From 64dd8ff65c92366568acce922b0eea26feeedcd3 Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Mon, 11 Sep 2023 18:33:00 +0200 Subject: [PATCH] operator netobserv-operator (1.0.4) --- .../flows.netobserv.io_flowcollectors.yaml | 4787 +++++++++++++++++ ...netobserv-manager-config_v1_configmap.yaml | 19 + ...nitoring.coreos.com_v1_servicemonitor.yaml | 19 + .../netobserv-metrics-service_v1_service.yaml | 19 + ...eus_rbac.authorization.k8s.io_v1_role.yaml | 16 + ...c.authorization.k8s.io_v1_rolebinding.yaml | 13 + ...observ-operator.clusterserviceversion.yaml | 890 +++ .../netobserv-webhook-service_v1_service.yaml | 23 + .../1.0.4/metadata/annotations.yaml | 13 + 9 files changed, 5799 insertions(+) create mode 100644 operators/netobserv-operator/1.0.4/manifests/flows.netobserv.io_flowcollectors.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-manager-config_v1_configmap.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-service_v1_service.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-operator.clusterserviceversion.yaml create mode 100644 operators/netobserv-operator/1.0.4/manifests/netobserv-webhook-service_v1_service.yaml create mode 100644 operators/netobserv-operator/1.0.4/metadata/annotations.yaml diff --git a/operators/netobserv-operator/1.0.4/manifests/flows.netobserv.io_flowcollectors.yaml b/operators/netobserv-operator/1.0.4/manifests/flows.netobserv.io_flowcollectors.yaml new file mode 100644 index 00000000000..6a6f1e19a58 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/flows.netobserv.io_flowcollectors.yaml @@ -0,0 +1,4787 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: flowcollectors.flows.netobserv.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: netobserv-webhook-service + namespace: netobserv + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 + group: flows.netobserv.io + names: + kind: FlowCollector + listKind: FlowCollectorList + plural: flowcollectors + singular: flowcollector + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.agent.type + name: Agent + type: string + - jsonPath: .spec.agent.ebpf.sampling + name: Sampling (EBPF) + type: string + - jsonPath: .spec.deploymentModel + name: Deployment Model + type: string + - jsonPath: .status.conditions[*].reason + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: FlowCollector is the Schema for the flowcollectors API, which + pilots and configures netflow collection. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + properties: + name: + pattern: ^cluster$ + type: string + type: object + spec: + description: FlowCollectorSpec defines the desired state of FlowCollector + properties: + agent: + default: + type: EBPF + description: agent for flows extraction. + properties: + ebpf: + description: ebpf describes the settings related to the eBPF-based + flow reporter when the "agent.type" property is set to "EBPF". + properties: + cacheActiveTimeout: + default: 5s + description: cacheActiveTimeout is the max period during which + the reporter will aggregate flows before sending. Increasing + `cacheMaxFlows` and `cacheActiveTimeout` can decrease the + network traffic overhead and the CPU load, however you can + expect higher memory consumption and an increased latency + in the flow collection. + pattern: ^\d+(ns|ms|s|m)?$ + type: string + cacheMaxFlows: + default: 100000 + description: cacheMaxFlows is the max number of flows in an + aggregate; when reached, the reporter sends the flows. Increasing + `cacheMaxFlows` and `cacheActiveTimeout` can decrease the + network traffic overhead and the CPU load, however you can + expect higher memory consumption and an increased latency + in the flow collection. + format: int32 + minimum: 1 + type: integer + debug: + description: Debug allows setting some aspects of the internal + configuration of the eBPF agent. This section is aimed exclusively + for debugging and fine-grained performance optimizations + (for example GOGC, GOMAXPROCS env vars). Users setting its + values do it at their own risk. + properties: + env: + additionalProperties: + type: string + description: env allows passing custom environment variables + to the NetObserv Agent. Useful for passing some very + concrete performance-tuning options (such as GOGC, GOMAXPROCS) + that shouldn't be publicly exposed as part of the FlowCollector + descriptor, as they are only useful in edge debug and + support scenarios. + type: object + type: object + excludeInterfaces: + default: + - lo + description: excludeInterfaces contains the interface names + that will be excluded from flow tracing. If an entry is + enclosed by slashes (such as `/br-/`), it will match as + regular expression, otherwise it will be matched as a case-sensitive + string. + items: + type: string + type: array + imagePullPolicy: + default: IfNotPresent + description: imagePullPolicy is the Kubernetes pull policy + for the image defined above + enum: + - IfNotPresent + - Always + - Never + type: string + interfaces: + description: interfaces contains the interface names from + where flows will be collected. If empty, the agent will + fetch all the interfaces in the system, excepting the ones + listed in ExcludeInterfaces. If an entry is enclosed by + slashes (such as `/br-/`), it will match as regular expression, + otherwise it will be matched as a case-sensitive string. + items: + type: string + type: array + kafkaBatchSize: + default: 10485760 + description: 'kafkaBatchSize limits the maximum size of a + request in bytes before being sent to a partition. Ignored + when not using Kafka. Default: 10MB.' + type: integer + logLevel: + default: info + description: logLevel defines the log level for the NetObserv + eBPF Agent + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + privileged: + description: 'privileged mode for the eBPF Agent container. + In general this setting can be ignored or set to false: + in that case, the operator will set granular capabilities + (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, + to enable its correct operation. If for some reason these + capabilities cannot be set (for example old kernel version + not knowing CAP_BPF) then you can turn on this mode for + more global privileges.' + type: boolean + resources: + default: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 50Mi + description: 'resources are the compute resources required + by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + sampling: + default: 50 + description: sampling rate of the flow reporter. 100 means + one flow on 100 is sent. 0 or 1 means all flows are sampled. + format: int32 + minimum: 0 + type: integer + type: object + ipfix: + description: ipfix describes the settings related to the IPFIX-based + flow reporter when the "agent.type" property is set to "IPFIX". + properties: + cacheActiveTimeout: + default: 20s + description: cacheActiveTimeout is the max period during which + the reporter will aggregate flows before sending + pattern: ^\d+(ns|ms|s|m)?$ + type: string + cacheMaxFlows: + default: 400 + description: cacheMaxFlows is the max number of flows in an + aggregate; when reached, the reporter sends the flows + format: int32 + minimum: 0 + type: integer + clusterNetworkOperator: + description: clusterNetworkOperator defines the settings related + to the OpenShift Cluster Network Operator, when available. + properties: + namespace: + default: openshift-network-operator + description: namespace where the config map is going + to be deployed. + type: string + type: object + forceSampleAll: + default: false + description: forceSampleAll allows disabling sampling in the + IPFIX-based flow reporter. It is not recommended to sample + all the traffic with IPFIX, as it might generate cluster + instability. If you REALLY want to do that, set this flag + to true. Use at your own risk. When it is set to true, the + value of "sampling" is ignored. + type: boolean + ovnKubernetes: + description: ovnKubernetes defines the settings of the OVN-Kubernetes + CNI, when available. This configuration is used when using + OVN's IPFIX exports, without OpenShift. When using OpenShift, + refer to the `clusterNetworkOperator` property instead. + properties: + containerName: + default: ovnkube-node + description: containerName defines the name of the container + to configure for IPFIX. + type: string + daemonSetName: + default: ovnkube-node + description: daemonSetName defines the name of the DaemonSet + controlling the OVN-Kubernetes pods. + type: string + namespace: + default: ovn-kubernetes + description: namespace where OVN-Kubernetes pods are deployed. + type: string + type: object + sampling: + default: 400 + description: sampling is the sampling rate on the reporter. + 100 means one flow on 100 is sent. To ensure cluster stability, + it is not possible to set a value below 2. If you really + want to sample every packet, which might impact the cluster + stability, refer to "forceSampleAll". Alternatively, you + can use the eBPF Agent instead of IPFIX. + format: int32 + minimum: 2 + type: integer + type: object + type: + default: EBPF + description: type selects the flows tracing agent. Possible values + are "EBPF" (default) to use NetObserv eBPF agent, "IPFIX" to + use the legacy IPFIX collector. "EBPF" is recommended in most + cases as it offers better performances and should work regardless + of the CNI installed on the cluster. "IPFIX" works with OVN-Kubernetes + CNI (other CNIs could work if they support exporting IPFIX, + but they would require manual configuration). + enum: + - EBPF + - IPFIX + type: string + required: + - type + type: object + consolePlugin: + description: consolePlugin defines the settings related to the OpenShift + Console plugin, when available. + properties: + autoscaler: + description: autoscaler spec of a horizontal pod autoscaler to + set up for the plugin Deployment. + properties: + maxReplicas: + default: 3 + description: maxReplicas is the upper limit for the number + of pods that can be set by the autoscaler; cannot be smaller + than MinReplicas. + format: int32 + type: integer + metrics: + description: metrics used by the pod autoscaler + items: + description: MetricSpec specifies how to scale based on + a single metric (only `type` and one other matching field + should be set at once). + properties: + containerResource: + description: containerResource refers to a resource + metric (such as those specified in requests and limits) + known to Kubernetes describing a single container + in each pod of the current scale target (e.g. CPU + or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the + HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric that + is not associated with any Kubernetes object. It allows + autoscaling based on information coming from components + running outside of cluster (for example length of + queue in cloud messaging service, or QPS from loadbalancer + running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing a + single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing each + pod in the current scale target (for example, transactions-processed-per-second). The + values will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric (such + as those specified in requests and limits) known to + Kubernetes describing each pod in the current scale + target (e.g. CPU or memory). Such metrics are built + in to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. + properties: + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a + matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + minReplicas: + description: minReplicas is the lower limit for the number + of replicas to which the autoscaler can scale down. It + defaults to 1 pod. minReplicas is allowed to be 0 if the + alpha feature gate HPAScaleToZero is enabled and at least + one Object or External metric is configured. Scaling is + active as long as at least one metric value is available. + format: int32 + type: integer + status: + default: DISABLED + description: Status describe the desired status regarding + deploying an horizontal pod autoscaler DISABLED will not + deploy an horizontal pod autoscaler ENABLED will deploy + an horizontal pod autoscaler + enum: + - DISABLED + - ENABLED + type: string + type: object + imagePullPolicy: + default: IfNotPresent + description: imagePullPolicy is the Kubernetes pull policy for + the image defined above + enum: + - IfNotPresent + - Always + - Never + type: string + logLevel: + default: info + description: logLevel for the console plugin backend + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + port: + default: 9001 + description: port is the plugin service port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + portNaming: + default: + enable: true + description: portNaming defines the configuration of the port-to-service + name translation + properties: + enable: + default: true + description: enable the console plugin port-to-service name + translation + type: boolean + portNames: + additionalProperties: + type: string + description: 'portNames defines additional port names to use + in the console. Example: portNames: {"3100": "loki"}' + type: object + type: object + quickFilters: + default: + - default: true + filter: + dst_namespace!: openshift-,netobserv + src_namespace!: openshift-,netobserv + name: Applications + - filter: + dst_namespace: openshift-,netobserv + src_namespace: openshift-,netobserv + name: Infrastructure + - default: true + filter: + dst_kind: Pod + src_kind: Pod + name: Pods network + - filter: + dst_kind: Service + name: Services network + description: quickFilters configures quick filter presets for + the Console plugin + items: + description: QuickFilter defines preset configuration for Console's + quick filters + properties: + default: + description: default defines whether this filter should + be active by default or not + type: boolean + filter: + additionalProperties: + type: string + description: 'filter is a set of keys and values to be set + when this filter is selected. Each key can relate to a + list of values using a coma-separated string. Example: + filter: {"src_namespace": "namespace1,namespace2"}' + type: object + name: + description: name of the filter, that will be displayed + in Console + type: string + required: + - filter + - name + type: object + type: array + register: + default: true + description: 'register allows, when set to true, to automatically + register the provided console plugin with the OpenShift Console + operator. When set to false, you can still register it manually + by editing console.operator.openshift.io/cluster. E.g: oc patch + console.operator.openshift.io cluster --type=''json'' -p ''[{"op": + "add", "path": "/spec/plugins/-", "value": "netobserv-plugin"}]''' + type: boolean + replicas: + default: 1 + description: replicas defines the number of replicas (pods) to + start. + format: int32 + minimum: 0 + type: integer + resources: + default: + limits: + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + description: 'resources, in terms of compute resources, required + by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - register + type: object + deploymentModel: + default: DIRECT + description: deploymentModel defines the desired type of deployment + for flow processing. Possible values are "DIRECT" (default) to make + the flow processor listening directly from the agents, or "KAFKA" + to make flows sent to a Kafka pipeline before consumption by the + processor. Kafka can provide better scalability, resiliency and + high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka). + enum: + - DIRECT + - KAFKA + type: string + exporters: + description: exporters defines additional optional exporters for custom + consumption or storage. This is an experimental feature. Currently, + only KAFKA exporter is available. + items: + description: FlowCollectorExporter defines an additional exporter + to send enriched flows to + properties: + kafka: + description: kafka configuration, such as address or topic, + to send enriched flows to. + properties: + address: + default: "" + description: address of the Kafka server + type: string + tls: + description: tls client configuration. When using TLS, verify + that the address matches the Kafka port used for TLS, + generally 9093. Note that, when eBPF agents are used, + Kafka certificate needs to be copied in the agent namespace + (by default it's netobserv-privileged). + properties: + caCert: + description: caCert defines the reference of the certificate + for the Certificate Authority + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or + secret. Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret + containing certificates. If omitted, assumes same + namespace as where NetObserv is deployed. If the + namespace is different, the config map or the + secret will be copied so that it can be mounted + as required. + type: string + type: + description: 'type for the certificate reference: + "configmap" or "secret"' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: enable TLS + type: boolean + insecureSkipVerify: + default: false + description: insecureSkipVerify allows skipping client-side + verification of the server certificate If set to true, + CACert field will be ignored + type: boolean + userCert: + description: userCert defines the user certificate reference, + used for mTLS (you can ignore it when using regular, + one-way TLS) + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or + secret. Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret + containing certificates. If omitted, assumes same + namespace as where NetObserv is deployed. If the + namespace is different, the config map or the + secret will be copied so that it can be mounted + as required. + type: string + type: + description: 'type for the certificate reference: + "configmap" or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: object + topic: + default: "" + description: kafka topic to use. It must exist, NetObserv + will not create it. + type: string + required: + - address + - topic + type: object + type: + description: type selects the type of exporters. Only "KAFKA" + is available at the moment. + enum: + - KAFKA + type: string + required: + - type + type: object + type: array + kafka: + description: kafka configuration, allowing to use Kafka as a broker + as part of the flow collection pipeline. Available when the "spec.deploymentModel" + is "KAFKA". + properties: + address: + default: "" + description: address of the Kafka server + type: string + tls: + description: tls client configuration. When using TLS, verify + that the address matches the Kafka port used for TLS, generally + 9093. Note that, when eBPF agents are used, Kafka certificate + needs to be copied in the agent namespace (by default it's netobserv-privileged). + properties: + caCert: + description: caCert defines the reference of the certificate + for the Certificate Authority + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret containing + certificates. If omitted, assumes same namespace as + where NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'type for the certificate reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: enable TLS + type: boolean + insecureSkipVerify: + default: false + description: insecureSkipVerify allows skipping client-side + verification of the server certificate If set to true, CACert + field will be ignored + type: boolean + userCert: + description: userCert defines the user certificate reference, + used for mTLS (you can ignore it when using regular, one-way + TLS) + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret containing + certificates. If omitted, assumes same namespace as + where NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'type for the certificate reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: object + topic: + default: "" + description: kafka topic to use. It must exist, NetObserv will + not create it. + type: string + required: + - address + - topic + type: object + loki: + description: loki, the flow store, client settings. + properties: + authToken: + default: DISABLED + description: AuthToken describe the way to get a token to authenticate + to Loki. DISABLED will not send any token with the request. + HOST will use the local pod service account to authenticate + to Loki. FORWARD will forward user token, in this mode, pod + that are not receiving user request like the processor will + use the local pod service account. Similar to HOST mode. When + using the Loki Operator, set it to `HOST` or `FORWARD`. + enum: + - DISABLED + - HOST + - FORWARD + type: string + batchSize: + default: 102400 + description: batchSize is max batch size (in bytes) of logs to + accumulate before sending. + format: int64 + minimum: 1 + type: integer + batchWait: + default: 1s + description: batchWait is max time to wait before sending a batch. + type: string + maxBackoff: + default: 5s + description: maxBackoff is the maximum backoff time for client + connection between retries. + type: string + maxRetries: + default: 2 + description: maxRetries is the maximum number of retries for client + connections. + format: int32 + minimum: 0 + type: integer + minBackoff: + default: 1s + description: minBackoff is the initial backoff time for client + connection between retries. + type: string + querierUrl: + description: querierURL specifies the address of the Loki querier + service, in case it is different from the Loki ingester URL. + If empty, the URL value will be used (assuming that the Loki + ingester and querier are in the same server). When using the + Loki Operator, do not set it, since ingestion and queries use + the Loki gateway. + type: string + staticLabels: + additionalProperties: + type: string + default: + app: netobserv-flowcollector + description: staticLabels is a map of common labels to set on + each flow. + type: object + statusUrl: + description: statusURL specifies the address of the Loki /ready + /metrics /config endpoints, in case it is different from the + Loki querier URL. If empty, the QuerierURL value will be used. + This is useful to show error messages and some context in the + frontend. When using the Loki Operator, set it to the Loki HTTP + query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. + type: string + tenantID: + default: netobserv + description: tenantID is the Loki X-Scope-OrgID that identifies + the tenant for each request. When using the Loki Operator, set + it to `network`, which corresponds to a special tenant mode. + type: string + timeout: + default: 10s + description: timeout is the maximum time connection / request + limit. A Timeout of zero means no timeout. + type: string + tls: + description: tls client configuration. + properties: + caCert: + description: caCert defines the reference of the certificate + for the Certificate Authority + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret containing + certificates. If omitted, assumes same namespace as + where NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'type for the certificate reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: enable TLS + type: boolean + insecureSkipVerify: + default: false + description: insecureSkipVerify allows skipping client-side + verification of the server certificate If set to true, CACert + field will be ignored + type: boolean + userCert: + description: userCert defines the user certificate reference, + used for mTLS (you can ignore it when using regular, one-way + TLS) + properties: + certFile: + description: certFile defines the path to the certificate + file name within the config map or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret containing + certificates. If omitted, assumes same namespace as + where NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'type for the certificate reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: object + url: + default: http://loki:3100/ + description: url is the address of an existing Loki service to + push the flows to. When using the Loki Operator, set it to the + Loki gateway service with the `network` tenant set in path, + for example https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network. + type: string + type: object + namespace: + description: namespace where NetObserv pods are deployed. If empty, + the namespace of the operator is going to