From b42198ae96545d802a340361294f67cf181aa2d4 Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Tue, 26 Apr 2022 09:50:10 +0200 Subject: [PATCH] Prepare release v0.1.2 --- RELEASE.md | 8 +- .../flows.netobserv.io_flowcollectors.yaml | 151 +++++++++++++++++- ...netobserv-manager-config_v1_configmap.yaml | 2 +- ...observ-operator.clusterserviceversion.yaml | 75 +++++++-- .../patches/version_in_flowcollectors.yaml | 7 +- config/manager/kustomization.yaml | 4 +- ...lows_v1alpha1_flowcollector_versioned.yaml | 7 +- 7 files changed, 223 insertions(+), 31 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 423559a45..7988fea9b 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -28,13 +28,13 @@ Once all sub-components are released (or have a release candidate), we can proce ```bash # Set desired operator version - CAREFUL, no leading "v" here -version="0.1.2-rc0" +version="0.1.2" # Set console plugin released version -plgv="v0.1.2-rc0" +plgv="v0.1.2" # Set flowlogs-pipeline released version -flpv="v0.1.1-rc0" +flpv="v0.1.1" # Set ebnpf-agent released version -bpfv="v0.1.0-rc0" +bpfv="v0.1.0" vv=v$version test_branch=test-$vv diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index 39fe2700a..f5862994e 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -39,6 +39,17 @@ spec: spec: description: FlowCollectorSpec defines the desired state of FlowCollector properties: + agent: + default: ipfix + description: Agent selects the flows' tracing agent. Possible values + are "ipfix" (default) to use the OpenVSwitch IPFIX collector (only + valid if your cluster uses OVN-Kubernetes CNI) or "ebpf" to use + NetObserv's eBPF agent. The eBPF agent is not officially released + yet, it is provided as a preview. + enum: + - ipfix + - ebpf + type: string clusterNetworkOperator: description: ClusterNetworkOperator contains settings related to the cluster network operator @@ -572,7 +583,7 @@ spec: - maxReplicas type: object image: - default: quay.io/netobserv/network-observability-console-plugin:v0.1.2-rc0 + default: quay.io/netobserv/network-observability-console-plugin:v0.1.2 description: Image is the plugin image (including domain and tag) type: string imagePullPolicy: @@ -620,6 +631,14 @@ spec: portNames: {"3100": "loki"}' type: object type: object + register: + default: true + description: 'Automatically register the provided console plugin + with the OpenShift Console operator. When set to false, you + can still register it manually by editing console.operator.openshift.io/cluster. + E.g: oc patch console.operator.openshift.io cluster --type=''json'' + -p ''[{"op": "add", "path": "/spec/plugins/-", "value": "network-observability-plugin"}]''' + type: boolean replicas: default: 1 description: Replicas defines the number of replicas (pods) to @@ -660,6 +679,116 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + required: + - register + type: object + ebpf: + default: + imagePullPolicy: IfNotPresent + description: EBPF contains the settings of an eBPF-based flow reporter when + the "agent" property is set to "ebpf". + properties: + cacheActiveTimeout: + default: 5s + description: CacheActiveTimeout is the max period during which + the reporter will aggregate flows before sending + pattern: ^\d+(ns|ms|s|m)?$ + type: string + cacheMaxFlows: + default: 1000 + description: CacheMaxFlows is the max number of flows in an aggregate; + when reached, the reporter sends the flows + format: int32 + minimum: 1 + type: integer + env: + additionalProperties: + type: string + description: Env allows passing custom environment variables to + the NetObserv Agent. Useful for passing some very concrete performance-tuning + options (e.g. GOGC, GOMAXPROCS) that shouldn't be publicly exposed + as part of the FlowCollector descriptor, as they are only useful + in edge debug/support scenarios. + type: object + excludeInterfaces: + default: + - lo + description: ExcludeInterfaces contains the interface names that + will be excluded from flow tracing. If an entry is enclosed + by slashes (e.g. `/br-/`), it will match as regular expression, + otherwise it will be matched as a case-sensitive string. + items: + type: string + type: array + image: + default: quay.io/netobserv/netobserv-ebpf-agent:v0.1.0 + description: Image is the NetObserv Agent image (including domain + and tag) + type: string + imagePullPolicy: + default: IfNotPresent + description: ImagePullPolicy is the Kubernetes pull policy for + the image defined above + enum: + - IfNotPresent + - Always + - Never + type: string + interfaces: + description: Interfaces contains the interface names from where + flows will be collected. If empty, the agent will fetch all + the interfaces in the system, excepting the ones listed in ExcludeInterfaces. + If an entry is enclosed by slashes (e.g. `/br-/`), it will match + as regular expression, otherwise it will be matched as a case-sensitive + string. + items: + type: string + type: array + logLevel: + default: info + description: LogLevel defines the log level for the NetObserv + eBPF Agent + enum: + - trace + - debug + - info + - warn + - error + - fatal + - panic + type: string + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + sampling: + description: Sampling is the sampling rate on the reporter. 