSTracking`: enable the DNS tracking feature.<br>
                           - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+                          - `OvsMonitor`: enable the OVS monitoring feature.<br>
                         items:
                           description: |-
                             Agent feature, can be one of:<br>
                             - `PacketDrop`, to track packet drops.<br>
                             - `DNSTracking`, to track specific information on DNS traffic.<br>
                             - `FlowRTT`, to track TCP latency.<br>
+                            - `OvsMonitor`, to track OVS flows.<br>
                           enum:
                           - PacketDrop
                           - DNSTracking
                           - FlowRTT
+                          - OvsMonitor
                           type: string
                         type: array
                       flowFilter:

diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -118,16 +118,19 @@ spec:
                             If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
                             - `DNSTracking`: enable the DNS tracking feature.<br>
                             - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+                            - `OvsMonitor`: enable the OVS monitoring feature.<br>
                           items:
                             description: |-
                               Agent feature, can be one of:<br>
                               - `PacketDrop`, to track packet drops.<br>
                               - `DNSTracking`, to track specific information on DNS traffic.<br>
-                              - `FlowRTT`, to track TCP latency. [Unsupported (*)].<br>
+                              - `FlowRTT`, to track TCP latency [Unsupported (*)].<br>
+                              - `OvsMonitor`, to track OVS flows.<br>
                             enum:
                               - PacketDrop
                               - DNSTracking
                               - FlowRTT
+                              - OvsMonitor
                             type: string
                           type: array
                         flowFilter:
@@ -3359,16 +3362,19 @@ spec:
                             If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
                             - `DNSTracking`: enable the DNS tracking feature.<br>
                             - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+                            - `OvsMonitor`: enable the OVS monitoring feature.<br>
                           items:
                             description: |-
                               Agent feature, can be one of:<br>
                               - `PacketDrop`, to track packet drops.<br>
                               - `DNSTracking`, to track specific information on DNS traffic.<br>
                               - `FlowRTT`, to track TCP latency.<br>
+                              - `OvsMonitor`, to track OVS flows.<br>
                             enum:
                               - PacketDrop
                               - DNSTracking
                               - FlowRTT
+                              - OvsMonitor
                             type: string
                           type: array
                         flowFilter:

diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml
@@ -19,6 +19,7 @@ spec:
       # - "PacketDrop"
       # - "DNSTracking"
       # - "FlowRTT"
+      # - "OvsMonitor"
       interfaces: []
       excludeInterfaces: ["lo"]
       kafkaBatchSize: 1048576

diff --git a/controllers/consoleplugin/config/static-frontend-config.yaml b/controllers/consoleplugin/config/static-frontend-config.yaml
@@ -503,6 +503,38 @@ columns:
     default: true
     width: 5
     feature: flowRTT
+  - id: OvsMonitorMD0
+    name: 1st OVS metadata
+    tooltip: OVS monitor metadata for the 1st event
+    field: OvsMonitorMD[0]
+    filter: ovs_metadata_0
+    default: true
+    width: 5
+    feature: OvsMonitor
+  - id: OvsMonitorMD1
+    name: 2nd OVS metadata
+    tooltip: OVS monitor metadata for the 2nd event
+    field: OvsMonitorMD[1]
+    filter: ovs_metadata_1
+    default: true
+    width: 5
+    feature: OvsMonitor
+  - id: OvsMonitorMD2
+    name: 3rd OVS metadata
+    tooltip: OVS monitor metadata for the 3rd event
+    field: OvsMonitorMD[2]
+    filter: ovs_metadata_2
+    default: true
+    width: 5
+    feature: OvsMonitor
+  - id: OvsMonitorMD3
+    name: 4th OVS metadata
+    tooltip: OVS monitor metadata for the 4th event
+    field: OvsMonitorMD[3]
+    filter: ovs_metadata_3
+    default: true
+    width: 5
+    feature: OvsMonitor
 filters:
   - id: cluster_name
     name: Cluster
@@ -860,7 +892,22 @@ filters:
     name: Flow RTT
     component: number
     hint: Specify a TCP smoothed Round Trip Time in nanoseconds.
-
+  - id: ovs_metadata_0
+    name: OVS monitor metadata for the 1st event
+    component: text
+    hint: Specify a single metadata.
+  - id: ovs_metadata_1
+    name: OVS monitor metadata for the 2nd event
+    component: text
+    hint: Specify a single metadata.
+  - id: ovs_metadata_2
+    name: OVS monitor metadata for the 3rd event
+    component: text
+    hint: Specify a single metadata.
+  - id: ovs_metadata_3
+    name: OVS monitor metadata for the 4th event
+    component: text
+    hint: Specify a single metadata.
 # Fields definition, used to generate documentation
 # The "cardinalityWarn" property relates to how the field is suitable for usage as a metric label wrt cardinality; it may have 3 values: fine, careful, avoid
 fields:
@@ -1087,6 +1134,22 @@ fields:
     type: number
     description: TCP Smoothed Round Trip Time (SRTT), in nanoseconds
     cardinalityWarn: avoid
+  - name: OvsMonitorMD[0]
+    type: string
+    description: OVS monitor metadata for the 1st event
+    cardinalityWarn: avoid
+  - name: OvsMonitorMD[1]
+    type: string
+    description: OVS monitor metadata for the 2nd event
+    cardinalityWarn: avoid
+  - name: OvsMonitorMD[2]
+    type: string
+    description: OVS monitor metadata for the 3rd event
+    cardinalityWarn: avoid
+  - name: OvsMonitorMD[3]
+    type: string
+    description: OVS monitor metadata for the 4th event
+    cardinalityWarn: avoid
   - name: K8S_ClusterName
     type: string
     description: Cluster name or identifier

diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
@@ -453,6 +453,10 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
 		fconf.Features = append(fconf.Features, "flowRTT")
 	}
 
+	if helper.IsOvsMonitorEnabled(&b.desired.Agent.EBPF) {
+		fconf.Features = append(fconf.Features, "ovsMonitor")
+	}
+
 	if b.desired.Agent.EBPF.Advanced != nil {
 		if v, ok := b.desired.Agent.EBPF.Advanced.Env[ebpf.EnvDedupeJustMark]; ok {
 			dedupJustMark, err = strconv.ParseBool(v)

diff --git a/controllers/constants/constants.go b/controllers/constants/constants.go
@@ -46,7 +46,8 @@ const (
 	LokiCRBWriter = "netobserv-writer-flp"
 	LokiCRReader  = "netobserv-reader"
 
-	EnvTestConsole = "TEST_CONSOLE"
+	EnvTestConsole      = "TEST_CONSOLE"
+	MaxOvsMonitorEvents = 4
 )
 
 var LokiIndexFields = []string{"SrcK8S_Namespace", "SrcK8S_OwnerName", "SrcK8S_Type", "DstK8S_Namespace", "DstK8S_OwnerName", "DstK8S_Type", "K8S_FlowLayer", "FlowDirection"}

diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
@@ -56,6 +56,7 @@ const (
 	envEnablePktDrop              = "ENABLE_PKT_DROPS"
 	envEnableDNSTracking          = "ENABLE_DNS_TRACKING"
 	envEnableFlowRTT              = "ENABLE_RTT"
+	envEnableOvsMonitor           = "ENABLE_OVS_MONITORING"
 	envEnableMetrics              = "METRICS_ENABLE"
 	envMetricsPort                = "METRICS_SERVER_PORT"
 	envMetricPrefix               = "METRICS_PREFIX"
@@ -79,14 +80,17 @@ const (
 )
 
 const (
-	exportKafka        = "kafka"
-	exportGRPC         = "grpc"
-	kafkaCerts         = "kafka-certs"
-	averageMessageSize = 100
-	bpfTraceMountName  = "bpf-kernel-debug"
-	bpfTraceMountPath  = "/sys/kernel/debug"
-	bpfNetNSMountName  = "var-run-netns"
-	bpfNetNSMountPath  = "/var/run/netns"
+	exportKafka            = "kafka"
+	exportGRPC             = "grpc"
+	kafkaCerts             = "kafka-certs"
+	averageMessageSize     = 100
+	bpfTraceMountName      = "bpf-kernel-debug"
+	bpfTraceMountPath      = "/sys/kernel/debug"
+	bpfNetNSMountName      = "var-run-netns"
+	bpfNetNSMountPath      = "/var/run/netns"
+	ovnObservMountName     = "var-run-ovn"
+	ovnObservMountPath     = "/var/run/ovn"
+	ovnObservHostMountPath = "/var/run/ovn-ic"
 )
 
 const (
@@ -297,6 +301,29 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 		}
 	}
 