be used. + type: string + processor: + description: processor defines the settings of the component that + receives the flows from the agent, enriches them, and forwards them + to the Loki persistence layer. + properties: + debug: + description: Debug allows setting some aspects of the internal + configuration of the flow processor. This section is aimed exclusively + for debugging and fine-grained performance optimizations (for + example GOGC, GOMAXPROCS env vars). Users setting its values + do it at their own risk. + properties: + env: + additionalProperties: + type: string + description: env allows passing custom environment variables + to the NetObserv Agent. Useful for passing some very concrete + performance-tuning options (such as GOGC, GOMAXPROCS) that + shouldn't be publicly exposed as part of the FlowCollector + descriptor, as they are only useful in edge debug and support + scenarios. + type: object + type: object + dropUnusedFields: + default: true + description: dropUnusedFields allows, when set to true, to drop + fields that are known to be unused by OVS, in order to save + storage space. + type: boolean + enableKubeProbes: + default: true + description: enableKubeProbes is a flag to enable or disable Kubernetes + liveness and readiness probes + type: boolean + healthPort: + default: 8080 + description: healthPort is a collector HTTP port in the Pod that + exposes the health check API + format: int32 + maximum: 65535 + minimum: 1 + type: integer + imagePullPolicy: + default: IfNotPresent + description: imagePullPolicy is the Kubernetes pull policy for + the image defined above + enum: + - IfNotPresent + - Always + - Never + type: string + kafkaConsumerAutoscaler: + description: kafkaConsumerAutoscaler spec of a horizontal pod + autoscaler to set up for flowlogs-pipeline-transformer, which + consumes Kafka messages. This setting is ignored when Kafka + is disabled. + properties: + maxReplicas: + default: 3 + description: maxReplicas is the upper limit for the number + of pods that can be set by the autoscaler; cannot be smaller + than MinReplicas. + format: int32 + type: integer + metrics: + description: metrics used by the pod autoscaler + items: + description: MetricSpec specifies how to scale based on + a single metric (only `type` and one other matching field + should be set at once). + properties: + containerResource: + description: containerResource refers to a resource + metric (such as those specified in requests and limits) + known to Kubernetes describing a single container + in each pod of the current scale target (e.g. CPU + or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the + HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric that + is not associated with any Kubernetes object. It allows + autoscaling based on information coming from components + running outside of cluster (for example length of + queue in cloud messaging service, or QPS from loadbalancer + running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing a + single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing each + pod in the current scale target (for example, transactions-processed-per-second). The + values will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric (such + as those specified in requests and limits) known to + Kubernetes describing each pod in the current scale + target (e.g. CPU or memory). Such metrics are built + in to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. + properties: + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a + matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + minReplicas: + description: minReplicas is the lower limit for the number + of replicas to which the autoscaler can scale down. It + defaults to 1 pod. minReplicas is allowed to be 0 if the + alpha feature gate HPAScaleToZero is enabled and at least + one Object or External metric is configured. Scaling is + active as long as at least one metric value is available. + format: int32 + type: integer + status: + default: DISABLED + description: Status describe the desired status regarding + deploying an horizontal pod autoscaler DISABLED will not + deploy an horizontal pod autoscaler ENABLED will deploy + an horizontal pod autoscaler + enum: + - DISABLED + - ENABLED + type: string + type: object + kafkaConsumerBatchSize: + default: 10485760 + description: 'kafkaConsumerBatchSize indicates to the broker the + maximum batch size, in bytes, that the consumer will accept. + Ignored when not using Kafka. Default: 10MB.' + type: integer + kafkaConsumerQueueCapacity: + default: 1000 + description: kafkaConsumerQueueCapacity defines the capacity of + the internal message queue used in the Kafka consumer client. + Ignored when not using Kafka. + type: integer + kafkaConsumerReplicas: + default: 3 + description: kafkaConsumerReplicas defines the number of replicas + (pods) to start for flowlogs-pipeline-transformer, which consumes + Kafka messages. This setting is ignored when Kafka is disabled. + format: int32 + minimum: 0 + type: integer + logLevel: + default: info + description: logLevel of the collector runtime + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + metrics: + description: Metrics define the processor configuration regarding + metrics + properties: + ignoreTags: + default: + - egress + - packets + description: 'ignoreTags is a list of tags to specify which + metrics to ignore. Each metric is associated with a list + of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions + . Available tags are: egress, ingress, flows, bytes, packets, + namespaces, nodes, workloads' + items: + type: string + type: array + server: + description: metricsServer endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: the prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + provided: + description: TLS configuration. + properties: + certFile: + description: certFile defines the path to the + certificate file name within the config map + or secret + type: string + certKey: + description: certKey defines the path to the certificate + private key file name within the config map + or secret. Omit when the key is not necessary. + type: string + name: + description: name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: namespace of the config map or secret + containing certificates. If omitted, assumes + same namespace as where NetObserv is deployed. + If the namespace is different, the config map + or the secret will be copied so that it can + be mounted as required. + type: string + type: + description: 'type for the certificate reference: + "configmap" or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Select the type of TLS configuration + "DISABLED" (default) to not configure TLS for the + endpoint, "PROVIDED" to manually provide cert file + and a key file, and "AUTO" to use OpenShift auto + generated certificate using annotations + enum: + - DISABLED + - PROVIDED + - AUTO + type: string + type: object + type: object + type: object + port: + default: 2055 + description: 'port of the flow collector (host port) By conventions, + some value are not authorized port must not be below 1024 and + must not equal this values: 4789,6081,500, and 4500' + format: int32 + maximum: 65535 + minimum: 1025 + type: integer + profilePort: + description: profilePort allows setting up a Go pprof profiler + listening to this port + format: int32 + maximum: 65535 + minimum: 0 + type: integer + resources: + default: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 100Mi + description: 'resources are the compute resources required by + this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + required: + - agent + - deploymentModel + type: object + status: + description: FlowCollectorStatus defines the observed state of FlowCollector + properties: + conditions: + description: conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + namespace: + description: namespace where console plugin and flowlogs-pipeline + have been deployed. + type: string + required: + - conditions + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.agent.type + name: Agent + type: string + - jsonPath: .spec.agent.ebpf.sampling + name: Sampling (EBPF) + type: string + - jsonPath: .spec.deploymentModel + name: Deployment Model + type: string + - jsonPath: .status.conditions[*].reason + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: '`FlowCollector` is the schema for the network flows collection + API, which pilots and configures the underlying deployments.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Defines the desired state of the FlowCollector resource. +

*: the mention of "unsupported", or "deprecated" for a feature + throughout this document means that this feature is not officially supported + by Red Hat. It might have been, for instance, contributed by the community + and accepted without a formal agreement for maintenance. The product + maintainers might provide some support for these features as a best + effort only.' + properties: + agent: + description: Agent configuration for flows extraction. + properties: + ebpf: + description: '`ebpf` describes the settings related to the eBPF-based + flow reporter when `spec.agent.type` is set to `EBPF`.' + properties: + cacheActiveTimeout: + default: 5s + description: '`cacheActiveTimeout` is the max period during + which the reporter will aggregate flows before sending. + Increasing `cacheMaxFlows` and `cacheActiveTimeout` can + decrease the network traffic overhead and the CPU load, + however you can expect higher memory consumption and an + increased latency in the flow collection.' + pattern: ^\d+(ns|ms|s|m)?$ + type: string + cacheMaxFlows: + default: 100000 + description: '`cacheMaxFlows` is the max number of flows in + an aggregate; when reached, the reporter sends the flows. + Increasing `cacheMaxFlows` and `cacheActiveTimeout` can + decrease the network traffic overhead and the CPU load, + however you can expect higher memory consumption and an + increased latency in the flow collection.' + format: int32 + minimum: 1 + type: integer + debug: + description: '`debug` allows setting some aspects of the internal + configuration of the eBPF agent. This section is aimed exclusively + for debugging and fine-grained performance optimizations, + such as GOGC and GOMAXPROCS env vars. Users setting its + values do it at their own risk.' + properties: + env: + additionalProperties: + type: string + description: '`env` allows passing custom environment + variables to underlying components. Useful for passing + some very concrete performance-tuning options, such + as GOGC and GOMAXPROCS, that should not be publicly + exposed as part of the FlowCollector descriptor, as + they are only useful in edge debug or support scenarios.' + type: object + type: object + excludeInterfaces: + default: + - lo + description: '`excludeInterfaces` contains the interface names + that will be excluded from flow tracing. An entry is enclosed + by slashes, such as `/br-/`, is matched as a regular expression. + Otherwise it is matched as a case-sensitive string.' + items: + type: string + type: array + features: + description: 'List of additional features to enable. They + are all disabled by default. Enabling additional features + may have performance impacts. Possible values are:
- + `PacketDrop`: enable the packets drop flows logging feature. + This feature requires mounting the kernel debug filesystem, + so the eBPF pod has to run as privileged. If the `spec.agent.eBPF.privileged` + parameter is not set, an error is reported.
- `DNSTracking`: + enable the DNS tracking feature. This feature requires mounting + the kernel debug filesystem hence the eBPF pod has to run + as privileged. If the `spec.agent.eBPF.privileged` parameter + is not set, an error is reported.
- `FlowRTT` [unsupported + (*)]: enable flow latency (RTT) calculations in the eBPF + agent during TCP handshakes. This feature better works with + `sampling` set to 1.
' + items: + description: Agent feature, can be one of:
- `PacketDrop`, + to track packet drops.
- `DNSTracking`, to track specific + information on DNS traffic.
- `FlowRTT`, to track + TCP latency. [Unsupported (*)].