100 + means one flow on 100 is sent. 0 or 1 means disabled. + format: int32 + type: integer type: object flowlogsPipeline: description: FlowlogsPipeline contains settings related to the flowlogs-pipeline @@ -1198,7 +1327,7 @@ spec: - maxReplicas type: object image: - default: quay.io/netobserv/flowlogs-pipeline:v0.1.1-rc0 + default: quay.io/netobserv/flowlogs-pipeline:v0.1.1 description: Image is the collector image (including domain and tag) type: string @@ -1241,6 +1370,14 @@ spec: maximum: 65535 minimum: 1025 type: integer + prometheusPort: + default: 9090 + description: 'PrometheusPort is the prometheus HTTP port: this + port exposes prometheus metrics' + format: int32 + maximum: 65535 + minimum: 1 + type: integer replicas: default: 1 description: Replicas defines the number of replicas (pods) to @@ -1283,10 +1420,14 @@ spec: type: object type: object ipfix: - description: IPFIX contains IPFIX-related settings for the flow reporter + default: + sampling: 400 + description: IPFIX contains the settings of an IPFIX-based flow reporter + when the "agent" property is set to "ipfix". defined if the ebpf + section is already defined properties: cacheActiveTimeout: - default: 10s + default: 60s description: CacheActiveTimeout is the max period during which the reporter will aggregate flows before sending pattern: ^\d+(ns|ms|s|m)?$ @@ -1373,6 +1514,8 @@ spec: going to be deployed. If empty, the namespace of the operator is going to be used type: string + required: + - agent type: object status: description: FlowCollectorStatus defines the observed state of FlowCollector diff --git a/bundle/manifests/netobserv-manager-config_v1_configmap.yaml b/bundle/manifests/netobserv-manager-config_v1_configmap.yaml index 7b46a84c6..d97723735 100644 --- a/bundle/manifests/netobserv-manager-config_v1_configmap.yaml +++ b/bundle/manifests/netobserv-manager-config_v1_configmap.yaml @@ -16,5 +16,5 @@ kind: ConfigMap metadata: labels: app: network-observability-operator - version: 0.1.2-rc0 + version: 0.1.2 name: netobserv-manager-config diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index 9073b37ce..68ab483d0 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -11,11 +11,12 @@ metadata: "name": "cluster" }, "spec": { + "agent": "ipfix", "clusterNetworkOperator": { "namespace": "openshift-network-operator" }, "consolePlugin": { - "image": "quay.io/netobserv/network-observability-console-plugin:v0.1.2-rc0", + "image": "quay.io/netobserv/network-observability-console-plugin:v0.1.2", "imagePullPolicy": "IfNotPresent", "logLevel": "info", "port": 9001, @@ -24,21 +25,35 @@ metadata: "portNames": { "3100": "loki" } - } + }, + "register": true + }, + "ebpf": { + "cacheActiveTimeout": "5s", + "cacheMaxFlows": 1000, + "excludeInterfaces": [ + "lo" + ], + "image": "quay.io/netobserv/netobserv-ebpf-agent:v0.1.0", + "imagePullPolicy": "IfNotPresent", + "interfaces": [], + "logLevel": "info", + "sampling": 0 }, "flowlogsPipeline": { "enableKubeProbes": true, "healthPort": 8080, - "image": "quay.io/netobserv/flowlogs-pipeline:v0.1.1-rc0", + "image": "quay.io/netobserv/flowlogs-pipeline:v0.1.1", "imagePullPolicy": "IfNotPresent", "kind": "DaemonSet", "logLevel": "info", - "port": 2055 + "port": 2055, + "prometheusPort": 9090 }, "ipfix": { "cacheActiveTimeout": "60s", - "cacheMaxFlows": 400, - "sampling": 100 + "cacheMaxFlows": 100, + "sampling": 400 }, "loki": { "batchSize": 102400, @@ -58,13 +73,13 @@ metadata: ] capabilities: Basic Install categories: Monitoring - containerImage: quay.io/netobserv/network-observability-operator:0.1.2-rc0 - createdAt: "2022-04-07T15:29:10Z" + containerImage: quay.io/netobserv/network-observability-operator:0.1.2 + createdAt: "2022-05-03T09:32:35Z" description: A network observability operator based on netflows (IPFIX) for OVN operators.operatorframework.io/builder: operator-sdk-v1.16.0+git operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/netobserv/network-observability-operator - name: netobserv-operator.v0.1.2-rc0 + name: netobserv-operator.v0.1.