Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRD doc update - simplified sample #224

Merged
merged 2 commits into from
Dec 13, 2022
Merged

CRD doc update - simplified sample #224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8282cb6
CRD doc update - simplified sample
jotak Dec 13, 2022
cb91200
update operator-sdk default version
jotak Dec 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ ifeq (,$(shell which operator-sdk 2>/dev/null))
set -e ;\
mkdir -p $(dir $(OPSDK)) ;\
OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
curl -sSLo $(OPSDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.25.2/operator-sdk_$${OS}_$${ARCH} ;\
curl -sSLo $(OPSDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.25.3/operator-sdk_$${OS}_$${ARCH} ;\
chmod +x $(OPSDK) ;\
}
else
Expand Down
13 changes: 8 additions & 5 deletions api/v1alpha1/flowcollector_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,9 +196,11 @@ type FlowCollectorEBPF struct {
// logLevel defines the log level for the NetObserv eBPF Agent
LogLevel string `json:"logLevel,omitempty"`

// privileged mode for the eBPF Agent container. If false, the operator will add the following
// capabilities to the container, to enable its correct operation:
// BPF, PERFMON, NET_ADMIN, SYS_RESOURCE.
// privileged mode for the eBPF Agent container. In general this setting can be ignored or set to false:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mariomac can you take a look at this description in particular?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much clearer, thanks for adding context to this!

// in that case, the operator will set granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE)
// to the container, to enable its correct operation.
// If for some reason these capabilities cannot be set (e.g. old kernel version not knowing CAP_BPF)
// then you can turn on this mode for more global privileges.
// +optional
Privileged bool `json:"privileged,omitempty"`

Expand Down Expand Up @@ -226,7 +228,8 @@ type FlowCollectorKafka struct {
// kafka topic to use. It must exist, NetObserv will not create it.
Topic string `json:"topic"`

// tls client configuration. Note that, when eBPF agents are used, Kafka certificate needs to be copied in the agent namespace (by default it's netobserv-privileged).
// tls client configuration. When using TLS, make sure the address matches the Kafka port used for TLS, generally 9093.
// Note that, when eBPF agents are used, Kafka certificate needs to be copied in the agent namespace (by default it's netobserv-privileged).
// +optional
TLS ClientTLS `json:"tls"`
}
Expand Down Expand Up @@ -615,7 +618,7 @@ type ClientTLS struct {
// caCert defines the reference of the certificate for the Certificate Authority
CACert CertificateReference `json:"caCert,omitempty"`

// userCert defines the user certificate reference
// userCert defines the user certificate reference, used for mTLS (you can ignore it when using regular, one-way TLS)
// +optional
UserCert CertificateReference `json:"userCert,omitempty"`
}
Expand Down
2 changes: 1 addition & 1 deletion bundle.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=netobserv-operator
LABEL operators.operatorframework.io.bundle.channels.v1=v0.2.x
LABEL operators.operatorframework.io.bundle.channel.default.v1=v0.2.x
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.2
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makefile is still downloading v1.25.2. Maybe you'd need to update also the downloaded version in the makefile