+ enum: + - PacketDrop + - DNSTracking + - FlowRTT + type: string + type: array + imagePullPolicy: + default: IfNotPresent + description: '`imagePullPolicy` is the Kubernetes pull policy + for the image defined above' + enum: + - IfNotPresent + - Always + - Never + type: string + interfaces: + description: '`interfaces` contains the interface names from + where flows will be collected. If empty, the agent will + fetch all the interfaces in the system, excepting the ones + listed in ExcludeInterfaces. An entry is enclosed by slashes, + such as `/br-/`, is matched as a regular expression. Otherwise + it is matched as a case-sensitive string.' + items: + type: string + type: array + kafkaBatchSize: + default: 10485760 + description: '`kafkaBatchSize` limits the maximum size of + a request in bytes before being sent to a partition. Ignored + when not using Kafka. Default: 10MB.' + type: integer + logLevel: + default: info + description: '`logLevel` defines the log level for the NetObserv + eBPF Agent' + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + privileged: + description: 'Privileged mode for the eBPF Agent container. + In general this setting can be ignored or set to false: + in that case, the operator will set granular capabilities + (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, + to enable its correct operation. If for some reason these + capabilities cannot be set, such as if an old kernel version + not knowing CAP_BPF is in use, then you can turn on this + mode for more global privileges.' + type: boolean + resources: + default: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 50Mi + description: '`resources` are the compute resources required + by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + sampling: + default: 50 + description: Sampling rate of the flow reporter. 100 means + one flow on 100 is sent. 0 or 1 means all flows are sampled. + format: int32 + minimum: 0 + type: integer + type: object + ipfix: + description: '`ipfix` [deprecated (*)] - describes the settings + related to the IPFIX-based flow reporter when `spec.agent.type` + is set to `IPFIX`.' + properties: + cacheActiveTimeout: + default: 20s + description: '`cacheActiveTimeout` is the max period during + which the reporter will aggregate flows before sending' + pattern: ^\d+(ns|ms|s|m)?$ + type: string + cacheMaxFlows: + default: 400 + description: '`cacheMaxFlows` is the max number of flows in + an aggregate; when reached, the reporter sends the flows' + format: int32 + minimum: 0 + type: integer + clusterNetworkOperator: + description: '`clusterNetworkOperator` defines the settings + related to the OpenShift Cluster Network Operator, when + available.' + properties: + namespace: + default: openshift-network-operator + description: Namespace where the config map is going + to be deployed. + type: string + type: object + forceSampleAll: + default: false + description: '`forceSampleAll` allows disabling sampling in + the IPFIX-based flow reporter. It is not recommended to + sample all the traffic with IPFIX, as it might generate + cluster instability. If you REALLY want to do that, set + this flag to true. Use at your own risk. When it is set + to true, the value of `sampling` is ignored.' + type: boolean + ovnKubernetes: + description: '`ovnKubernetes` defines the settings of the + OVN-Kubernetes CNI, when available. This configuration is + used when using OVN''s IPFIX exports, without OpenShift. + When using OpenShift, refer to the `clusterNetworkOperator` + property instead.' + properties: + containerName: + default: ovnkube-node + description: '`containerName` defines the name of the + container to configure for IPFIX.' + type: string + daemonSetName: + default: ovnkube-node + description: '`daemonSetName` defines the name of the + DaemonSet controlling the OVN-Kubernetes pods.' + type: string + namespace: + default: ovn-kubernetes + description: Namespace where OVN-Kubernetes pods are deployed. + type: string + type: object + sampling: + default: 400 + description: '`sampling` is the sampling rate on the reporter. + 100 means one flow on 100 is sent. To ensure cluster stability, + it is not possible to set a value below 2. If you really + want to sample every packet, which might impact the cluster + stability, refer to `forceSampleAll`. Alternatively, you + can use the eBPF Agent instead of IPFIX.' + format: int32 + minimum: 2 + type: integer + type: object + type: + default: EBPF + description: '`type` selects the flows tracing agent. Possible + values are:
- `EBPF` (default) to use NetObserv eBPF agent.
+ - `IPFIX` [deprecated (*)] - to use the legacy IPFIX collector.
+ `EBPF` is recommended as it offers better performances and should + work regardless of the CNI installed on the cluster. `IPFIX` + works with OVN-Kubernetes CNI (other CNIs could work if they + support exporting IPFIX, but they would require manual configuration).' + enum: + - EBPF + - IPFIX + type: string + type: object + consolePlugin: + description: '`consolePlugin` defines the settings related to the + OpenShift Console plugin, when available.' + properties: + autoscaler: + description: '`autoscaler` spec of a horizontal pod autoscaler + to set up for the plugin Deployment.' + properties: + maxReplicas: + default: 3 + description: '`maxReplicas` is the upper limit for the number + of pods that can be set by the autoscaler; cannot be smaller + than MinReplicas.' + format: int32 + type: integer + metrics: + description: Metrics used by the pod autoscaler + items: + description: MetricSpec specifies how to scale based on + a single metric (only `type` and one other matching field + should be set at once). + properties: + containerResource: + description: containerResource refers to a resource + metric (such as those specified in requests and limits) + known to Kubernetes describing a single container + in each pod of the current scale target (e.g. CPU + or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the + HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric that + is not associated with any Kubernetes object. It allows + autoscaling based on information coming from components + running outside of cluster (for example length of + queue in cloud messaging service, or QPS from loadbalancer + running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing a + single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing each + pod in the current scale target (for example, transactions-processed-per-second). The + values will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric (such + as those specified in requests and limits) known to + Kubernetes describing each pod in the current scale + target (e.g. CPU or memory). Such metrics are built + in to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. + properties: + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a + matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + minReplicas: + description: '`minReplicas` is the lower limit for the number + of replicas to which the autoscaler can scale down. It defaults + to 1 pod. minReplicas is allowed to be 0 if the alpha feature + gate HPAScaleToZero is enabled and at least one Object or + External metric is configured. Scaling is active as long + as at least one metric value is available.' + format: int32 + type: integer + status: + default: DISABLED + description: '`status` describes the desired status regarding + deploying an horizontal pod autoscaler.
- `DISABLED` + will not deploy an horizontal pod autoscaler.
- `ENABLED` + will deploy an horizontal pod autoscaler.
' + enum: + - DISABLED + - ENABLED + type: string + type: object + enable: + default: true + description: enable the console plugin deployment. spec.Loki.enable + must also be true + type: boolean + imagePullPolicy: + default: IfNotPresent + description: '`imagePullPolicy` is the Kubernetes pull policy + for the image defined above' + enum: + - IfNotPresent + - Always + - Never + type: string + logLevel: + default: info + description: '`logLevel` for the console plugin backend' + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + port: + default: 9001 + description: '`port` is the plugin service port. Do not use 9002, + which is reserved for metrics.' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + portNaming: + default: + enable: true + description: '`portNaming` defines the configuration of the port-to-service + name translation' + properties: + enable: + default: true + description: Enable the console plugin port-to-service name + translation + type: boolean + portNames: + additionalProperties: + type: string + description: '`portNames` defines additional port names to + use in the console, for example, `portNames: {"3100": "loki"}`.' + type: object + type: object + quickFilters: + default: + - default: true + filter: + dst_namespace!: openshift-,netobserv + src_namespace!: openshift-,netobserv + name: Applications + - filter: + dst_namespace: openshift-,netobserv + src_namespace: openshift-,netobserv + name: Infrastructure + - default: true + filter: + dst_kind: Pod + src_kind: Pod + name: Pods network + - filter: + dst_kind: Service + name: Services network + description: '`quickFilters` configures quick filter presets for + the Console plugin' + items: + description: '`QuickFilter` defines preset configuration for + Console''s quick filters' + properties: + default: + description: '`default` defines whether this filter should + be active by default or not' + type: boolean + filter: + additionalProperties: + type: string + description: '`filter` is a set of keys and values to be + set when this filter is selected. Each key can relate + to a list of values using a coma-separated string, for + example, `filter: {"src_namespace": "namespace1,namespace2"}`.' + type: object + name: + description: Name of the filter, that will be displayed + in Console + type: string + required: + - filter + - name + type: object + type: array + register: + default: true + description: '`register` allows, when set to true, to automatically + register the provided console plugin with the OpenShift Console + operator. When set to false, you can still register it manually + by editing console.operator.openshift.io/cluster with the following + command: `oc patch console.operator.openshift.io cluster --type=''json'' + -p ''[{"op": "add", "path": "/spec/plugins/-", "value": "netobserv-plugin"}]''`' + type: boolean + replicas: + default: 1 + description: '`replicas` defines the number of replicas (pods) + to start.' + format: int32 + minimum: 0 + type: integer + resources: + default: + limits: + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + description: '`resources`, in terms of compute resources, required + by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + deploymentModel: + default: DIRECT + description: '`deploymentModel` defines the desired type of deployment + for flow processing. Possible values are:
- `DIRECT` (default) + to make the flow processor listening directly from the agents.
+ - `KAFKA` to make flows sent to a Kafka pipeline before consumption + by the processor.