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -122,10 +137,12 @@ spec: To turn it off, remove the `OVN_IPFIX_TARGETS` env from `daemonset/ovnkube-node`. ### OpenShift Console - OpenShift 4.10 or above is required to use the Console plugin. It needs to be enabled explicitly, either via the Console itself, or via this command: + OpenShift 4.10 or above is required to use the Console plugin. The operator should register this plugin automatically if `spec.consolePlugin.register` is set to `true` (default). + + Otherwise, you can still do it manually, either via the Console itself or via this command: ``` - oc patch console.operator.openshift.io cluster --type='json' -p '[{"op": "add", "path": "/spec/plugins", "value": ["network-observability-plugin"]}]' + oc patch console.operator.openshift.io cluster --type='json' -p '[{"op": "add", "path": "/spec/plugins/-", "value": "network-observability-plugin"}]' ``` displayName: NetObserv Operator icon: @@ -135,6 +152,14 @@ spec: spec: clusterPermissions: - rules: + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -230,6 +255,15 @@ spec: - get - patch - update + - apiGroups: + - operator.openshift.io + resources: + - consoles + verbs: + - get + - list + - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -238,7 +272,9 @@ spec: - create - delete - get + - list - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -247,6 +283,15 @@ spec: - create - delete - get + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - list + - update + - watch - apiGroups: - security.openshift.io resourceNames: @@ -276,14 +321,14 @@ spec: matchLabels: app: network-observability-operator control-plane: controller-manager - version: 0.1.2-rc0 + version: 0.1.2 strategy: {} template: metadata: labels: app: network-observability-operator control-plane: controller-manager - version: 0.1.2-rc0 + version: 0.1.2 spec: containers: - args: @@ -304,7 +349,7 @@ spec: - --leader-elect command: - /manager - image: quay.io/netobserv/network-observability-operator:0.1.2-rc0 + image: quay.io/netobserv/network-observability-operator:0.1.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -403,4 +448,4 @@ spec: provider: name: Red Hat url: https://www.redhat.com - version: 0.1.2-rc0 + version: 0.1.2 diff --git a/config/crd/patches/version_in_flowcollectors.yaml b/config/crd/patches/version_in_flowcollectors.yaml index ee3447dd6..138d6a511 100644 --- a/config/crd/patches/version_in_flowcollectors.yaml +++ b/config/crd/patches/version_in_flowcollectors.yaml @@ -1,7 +1,10 @@ # This patch updates the version for default images - op: add path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/consolePlugin/properties/image/default - value: "quay.io/netobserv/network-observability-console-plugin:v0.1.2-rc0" + value: "quay.io/netobserv/network-observability-console-plugin:v0.1.2" - op: add path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/flowlogsPipeline/properties/image/default - value: "quay.io/netobserv/flowlogs-pipeline:v0.1.1-rc0" + value: "quay.io/netobserv/flowlogs-pipeline:v0.1.1" +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/ebpf/properties/image/default + value: "quay.io/netobserv/netobserv-ebpf-agent:v0.1.0" diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 1207bd0c2..ad945c055 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,7 +13,7 @@ kind: Kustomization images: - name: controller newName: quay.io/netobserv/network-observability-operator - newTag: 0.1.2-rc0 + newTag: 0.1.2 commonLabels: app: network-observability-operator - version: 0.1.2-rc0 + version: 0.1.2 diff --git a/config/samples/flows_v1alpha1_flowcollector_versioned.yaml b/config/samples/flows_v1alpha1_flowcollector_versioned.yaml index a314551e5..e2f3558d7 100644 --- a/config/samples/flows_v1alpha1_flowcollector_versioned.yaml +++ b/config/samples/flows_v1alpha1_flowcollector_versioned.yaml @@ -10,7 +10,7 @@ spec: cacheMaxFlows: 100 sampling: 400 ebpf: - image: 'quay.io/netobserv/netobserv-ebpf-agent:main' + image: 'quay.io/netobserv/netobserv-ebpf-agent:v0.1.0' imagePullPolicy: IfNotPresent sampling: 0 cacheActiveTimeout: 5s @@ -23,7 +23,7 @@ spec: # kind: Deployment # replicas: 1 port: 2055 - image: 'quay.io/netobserv/flowlogs-pipeline:v0.1.1-rc0' + image: 'quay.io/netobserv/flowlogs-pipeline:v0.1.1' imagePullPolicy: IfNotPresent logLevel: info enableKubeProbes: true @@ -40,7 +40,8 @@ spec: staticLabels: app: netobserv-flowcollector consolePlugin: - image: 'quay.io/netobserv/network-observability-console-plugin:v0.1.2-rc0' + register: true + image: 'quay.io/netobserv/network-observability-console-plugin:v0.1.2' imagePullPolicy: IfNotPresent port: 9001 logLevel: info