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah yes

LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3

Expand Down
37 changes: 25 additions & 12 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,9 +143,13 @@ spec:
type: string
privileged:
description: 'privileged mode for the eBPF Agent container.
If false, the operator will add the following capabilities
to the container, to enable its correct operation: BPF,
PERFMON, NET_ADMIN, SYS_RESOURCE.'
In general this setting can be ignored or set to false:
in that case, the operator will set granular capabilities
(BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container,
to enable its correct operation. If for some reason these
capabilities cannot be set (e.g. old kernel version not
knowing CAP_BPF) then you can turn on this mode for more
global privileges.'
type: boolean
resources:
default:
Expand Down Expand Up @@ -980,9 +984,11 @@ spec:
description: address of the Kafka server
type: string
tls:
description: tls client configuration. Note that, when eBPF
agents are used, Kafka certificate needs to be copied
in the agent namespace (by default it's netobserv-privileged).
description: tls client configuration. When using TLS, make
sure the address matches the Kafka port used for TLS,
generally 9093. Note that, when eBPF agents are used,
Kafka certificate needs to be copied in the agent namespace
(by default it's netobserv-privileged).
properties:
caCert:
description: caCert defines the reference of the certificate
Expand Down Expand Up @@ -1020,7 +1026,9 @@ spec:
CACert field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular,
one-way TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down Expand Up @@ -1073,9 +1081,10 @@ spec:
description: address of the Kafka server
type: string
tls:
description: tls client configuration. Note that, when eBPF agents
are used, Kafka certificate needs to be copied in the agent
namespace (by default it's netobserv-privileged).
description: tls client configuration. When using TLS, make sure
the address matches the Kafka port used for TLS, generally 9093.
Note that, when eBPF agents are used, Kafka certificate needs
to be copied in the agent namespace (by default it's netobserv-privileged).
properties:
caCert:
description: caCert defines the reference of the certificate
Expand Down Expand Up @@ -1113,7 +1122,9 @@ spec:
field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down Expand Up @@ -1261,7 +1272,9 @@ spec:
field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down
23 changes: 2 additions & 21 deletions bundle/manifests/netobserv-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ metadata:
"interfaces": [],
"kafkaBatchSize": 10485760,
"logLevel": "info",
"privileged": false,
"resources": {
"limits": {
"memory": "800Mi"
Expand All @@ -34,19 +33,6 @@ metadata:
},
"sampling": 50
},
"ipfix": {
"cacheActiveTimeout": "20s",
"cacheMaxFlows": 400,
"clusterNetworkOperator": {
"namespace": "openshift-network-operator"
},
"ovnKubernetes": {
"containerName": "ovnkube-node",
"daemonSetName": "ovnkube-node",
"namespace": "ovn-kubernetes"
},
"sampling": 400
},
"type": "EBPF"
},
"consolePlugin": {
Expand Down Expand Up @@ -135,9 +121,6 @@ metadata:
"maxBackoff": "5s",
"maxRetries": 2,
"minBackoff": "1s",
"staticLabels": {
"app": "netobserv-flowcollector"
},
"tls": {
"caCert": {
"certFile": "service-ca.crt",
Expand All @@ -152,8 +135,6 @@ metadata:
"namespace": "netobserv",
"processor": {
"dropUnusedFields": true,
"enableKubeProbes": true,
"healthPort": 8080,
"imagePullPolicy": "IfNotPresent",
"kafkaConsumerAutoscaler": null,
"kafkaConsumerBatchSize": 10485760,
Expand Down Expand Up @@ -188,9 +169,9 @@ metadata:
categories: Monitoring
console.openshift.io/plugins: '["netobserv-plugin"]'
containerImage: quay.io/netobserv/network-observability-operator:0.2.1
createdAt: "2022-12-09T12:12:52Z"
createdAt: "2022-12-13T10:17:29Z"
description: Network flows collector and monitoring solution
operators.operatorframework.io/builder: operator-sdk-v1.25.2
operators.operatorframework.io/builder: operator-sdk-v1.25.3
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/netobserv/network-observability-operator
name: netobserv-operator.v0.2.1
Expand Down
2 changes: 1 addition & 1 deletion bundle/metadata/annotations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ annotations:
operators.operatorframework.io.bundle.package.v1: netobserv-operator
operators.operatorframework.io.bundle.channels.v1: v0.2.x
operators.operatorframework.io.bundle.channel.default.v1: v0.2.x
operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.2
operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.3
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3