+	if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.OvsMonitor) {
+		if !coll.Spec.Agent.EBPF.Privileged {
+			rlog.Error(fmt.Errorf("invalid configuration"), "To use OvsMonitor feature privileged mode needs to be enabled")
+		} else {
+			volume := corev1.Volume{
+				Name: ovnObservMountName,
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Type: newHostPathType(corev1.HostPathDirectory),
+						Path: ovnObservHostMountPath,
+					},
+				},
+			}
+			volumes = append(volumes, volume)
+			volumeMount := corev1.VolumeMount{
+				Name:             ovnObservMountName,
+				MountPath:        ovnObservMountPath,
+				MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional),
+			}
+			volumeMounts = append(volumeMounts, volumeMount)
+		}
+	}
+
 	advancedConfig := helper.GetAdvancedAgentConfig(coll.Spec.Agent.EBPF.Advanced)
 
 	return &v1.DaemonSet{
@@ -564,6 +591,13 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
 		})
 	}
 
+	if helper.IsOvsMonitorEnabled(&coll.Spec.Agent.EBPF) {
+		config = append(config, corev1.EnvVar{
+			Name:  envEnableOvsMonitor,
+			Value: "true",
+		})
+	}
+
 	// set GOMEMLIMIT which allows specifying a soft memory cap to force GC when resource limit is reached
 	// to prevent OOM
 	if coll.Spec.Agent.EBPF.Resources.Limits.Memory() != nil {

diff --git a/controllers/flp/flp_pipeline_builder.go b/controllers/flp/flp_pipeline_builder.go
@@ -359,6 +359,20 @@ func (b *PipelineBuilder) addConnectionTracking(lastStage config.PipelineBuilder
 		outputFields = append(outputFields, outDNSTrackingFields...)
 	}
 
+	if helper.IsOvsMonitorEnabled(&b.desired.Agent.EBPF) {
+		var outOvsFlowFields []api.OutputField
+		for i := 0; i < constants.MaxOvsMonitorEvents; i++ {
+			outOvsFlowFields = []api.OutputField{
+				{
+					Name:      fmt.Sprintf("OvsMonitorMDEvent%d", i),
+					Operation: "last",
+					Input:     fmt.Sprintf("OvsMonitorMD[%d]", i),
+				},
+			}
+			outputFields = append(outputFields, outOvsFlowFields...)
+		}
+	}
+
 	if helper.IsFlowRTTEnabled(&b.desired.Agent.EBPF) {
 		outputFields = append(outputFields, api.OutputField{
 			Name:      "MaxTimeFlowRttNs",

diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md
@@ -289,7 +289,8 @@ Otherwise it is matched as a case-sensitive string.<br/>
 the kernel debug filesystem, so the eBPF pod has to run as privileged.
 If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
 - `DNSTracking`: enable the DNS tracking feature.<br>
-- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br><br/>
+- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+- `OvsMonitor`: enable the OVS monitoring feature.<br><br/>
         </td>
         <td>false</td>
       </tr><tr>
@@ -5930,7 +5931,8 @@ Otherwise it is matched as a case-sensitive string.<br/>
 the kernel debug filesystem, so the eBPF pod has to run as privileged.
 If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<br>
 - `DNSTracking`: enable the DNS tracking feature.<br>
-- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br><br/>
+- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.<br>
+- `OvsMonitor`: enable the OVS monitoring feature.<br><br/>
         </td>
         <td>false</td>
       </tr><tr>

diff --git a/pkg/helper/flowcollector.go b/pkg/helper/flowcollector.go
@@ -119,6 +119,10 @@ func IsFlowRTTEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
 	return IsAgentFeatureEnabled(spec, flowslatest.FlowRTT)
 }
 
+func IsOvsMonitorEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
+	return IsAgentFeatureEnabled(spec, flowslatest.OvsMonitor)
+}
+
 func IsMultiClusterEnabled(spec *flowslatest.FlowCollectorFLP) bool {
 	return spec.MultiClusterDeployment != nil && *spec.MultiClusterDeployment
 }