Kafka can provide better scalability, resiliency, + and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka).' + enum: + - DIRECT + - KAFKA + type: string + exporters: + description: '`exporters` define additional optional exporters for + custom consumption or storage.' + items: + description: '`FlowCollectorExporter` defines an additional exporter + to send enriched flows to.' + properties: + ipfix: + description: IPFIX configuration, such as the IP address and + port to send enriched IPFIX flows to. [Unsupported (*)]. + properties: + targetHost: + default: "" + description: Address of the IPFIX external receiver + type: string + targetPort: + description: Port for the IPFIX external receiver + type: integer + transport: + description: Transport protocol (`TCP` or `UDP`) to be used + for the IPFIX connection, defaults to `TCP`. + enum: + - TCP + - UDP + type: string + required: + - targetHost + - targetPort + type: object + kafka: + description: Kafka configuration, such as the address and topic, + to send enriched flows to. + properties: + address: + default: "" + description: Address of the Kafka server + type: string + sasl: + description: SASL authentication configuration. [Unsupported + (*)]. + properties: + clientIDReference: + description: Reference to the secret or config map containing + the client ID + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret containing + the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, assumes same + namespace as where NetObserv is deployed. If the + namespace is different, the config map or the + secret will be copied so that it can be mounted + as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + clientSecretReference: + description: Reference to the secret or config map containing + the client secret + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret containing + the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, assumes same + namespace as where NetObserv is deployed. If the + namespace is different, the config map or the + secret will be copied so that it can be mounted + as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Type of SASL authentication to use, or + `DISABLED` if SASL is not used + enum: + - DISABLED + - PLAIN + - SCRAM-SHA512 + type: string + type: object + tls: + description: TLS client configuration. When using TLS, verify + that the address matches the Kafka port used for TLS, + generally 9093. + properties: + caCert: + description: '`caCert` defines the reference of the + certificate for the Certificate Authority' + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map or + secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the config + map or secret. Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, assumes the + same namespace as where NetObserv is deployed. + If the namespace is different, the config map + or the secret will be copied so that it can be + mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: Enable TLS + type: boolean + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping client-side + verification of the server certificate. If set to + true, the `caCert` field is ignored.' + type: boolean + userCert: + description: '`userCert` defines the user certificate + reference and is used for mTLS (you can ignore it + when using one-way TLS)' + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map or + secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the config + map or secret. Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, assumes the + same namespace as where NetObserv is deployed. + If the namespace is different, the config map + or the secret will be copied so that it can be + mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + type: object + topic: + default: "" + description: Kafka topic to use. It must exist, NetObserv + will not create it. + type: string + required: + - address + - topic + type: object + type: + description: '`type` selects the type of exporters. The available + options are `KAFKA` and `IPFIX`. `IPFIX` is unsupported (*).' + enum: + - KAFKA + - IPFIX + type: string + required: + - type + type: object + type: array + kafka: + description: Kafka configuration, allowing to use Kafka as a broker + as part of the flow collection pipeline. Available when the `spec.deploymentModel` + is `KAFKA`. + properties: + address: + default: "" + description: Address of the Kafka server + type: string + sasl: + description: SASL authentication configuration. [Unsupported (*)]. + properties: + clientIDReference: + description: Reference to the secret or config map containing + the client ID + properties: + file: + description: File name within the config map or secret + type: string + name: + description: Name of the config map or secret containing + the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + the file. If omitted, assumes same namespace as where + NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + clientSecretReference: + description: Reference to the secret or config map containing + the client secret + properties: + file: + description: File name within the config map or secret + type: string + name: + description: Name of the config map or secret containing + the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + the file. If omitted, assumes same namespace as where + NetObserv is deployed. If the namespace is different, + the config map or the secret will be copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Type of SASL authentication to use, or `DISABLED` + if SASL is not used + enum: + - DISABLED + - PLAIN + - SCRAM-SHA512 + type: string + type: object + tls: + description: TLS client configuration. When using TLS, verify + that the address matches the Kafka port used for TLS, generally + 9093. + properties: + caCert: + description: '`caCert` defines the reference of the certificate + for the Certificate Authority' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: Enable TLS + type: boolean + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping client-side + verification of the server certificate. If set to true, + the `caCert` field is ignored.' + type: boolean + userCert: + description: '`userCert` defines the user certificate reference + and is used for mTLS (you can ignore it when using one-way + TLS)' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + type: object + topic: + default: "" + description: Kafka topic to use. It must exist, NetObserv will + not create it. + type: string + required: + - address + - topic + type: object + loki: + description: Loki, the flow store, client settings. + properties: + authToken: + default: DISABLED + description: '`authToken` describes the way to get a token to + authenticate to Loki.
- `DISABLED` will not send any token + with the request.
- `FORWARD` will forward the user token + for authorization.
- `HOST` [deprecated (*)] - will use + the local pod service account to authenticate to Loki.
When + using the Loki Operator, this must be set to `FORWARD`.' + enum: + - DISABLED + - HOST + - FORWARD + type: string + batchSize: + default: 102400 + description: '`batchSize` is the maximum batch size (in bytes) + of logs to accumulate before sending.' + format: int64 + minimum: 1 + type: integer + batchWait: + default: 1s + description: '`batchWait` is the maximum time to wait before sending + a batch.' + type: string + enable: + default: true + description: enable storing flows to Loki. It is required for + the OpenShift Console plugin installation. + type: boolean + maxBackoff: + default: 5s + description: '`maxBackoff` is the maximum backoff time for client + connection between retries.' + type: string + maxRetries: + default: 2 + description: '`maxRetries` is the maximum number of retries for + client connections.' + format: int32 + minimum: 0 + type: integer + minBackoff: + default: 1s + description: '`minBackoff` is the initial backoff time for client + connection between retries.' + type: string + querierUrl: + description: '`querierURL` specifies the address of the Loki querier + service, in case it is different from the Loki ingester URL. + If empty, the URL value will be used (assuming that the Loki + ingester and querier are in the same server). When using the + Loki Operator, do not set it, since ingestion and queries use + the Loki gateway.' + type: string + staticLabels: + additionalProperties: + type: string + default: + app: netobserv-flowcollector + description: '`staticLabels` is a map of common labels to set + on each flow.' + type: object + statusTls: + description: TLS client configuration for Loki status URL. + properties: + caCert: + description: '`caCert` defines the reference of the certificate + for the Certificate Authority' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: Enable TLS + type: boolean + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping client-side + verification of the server certificate. If set to true, + the `caCert` field is ignored.' + type: boolean + userCert: + description: '`userCert` defines the user certificate reference + and is used for mTLS (you can ignore it when using one-way + TLS)' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + type: object + statusUrl: + description: '`statusURL` specifies the address of the Loki `/ready`, + `/metrics` and `/config` endpoints, in case it is different + from the Loki querier URL. If empty, the `querierURL` value + will be used. This is useful to show error messages and some + context in the frontend. When using the Loki Operator, set it + to the Loki HTTP query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. + `statusTLS` configuration will be used when `statusUrl` is set.' + type: string + tenantID: + default: netobserv + description: '`tenantID` is the Loki `X-Scope-OrgID` that identifies + the tenant for each request. When using the Loki Operator, set + it to `network`, which corresponds to a special tenant mode.' + type: string + timeout: + default: 10s + description: '`timeout` is the maximum time connection / request + limit. A timeout of zero means no timeout.' + type: string + tls: + description: TLS client configuration for Loki URL. + properties: + caCert: + description: '`caCert` defines the reference of the certificate + for the Certificate Authority' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + enable: + default: false + description: Enable TLS + type: boolean + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping client-side + verification of the server certificate. If set to true, + the `caCert` field is ignored.' + type: boolean + userCert: + description: '`userCert` defines the user certificate reference + and is used for mTLS (you can ignore it when using one-way + TLS)' + properties: + certFile: + description: '`certFile` defines the path to the certificate + file name within the config map or secret' + type: string + certKey: + description: '`certKey` defines the path to the certificate + private key file name within the config map or secret. + Omit when the key is not necessary.' + type: string + name: + description: Name of the config map or secret containing + certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret containing + certificates. If omitted, assumes the same namespace + as where NetObserv is deployed. If the namespace is + different, the config map or the secret will be copied + so that it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: `configmap` + or `secret`' + enum: + - configmap + - secret + type: string + type: object + type: object + url: + default: http://loki:3100/ + description: '`url` is the address of an existing Loki service + to push the flows to. When using the Loki Operator, set it to + the Loki gateway service with the `network` tenant set in path, + for example https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network.' + type: string + type: object + namespace: + default: netobserv + description: Namespace where NetObserv pods are deployed. If empty, + the namespace of the operator is going to be used. + type: string + processor: + description: '`processor` defines the settings of the component that + receives the flows from the agent, enriches them, generates metrics, + and forwards them to the Loki persistence layer and/or any available + exporter.' + properties: + clusterName: + default: "" + description: '`clusterName` is the name of the cluster to appear + in the flows data. This is useful in a multi-cluster context. + When using OpenShift, leave empty to make it automatically determined.' + type: string + conversationEndTimeout: + default: 10s + description: '`conversationEndTimeout` is the time to wait after + a network flow is received, to consider the conversation ended. + This delay is ignored when a FIN packet is collected for TCP + flows (see `conversationTerminatingTimeout` instead).' + type: string + conversationHeartbeatInterval: + default: 30s + description: '`conversationHeartbeatInterval` is the time to wait + between "tick" events of a conversation' + type: string + conversationTerminatingTimeout: + default: 5s + description: '`conversationTerminatingTimeout` is the time to + wait from detected FIN flag to end a conversation. Only relevant + for TCP flows.' + type: string + debug: + description: '`debug` allows setting some aspects of the internal + configuration of the flow processor. This section is aimed exclusively + for debugging and fine-grained performance optimizations, such + as GOGC and GOMAXPROCS env vars. Users setting its values do + it at their own risk.' + properties: + env: + additionalProperties: + type: string + description: '`env` allows passing custom environment variables + to underlying components. Useful for passing some very concrete + performance-tuning options, such as GOGC and GOMAXPROCS, + that should not be publicly exposed as part of the FlowCollector + descriptor, as they are only useful in edge debug or support + scenarios.' + type: object + type: object + dropUnusedFields: + default: true + description: '`dropUnusedFields` allows, when set to true, to + drop fields that are known to be unused by OVS, to save storage + space.' + type: boolean + enableKubeProbes: + default: true + description: '`enableKubeProbes` is a flag to enable or disable + Kubernetes liveness and readiness probes' + type: boolean + healthPort: + default: 8080 + description: '`healthPort` is a collector HTTP port in the Pod + that exposes the health check API' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + imagePullPolicy: + default: IfNotPresent + description: '`imagePullPolicy` is the Kubernetes pull policy + for the image defined above' + enum: + - IfNotPresent + - Always + - Never + type: string + kafkaConsumerAutoscaler: + description: '`kafkaConsumerAutoscaler` is the spec of a horizontal + pod autoscaler to set up for `flowlogs-pipeline-transformer`, + which consumes Kafka messages. This setting is ignored when + Kafka is disabled.' + properties: + maxReplicas: + default: 3 + description: '`maxReplicas` is the upper limit for the number + of pods that can be set by the autoscaler; cannot be smaller + than MinReplicas.' + format: int32 + type: integer + metrics: + description: Metrics used by the pod autoscaler + items: + description: MetricSpec specifies how to scale based on + a single metric (only `type` and one other matching field + should be set at once). + properties: + containerResource: + description: containerResource refers to a resource + metric (such as those specified in requests and limits) + known to Kubernetes describing a single container + in each pod of the current scale target (e.g. CPU + or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the + HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: external refers to a global metric that + is not associated with any Kubernetes object. It allows + autoscaling based on information coming from components + running outside of cluster (for example length of + queue in cloud messaging service, or QPS from loadbalancer + running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: object refers to a metric describing a + single kubernetes object (for example, hits-per-second + on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: 'Kind of the referent; More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' + type: string + name: + description: 'Name of the referent; More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: pods refers to a metric describing each + pod in the current scale target (for example, transactions-processed-per-second). The + values will be averaged together before being compared + to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: selector is the string-encoded + form of a standard kubernetes label selector + for the given metric When set, it is passed + as an additional parameter to the metrics + server for more specific metrics scoping. + When unset, just the metricName will be used + to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: resource refers to a resource metric (such + as those specified in requests and limits) known to + Kubernetes describing each pod in the current scale + target (e.g. CPU or memory). Such metrics are built + in to Kubernetes, and have special scaling options + on top of those available to normal per-pod metrics + using the "pods" source. + properties: + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: averageUtilization is the target + value of the average of the resource metric + across all relevant pods, represented as a + percentage of the requested value of the resource + for the pods. Currently only valid for Resource + metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value + of the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: 'type is the type of metric source. It + should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a + matching field in the object. Note: "ContainerResource" + type is available on when the feature-gate HPAContainerMetrics + is enabled' + type: string + required: + - type + type: object + type: array + minReplicas: + description: '`minReplicas` is the lower limit for the number + of replicas to which the autoscaler can scale down. It defaults + to 1 pod. minReplicas is allowed to be 0 if the alpha feature + gate HPAScaleToZero is enabled and at least one Object or + External metric is configured. Scaling is active as long + as at least one metric value is available.' + format: int32 + type: integer + status: + default: DISABLED + description: '`status` describes the desired status regarding + deploying an horizontal pod autoscaler.