Expand Down
37 changes: 25 additions & 12 deletions config/crd/bases/flows.netobserv.io_flowcollectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,9 +141,13 @@ spec:
type: string
privileged:
description: 'privileged mode for the eBPF Agent container.
If false, the operator will add the following capabilities
to the container, to enable its correct operation: BPF,
PERFMON, NET_ADMIN, SYS_RESOURCE.'
In general this setting can be ignored or set to false:
in that case, the operator will set granular capabilities
(BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container,
to enable its correct operation. If for some reason these
capabilities cannot be set (e.g. old kernel version not
knowing CAP_BPF) then you can turn on this mode for more
global privileges.'
type: boolean
resources:
default:
Expand Down Expand Up @@ -978,9 +982,11 @@ spec:
description: address of the Kafka server
type: string
tls:
description: tls client configuration. Note that, when eBPF
agents are used, Kafka certificate needs to be copied
in the agent namespace (by default it's netobserv-privileged).
description: tls client configuration. When using TLS, make
sure the address matches the Kafka port used for TLS,
generally 9093. Note that, when eBPF agents are used,
Kafka certificate needs to be copied in the agent namespace
(by default it's netobserv-privileged).
properties:
caCert:
description: caCert defines the reference of the certificate
Expand Down Expand Up @@ -1018,7 +1024,9 @@ spec:
CACert field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular,
one-way TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down Expand Up @@ -1071,9 +1079,10 @@ spec:
description: address of the Kafka server
type: string
tls:
description: tls client configuration. Note that, when eBPF agents
are used, Kafka certificate needs to be copied in the agent
namespace (by default it's netobserv-privileged).
description: tls client configuration. When using TLS, make sure
the address matches the Kafka port used for TLS, generally 9093.
Note that, when eBPF agents are used, Kafka certificate needs
to be copied in the agent namespace (by default it's netobserv-privileged).
properties:
caCert:
description: caCert defines the reference of the certificate
Expand Down Expand Up @@ -1111,7 +1120,9 @@ spec:
field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down Expand Up @@ -1259,7 +1270,9 @@ spec:
field will be ignored
type: boolean
userCert:
description: userCert defines the user certificate reference
description: userCert defines the user certificate reference,
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
certFile:
description: certFile defines the path to the certificate
Expand Down
15 changes: 0 additions & 15 deletions config/samples/flows_v1alpha1_flowcollector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,6 @@ spec:
deploymentModel: DIRECT
agent:
type: EBPF
ipfix:
cacheActiveTimeout: 20s
cacheMaxFlows: 400
sampling: 400
clusterNetworkOperator:
namespace: openshift-network-operator
ovnKubernetes:
namespace: ovn-kubernetes
daemonSetName: ovnkube-node
containerName: ovnkube-node
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought this file was automatically generated but it seems not. Good to know!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, in general I want to have all exposed config in this file so it also serves as a reference, however for stuff that are deprecated or that for some reason we don't want to advertise on, it's probably better to not have them here

ebpf:
imagePullPolicy: IfNotPresent
sampling: 50
Expand All @@ -25,7 +15,6 @@ spec:
interfaces: [ ]
excludeInterfaces: [ "lo" ]
logLevel: info
privileged: false
resources:
requests:
memory: 50Mi
Expand All @@ -37,8 +26,6 @@ spec:
port: 2055
imagePullPolicy: IfNotPresent
logLevel: info
enableKubeProbes: true
healthPort: 8080
profilePort: 6060
metrics:
server:
Expand Down Expand Up @@ -89,8 +76,6 @@ spec:
minBackoff: 1s
maxBackoff: 5s
maxRetries: 2
staticLabels:
app: netobserv-flowcollector
consolePlugin:
register: true
imagePullPolicy: IfNotPresent
Expand Down
15 changes: 0 additions & 15 deletions config/samples/flows_v1alpha1_flowcollector_versioned.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,6 @@ spec:
deploymentModel: DIRECT
agent:
type: EBPF
ipfix:
cacheActiveTimeout: 20s
cacheMaxFlows: 400
sampling: 400
clusterNetworkOperator:
namespace: openshift-network-operator
ovnKubernetes:
namespace: ovn-kubernetes
daemonSetName: ovnkube-node
containerName: ovnkube-node
ebpf:
imagePullPolicy: IfNotPresent
sampling: 50
Expand All @@ -25,7 +15,6 @@ spec:
interfaces: [ ]
excludeInterfaces: [ "lo" ]
logLevel: info
privileged: false
resources:
requests:
memory: 50Mi
Expand All @@ -37,8 +26,6 @@ spec:
port: 2055
imagePullPolicy: IfNotPresent
logLevel: info
enableKubeProbes: true
healthPort: 8080
profilePort: 6060
metrics:
server:
Expand Down Expand Up @@ -89,8 +76,6 @@ spec:
minBackoff: 1s
maxBackoff: 5s
maxRetries: 2
staticLabels:
app: netobserv-flowcollector
consolePlugin:
register: true
imagePullPolicy: IfNotPresent
Expand Down
Loading