- `DISABLED` + will not deploy an horizontal pod autoscaler.
- `ENABLED` + will deploy an horizontal pod autoscaler.
' + enum: + - DISABLED + - ENABLED + type: string + type: object + kafkaConsumerBatchSize: + default: 10485760 + description: '`kafkaConsumerBatchSize` indicates to the broker + the maximum batch size, in bytes, that the consumer will accept. + Ignored when not using Kafka. Default: 10MB.' + type: integer + kafkaConsumerQueueCapacity: + default: 1000 + description: '`kafkaConsumerQueueCapacity` defines the capacity + of the internal message queue used in the Kafka consumer client. + Ignored when not using Kafka.' + type: integer + kafkaConsumerReplicas: + default: 3 + description: '`kafkaConsumerReplicas` defines the number of replicas + (pods) to start for `flowlogs-pipeline-transformer`, which consumes + Kafka messages. This setting is ignored when Kafka is disabled.' + format: int32 + minimum: 0 + type: integer + logLevel: + default: info + description: '`logLevel` of the processor runtime' + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + logTypes: + default: FLOWS + description: '`logTypes` defines the desired record types to generate. + Possible values are:
- `FLOWS` (default) to export regular + network flows
- `CONVERSATIONS` to generate events for started + conversations, ended conversations as well as periodic "tick" + updates
- `ENDED_CONVERSATIONS` to generate only ended conversations + events
- `ALL` to generate both network flows and all conversations + events
' + enum: + - FLOWS + - CONVERSATIONS + - ENDED_CONVERSATIONS + - ALL + type: string + metrics: + description: '`Metrics` define the processor configuration regarding + metrics' + properties: + disableAlerts: + description: '`disableAlerts` is a list of alerts that should + be disabled. Possible values are:
`NetObservNoFlows`, + which is triggered when no flows are being observed for + a certain period.
`NetObservLokiError`, which is triggered + when flows are being dropped due to Loki errors.
' + items: + description: Name of a processor alert. Possible values + are:
- `NetObservNoFlows`, which is triggered when + no flows are being observed for a certain period.
+ - `NetObservLokiError`, which is triggered when flows + are being dropped due to Loki errors.
+ enum: + - NetObservNoFlows + - NetObservLokiError + type: string + type: array + ignoreTags: + default: + - egress + - packets + - nodes-flows + - namespaces-flows + - workloads-flows + - namespaces + description: '`ignoreTags` is a list of tags to specify which + metrics to ignore. Each metric is associated with a list + of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions + . Available tags are: `egress`, `ingress`, `flows`, `bytes`, + `packets`, `namespaces`, `nodes`, `workloads`, `nodes-flows`, + `namespaces-flows`, `workloads-flows`. Namespace-based metrics + are covered by both `workloads` and `namespaces` tags, hence + it is recommended to always ignore one of them (`workloads` + offering a finer granularity).' + items: + type: string + type: array + server: + description: Metrics server endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: The prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + insecureSkipVerify: + default: false + description: insecureSkipVerify allows skipping client-side + verification of the provided certificate If set + to true, ProvidedCaFile field will be ignored + type: boolean + provided: + description: TLS configuration when `type` is set + to `PROVIDED`. + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map + or secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the + config map or secret. Omit when the key is not + necessary.' + type: string + name: + description: Name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, assumes + the same namespace as where NetObserv is deployed. + If the namespace is different, the config map + or the secret will be copied so that it can + be mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + providedCaFile: + description: Reference to the CA file will be ignored + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret + containing the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, assumes same + namespace as where NetObserv is deployed. If + the namespace is different, the config map or + the secret will be copied so that it can be + mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Select the type of TLS configuration:
+ - `DISABLED` (default) to not configure TLS for + the endpoint. - `PROVIDED` to manually provide cert + file and a key file. - `AUTO` to use OpenShift auto + generated certificate using annotations. + enum: + - DISABLED + - PROVIDED + - AUTO + type: string + type: object + type: object + type: object + port: + default: 2055 + description: Port of the flow collector (host port). By convention, + some values are forbidden. It must be greater than 1024 and + different from 4500, 4789 and 6081. + format: int32 + maximum: 65535 + minimum: 1025 + type: integer + profilePort: + description: '`profilePort` allows setting up a Go pprof profiler + listening to this port' + format: int32 + maximum: 65535 + minimum: 0 + type: integer + resources: + default: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 100Mi + description: '`resources` are the compute resources required by + this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + status: + description: '`FlowCollectorStatus` defines the observed state of FlowCollector' + properties: + conditions: + description: '`conditions` represent the latest available observations + of an object''s state' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + namespace: + description: Namespace where console plugin and flowlogs-pipeline + have been deployed. + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-manager-config_v1_configmap.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..734dcc671b5 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-manager-config_v1_configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 7a7ecdcd.netobserv.io +kind: ConfigMap +metadata: + labels: + app: netobserv-operator + name: netobserv-manager-config diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml new file mode 100644 index 00000000000..a48745877d6 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -0,0 +1,19 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: netobserv-metrics-monitor +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + interval: 30s + path: /metrics + port: https + scheme: https + tlsConfig: + caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + serverName: netobserv-metrics-service.openshift-netobserv-operator.svc + selector: + matchLabels: + control-plane: controller-manager diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-service_v1_service.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..59b4d16b0e0 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-metrics-service_v1_service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: manager-metrics-tls + creationTimestamp: null + labels: + control-plane: controller-manager + name: netobserv-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..c75dc1a35f2 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: netobserv-openshift-netobserv-operator-prometheus +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 00000000000..813866a362b --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-openshift-netobserv-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + name: netobserv-openshift-netobserv-operator-prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: netobserv-openshift-netobserv-operator-prometheus +subjects: +- kind: ServiceAccount + name: prometheus-k8s + namespace: openshift-monitoring diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-operator.clusterserviceversion.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..febe864469b --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-operator.clusterserviceversion.yaml @@ -0,0 +1,890 @@ +apiVersion: operators.coreos.com/v1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "flows.netobserv.io/v1alpha1", + "kind": "FlowCollector", + "metadata": { + "name": "cluster" + }, + "spec": { + "agent": { + "ebpf": { + "cacheActiveTimeout": "5s", + "cacheMaxFlows": 100000, + "excludeInterfaces": [ + "lo" + ], + "imagePullPolicy": "IfNotPresent", + "interfaces": [], + "kafkaBatchSize": 10485760, + "logLevel": "info", + "resources": { + "limits": { + "memory": "800Mi" + }, + "requests": { + "cpu": "100m", + "memory": "50Mi" + } + }, + "sampling": 50 + }, + "type": "EBPF" + }, + "consolePlugin": { + "autoscaler": { + "maxReplicas": 3, + "metrics": [ + { + "resource": { + "name": "cpu", + "target": { + "averageUtilization": 50, + "type": "Utilization" + } + }, + "type": "Resource" + } + ], + "minReplicas": 1, + "status": "DISABLED" + }, + "imagePullPolicy": "IfNotPresent", + "logLevel": "info", + "port": 9001, + "portNaming": { + "enable": true, + "portNames": { + "3100": "loki" + } + }, + "quickFilters": [ + { + "default": true, + "filter": { + "dst_namespace!": "openshift-,netobserv", + "src_namespace!": "openshift-,netobserv" + }, + "name": "Applications" + }, + { + "filter": { + "dst_namespace": "openshift-,netobserv", + "src_namespace": "openshift-,netobserv" + }, + "name": "Infrastructure" + }, + { + "default": true, + "filter": { + "dst_kind": "Pod", + "src_kind": "Pod" + }, + "name": "Pods network" + }, + { + "filter": { + "dst_kind": "Service" + }, + "name": "Services network" + } + ], + "register": true + }, + "deploymentModel": "DIRECT", + "exporters": [], + "kafka": { + "address": "kafka-cluster-kafka-bootstrap.netobserv", + "tls": { + "caCert": { + "certFile": "ca.crt", + "name": "kafka-cluster-cluster-ca-cert", + "type": "secret" + }, + "enable": false, + "userCert": { + "certFile": "user.crt", + "certKey": "user.key", + "name": "flp-kafka", + "type": "secret" + } + }, + "topic": "network-flows" + }, + "loki": { + "batchSize": 10485760, + "batchWait": "1s", + "maxBackoff": "5s", + "maxRetries": 2, + "minBackoff": "1s", + "tls": { + "caCert": { + "certFile": "service-ca.crt", + "name": "loki-gateway-ca-bundle", + "type": "configmap" + }, + "enable": false, + "insecureSkipVerify": false + }, + "url": "http://loki.netobserv.svc:3100/" + }, + "namespace": "netobserv", + "processor": { + "dropUnusedFields": true, + "imagePullPolicy": "IfNotPresent", + "kafkaConsumerAutoscaler": null, + "kafkaConsumerBatchSize": 10485760, + "kafkaConsumerQueueCapacity": 1000, + "kafkaConsumerReplicas": 3, + "logLevel": "info", + "metrics": { + "ignoreTags": [ + "egress", + "packets" + ], + "server": { + "port": 9102 + } + }, + "port": 2055, + "profilePort": 6060, + "resources": { + "limits": { + "memory": "800Mi" + }, + "requests": { + "cpu": "100m", + "memory": "100Mi" + } + } + } + } + }, + { + "apiVersion": "flows.netobserv.io/v1beta1", + "kind": "FlowCollector", + "metadata": { + "name": "cluster" + }, + "spec": { + "agent": { + "ebpf": { + "cacheActiveTimeout": "5s", + "cacheMaxFlows": 100000, + "excludeInterfaces": [ + "lo" + ], + "imagePullPolicy": "IfNotPresent", + "interfaces": [], + "kafkaBatchSize": 10485760, + "logLevel": "info", + "privileged": false, + "resources": { + "limits": { + "memory": "800Mi" + }, + "requests": { + "cpu": "100m", + "memory": "50Mi" + } + }, + "sampling": 50 + }, + "type": "EBPF" + }, + "consolePlugin": { + "autoscaler": { + "maxReplicas": 3, + "metrics": [ + { + "resource": { + "name": "cpu", + "target": { + "averageUtilization": 50, + "type": "Utilization" + } + }, + "type": "Resource" + } + ], + "minReplicas": 1, + "status": "DISABLED" + }, + "enable": true, + "imagePullPolicy": "IfNotPresent", + "logLevel": "info", + "port": 9001, + "portNaming": { + "enable": true, + "portNames": { + "3100": "loki" + } + }, + "quickFilters": [ + { + "default": true, + "filter": { + "dst_namespace!": "openshift-,netobserv", + "src_namespace!": "openshift-,netobserv" + }, + "name": "Applications" + }, + { + "filter": { + "dst_namespace": "openshift-,netobserv", + "src_namespace": "openshift-,netobserv" + }, + "name": "Infrastructure" + }, + { + "default": true, + "filter": { + "dst_kind": "Pod", + "src_kind": "Pod" + }, + "name": "Pods network" + }, + { + "filter": { + "dst_kind": "Service" + }, + "name": "Services network" + } + ], + "register": true + }, + "deploymentModel": "DIRECT", + "exporters": [], + "kafka": { + "address": "kafka-cluster-kafka-bootstrap.netobserv", + "tls": { + "caCert": { + "certFile": "ca.crt", + "name": "kafka-cluster-cluster-ca-cert", + "type": "secret" + }, + "enable": false, + "userCert": { + "certFile": "user.crt", + "certKey": "user.key", + "name": "flp-kafka", + "type": "secret" + } + }, + "topic": "network-flows" + }, + "loki": { + "batchSize": 10485760, + "batchWait": "1s", + "enable": true, + "maxBackoff": "5s", + "maxRetries": 2, + "minBackoff": "1s", + "statusTls": { + "caCert": { + "certFile": "service-ca.crt", + "name": "loki-ca-bundle", + "type": "configmap" + }, + "enable": false, + "insecureSkipVerify": false, + "userCert": { + "certFile": "tls.crt", + "certKey": "tls.key", + "name": "loki-query-frontend-http", + "type": "secret" + } + }, + "tls": { + "caCert": { + "certFile": "service-ca.crt", + "name": "loki-gateway-ca-bundle", + "type": "configmap" + }, + "enable": false, + "insecureSkipVerify": false + }, + "url": "http://loki.netobserv.svc:3100/" + }, + "namespace": "netobserv", + "processor": { + "conversationEndTimeout": "10s", + "conversationHeartbeatInterval": "30s", + "conversationTerminatingTimeout": "5s", + "dropUnusedFields": true, + "imagePullPolicy": "IfNotPresent", + "kafkaConsumerAutoscaler": null, + "kafkaConsumerBatchSize": 10485760, + "kafkaConsumerQueueCapacity": 1000, + "kafkaConsumerReplicas": 3, + "logLevel": "info", + "logTypes": "FLOWS", + "metrics": { + "disableAlerts": [], + "ignoreTags": [ + "egress", + "packets", + "nodes-flows", + "namespaces-flows", + "workloads-flows", + "namespaces" + ], + "server": { + "port": 9102 + } + }, + "port": 2055, + "profilePort": 6060, + "resources": { + "limits": { + "memory": "800Mi" + }, + "requests": { + "cpu": "100m", + "memory": "100Mi" + } + } + } + } + } + ] + capabilities: Seamless Upgrades + categories: Monitoring + console.openshift.io/plugins: '["netobserv-plugin"]' + containerImage: quay.io/netobserv/network-observability-operator:1.0.4 + createdAt: '2023-09-11T15:31:38Z' + description: Network flows collector and monitoring solution + operatorframework.io/suggested-namespace: openshift-netobserv-operator + operators.operatorframework.io/builder: operator-sdk-v1.25.3 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/netobserv/network-observability-operator + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/arch.ppc64le: supported + operatorframework.io/arch.s390x: supported + operatorframework.io/os.linux: supported + name: netobserv-operator.v1.0.4 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: FlowCollector is the Schema for the flowcollectors API, which pilots + and configures netflow collection. + displayName: Flow Collector + kind: FlowCollector + name: flowcollectors.flows.netobserv.io + version: v1alpha1 + - description: '`FlowCollector` is the schema for the network flows collection + API, which pilots and configures the underlying deployments.' + displayName: Flow Collector + kind: FlowCollector + name: flowcollectors.flows.netobserv.io + version: v1beta1 + description: |- + NetObserv Operator is an OpenShift / Kubernetes operator for network observability. It deploys a monitoring pipeline to collect and enrich network flows. These flows can be produced by the NetObserv eBPF agent, or by any device or CNI able to export flows in IPFIX format, such as OVN-Kubernetes. + + The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When used in OpenShift, new views are available in the Console. + + ## Dependencies + + ### Loki + + [Loki](https://grafana.com/oss/loki/), from GrafanaLabs, is the backend that is used to store all collected flows. The NetObserv Operator does not install Loki directly, however we provide some guidance to help you there. + + For normal usage, we recommend two options: + + - Installing the [Loki Operator](https://loki-operator.dev/docs/prologue/quickstart.md/). We have written [a guide](https://github.com/netobserv/documents/blob/main/loki_operator.md) to help you through those steps. Please note that it requires configuring an object storage. Note also that the Loki Operator can also be used for [OpenShift cluster logging](https://docs.openshift.com/container-platform/4.11/logging/cluster-logging.html). If you do so, you should not share the same `LokiStack` for Logging and NetObserv. + + - Installing using [Grafana's official documentation](https://grafana.com/docs/loki/latest/). Here also we wrote a ["distributed Loki" step by step guide](https://github.com/netobserv/documents/blob/main/loki_distributed.md). + + For a quick try that is not suitable for production and not scalable (it deploys a single pod, configures a 1GB storage PVC, with 24 hours of retention), you can simply run the following commands: + + ``` + kubectl create namespace netobserv + kubectl apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents/252bb624cf0425a1b66f59ce68fb939f246ef77b/examples/zero-click-loki/1-storage.yaml) -n netobserv + kubectl apply -f <(curl -L https://raw.githubusercontent.com/netobserv/documents/252bb624cf0425a1b66f59ce68fb939f246ef77b/examples/zero-click-loki/2-loki.yaml) -n netobserv + ``` + + ### Kafka + + [Apache Kafka](https://kafka.apache.org/) can optionally be used for a more resilient and scalable architecture. You can use for instance [Strimzi](https://strimzi.io/), an operator-based distribution of Kafka for Kubernetes and OpenShift. + + ### Grafana + + [Grafana](https://grafana.com/oss/grafana/) can optionally be installed for custom dashboards and query capabilities. + + ## Configuration + + The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](https://github.com/netobserv/network-observability-operator/blob/1.0.4/docs/FlowCollector.md), and a full sample file [there](https://github.com/netobserv/network-observability-operator/blob/1.0.4/config/samples/flows_v1beta1_flowcollector.yaml). + + To edit configuration in cluster, run: + + ```bash + kubectl edit flowcollector cluster + ``` + + As it operates cluster-wide, only a single `FlowCollector` is allowed, and it has to be named `cluster`. + + A couple of settings deserve special attention: + + - Agent (`spec.agent.type`) can be `EBPF` (default) or `IPFIX`. eBPF is recommended, as it should work in more situations and offers better performances. If you can't, or don't want to use eBPF, note that the IPFIX option is fully functional only when using [OVN-Kubernetes](https://github.com/ovn-org/ovn-kubernetes/) CNI. Other CNIs are not officially supported, but you may still be able to configure them manually if they allow IPFIX exports. + + - Sampling (`spec.agent.ebpf.sampling` and `spec.agent.ipfix.sampling`): a value of `100` means: one flow every 100 is sampled. `1` means all flows are sampled. The lower it is, the more flows you get, and the more accurate are derived metrics, but the higher amount of resources are consumed. By default, sampling is set to 50 (ie. 1:50) for eBPF and 400 (1:400) for IPFIX. Note that more sampled flows also means more storage needed. We recommend to start with default values and refine empirically, to figure out which setting your cluster can manage. + + - Loki (`spec.loki`): configure here how to reach Loki. The default values match the Loki quick install paths mentioned above, but you may have to configure differently if you used another installation method. + + - Quick filters (`spec.consolePlugin.quickFilters`): configure preset filters to be displayed in the Console plugin. They offer a way to quickly switch from filters to others, such as showing / hiding pods network, or infrastructure network, or application network, etc. They can be tuned to reflect the different workloads running on your cluster. For a list of available filters, [check this page](https://github.com/netobserv/network-observability-operator/blob/1.0.4/docs/QuickFilters.md). + + - Kafka (`spec.deploymentModel: KAFKA` and `spec.kafka`): when enabled, integrates the flow collection pipeline with Kafka, by splitting ingestion from transformation (kube enrichment, derived metrics, ...). Kafka can provide better scalability, resiliency and high availability ([view more details](https://www.redhat.com/en/topics/integration/what-is-apache-kafka)). Assumes Kafka is already deployed and a topic is created. + + - Exporters (`spec.exporters`) an optional list of exporters to which to send enriched flows. KAFKA and IPFIX exporters are supported. This allows you to define any custom storage or processing that can read from Kafka or use the IPFIX standard. + + ## Further reading + + Please refer to the documentation on GitHub for more information. + + This documentation includes: + + - An [overview](https://github.com/netobserv/network-observability-operator#openshift-console) of the features, with screenshots + - A [performance](https://github.com/netobserv/network-observability-operator#performance-fine-tuning) section, for fine-tuning + - A [security](https://github.com/netobserv/network-observability-operator#securing-data-and-communications) section + - An [F.A.Q.](https://github.com/netobserv/network-observability-operator#faq--troubleshooting) section + displayName: NetObserv Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDI2LjAuMiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxMDAgMTAwIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxMDAgMTAwOyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6dXJsKCNTVkdJRF8xXyk7fQoJLnN0MXtmaWxsOiNGRkZGRkY7fQoJLnN0MntvcGFjaXR5OjAuNjt9Cgkuc3Qze29wYWNpdHk6MC41O30KCS5zdDR7b3BhY2l0eTowLjQ7fQo8L3N0eWxlPgo8Zz4KCTxnPgoJCTxnPgoJCQk8cmFkaWFsR3JhZGllbnQgaWQ9IlNWR0lEXzFfIiBjeD0iMTQuNzc1OCIgY3k9Ii0yLjk3NzEiIHI9IjkxLjYyNyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQkJPHN0b3AgIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6IzNDM0ZBNiIvPgoJCQkJPHN0b3AgIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6IzNCMDM0MCIvPgoJCQk8L3JhZGlhbEdyYWRpZW50PgoJCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTAsOTljLTEzLjMsMC0yNS40LTUuMy0zNC4yLTEzLjlDNi43LDc2LjIsMSw2My43LDEsNTBDMSwyMi45LDIyLjksMSw1MCwxYzEzLjcsMCwyNi4yLDUuNywzNS4xLDE0LjgKCQkJCUM5My43LDI0LjYsOTksMzYuNyw5OSw1MEM5OSw3Ny4xLDc3LjEsOTksNTAsOTl6Ii8+CgkJPC9nPgoJCTxnPgoJCQk8Y2lyY2xlIGNsYXNzPSJzdDEiIGN4PSIzNy41IiBjeT0iODEuOSIgcj0iNSIvPgoJCTwvZz4KCQk8cGF0aCBjbGFzcz0ic3QxIiBkPSJNNDguNiw5MS45bDE4LjgtNDMuM2MtMi41LTAuMS01LTAuNy03LjItMkwzMy4yLDY4LjJsMS40LTEuOGwyMC0yNS4xYy0xLjUtMi40LTIuMy01LjEtMi4zLTcuOUw5LDUyLjIKCQkJbDQ3LjYtMjkuOWwwLDBjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjJjNi4xLTYuMSwxNS45LTYuMSwyMiwwbDAuMSwwLjFjNiw2LjEsNiwxNS45LTAuMSwyMS45Yy0wLjEsMC4xLTAuMiwwLjItMC4yLDAuMmwwLDAKCQkJTDQ4LjYsOTEuOXoiLz4KCQk8ZyBjbGFzcz0ic3QyIj4KCQkJPGNpcmNsZSBjbGFzcz0ic3QxIiBjeD0iNTAuMyIgY3k9IjE0LjciIHI9IjMuMSIvPgoJCTwvZz4KCQk8ZyBjbGFzcz0ic3QzIj4KCQkJPGNpcmNsZSBjbGFzcz0ic3QxIiBjeD0iMjcuNyIgY3k9IjU4IiByPSIxLjciLz4KCQk8L2c+CgkJPGc+CgkJCTxjaXJjbGUgY2xhc3M9InN0MSIgY3g9Ijc3LjQiIGN5PSI2OS4zIiByPSIxLjciLz4KCQk8L2c+CgkJPGc+CgkJCTxjaXJjbGUgY2xhc3M9InN0MSIgY3g9IjE2LjMiIGN5PSIzNi42IiByPSIxLjciLz4KCQk8L2c+CgkJPGcgY2xhc3M9InN0NCI+CgkJCTxjaXJjbGUgY2xhc3M9InN0MSIgY3g9IjYzLjciIGN5PSI4NS45IiByPSIyLjIiLz4KCQk8L2c+CgkJPGc+CgkJCTxjaXJjbGUgY2xhc3M9InN0MSIgY3g9IjI5LjQiIGN5PSIxOS42IiByPSI0LjgiLz4KCQk8L2c+CgkJPGcgY2xhc3M9InN0MyI+CgkJCTxjaXJjbGUgY2xhc3M9InN0MSIgY3g9Ijg4IiBjeT0iNTAiIHI9IjQuOCIvPgoJCTwvZz4KCTwvZz4KPC9nPgo8L3N2Zz4K + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - apiGroups: + - console.openshift.io + resources: + - consoleplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - pods + - services + verbs: + - get + - list + - watch + - apiGroups: + - flows.netobserv.io + resources: + - flowcollectors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flows.netobserv.io + resources: + - flowcollectors/finalizers + verbs: + - update + - apiGroups: + - flows.netobserv.io + resources: + - flowcollectors/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.openshift.io + resources: + - consoles + verbs: + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - list + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: netobserv-controller-manager + deployments: + - label: + app: netobserv-operator + control-plane: controller-manager + name: netobserv-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + app: netobserv-operator + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + app: netobserv-operator + control-plane: controller-manager + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --ebpf-agent-image=$(RELATED_IMAGE_EBPF_AGENT) + - --flowlogs-pipeline-image=$(RELATED_IMAGE_FLOWLOGS_PIPELINE) + - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN) + - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT) + command: + - /manager + env: + - name: RELATED_IMAGE_EBPF_AGENT + value: quay.io/netobserv/netobserv-ebpf-agent:v0.3.2 + - name: RELATED_IMAGE_FLOWLOGS_PIPELINE + value: quay.io/netobserv/flowlogs-pipeline:v0.1.10 + - name: RELATED_IMAGE_CONSOLE_PLUGIN + value: quay.io/netobserv/network-observability-console-plugin:v0.1.11 + - name: DOWNSTREAM_DEPLOYMENT + value: "false" + image: quay.io/netobserv/network-observability-operator:1.0.4 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + memory: 400Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + volumeMounts: + - mountPath: /etc/tls/private + name: manager-metric-tls + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: netobserv-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: manager-metric-tls + secret: + defaultMode: 420 + secretName: manager-metrics-tls + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: netobserv-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - network observability + - ebpf + - ipfix + - flow tracing + - flows + - topology + - network + - observability + links: + - name: Project page + url: https://github.com/netobserv/network-observability-operator + - name: Issue tracker + url: https://github.com/netobserv/network-observability-operator/issues + - name: Discussion board + url: https://github.com/netobserv/network-observability-operator/discussions + maintainers: + - email: jpinsonn@redhat.com + name: Julien Pinsonneau + - email: jtakvori@redhat.com + name: Joel Takvorian + - email: kmeth@redhat.com + name: Kalman Meth + - email: mmahmoud@redhat.com + name: Mohamed S. Mahmoud + - email: ocazade@redhat.com + name: Olivier Cazade + - email: rschaffe@redhat.com + name: Ronen Schaffer + - email: stlee@redhat.com + name: Steven Lee + maturity: alpha + minKubeVersion: 1.23.0 + provider: + name: Red Hat + url: https://www.redhat.com + relatedImages: + - image: quay.io/netobserv/netobserv-ebpf-agent:v0.3.2 + name: ebpf-agent + - image: quay.io/netobserv/flowlogs-pipeline:v0.1.10 + name: flowlogs-pipeline + - image: quay.io/netobserv/network-observability-console-plugin:v0.1.11 + name: console-plugin + replaces: netobserv-operator.v1.0.3 + version: 1.0.4 + webhookdefinitions: + - admissionReviewVersions: + - v1alpha1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - flowcollectors.flows.netobserv.io + deploymentName: netobserv-controller-manager + generateName: cflowcollectors.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: netobserv-controller-manager + failurePolicy: Fail + generateName: flowcollectorconversionwebhook.netobserv.io + rules: + - apiGroups: + - netobserv.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - flowcollectors + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-netobserv-io-v1beta1-flowcollector diff --git a/operators/netobserv-operator/1.0.4/manifests/netobserv-webhook-service_v1_service.yaml b/operators/netobserv-operator/1.0.4/manifests/netobserv-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..59926663788 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/manifests/netobserv-webhook-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: webhook-server-cert + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: netobserv-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: netobserv-operator + name: netobserv-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/netobserv-operator/1.0.4/metadata/annotations.yaml b/operators/netobserv-operator/1.0.4/metadata/annotations.yaml new file mode 100644 index 00000000000..a318d87f0a9 --- /dev/null +++ b/operators/netobserv-operator/1.0.4/metadata/annotations.yaml @@ -0,0 +1,13 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: netobserv-operator + operators.operatorframework.io.bundle.channels.v1: latest,v1.0.x + operators.operatorframework.io.bundle.channel.default.v1: latest + operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.3 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + com.redhat.openshift.versions: "v4.10-v4.14"