You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NetObserv Operator is a Kubernetes / OpenShift operator for network observability. It deploys a monitoring pipeline that consists in:
8
-
-an eBPF agent, that generates network flows from captured packets
9
-
-flowlogs-pipeline, a component that collects, enriches and exports these flows
10
-
-when used in OpenShift, a Console plugin for flows visualization with powerful filtering options, a topology representation and more
7
+
NetObserv Operator is a Kubernetes operator for network observability. It deploys a monitoring pipeline that consists in:
8
+
-An eBPF agent, that generates network flows from captured packets.
9
+
-Flowlogs-pipeline, a component that collects, enriches and exports these flows.
10
+
-A web console for flows visualization with powerful filtering options, a topology representation, a network health view, etc.
11
11
12
12
Flow data is then available in multiple ways, each optional:
13
13
14
-
- As Prometheus metrics
15
-
- As raw flow logs stored in Loki
16
-
- As raw flow logs exported to a collector
14
+
- As Prometheus metrics.
15
+
- As raw flow logs stored in Loki.
16
+
- As raw flow logs exported to a collector via Kafka, OpenTelemetry or IPFIX.
17
17
18
18
## Getting Started
19
19
20
20
You can install the NetObserv Operator using [Helm](https://helm.sh/), or directly from sources.
21
21
22
-
In OpenShift, NetObserv is named Network Observability operator and can be found in OperatorHub as an OLM operator. This section does not apply to it: please refer to the [OpenShift documentation](docs.redhat.com/en/documentation/openshift_container_platform/latest/html/network_observability/installing-network-observability-operators) in that case.
23
-
24
-
> [!IMPORTANT]
25
-
> NetObserv community was previously distributed via [OperatorHub](https://operatorhub.io/operator/netobserv-operator). This installation method is replaced with a helm chart. If you previously installed NetObserv community from OperatorHub, we recommend that you uninstall it, and re-install using the helm chart. The operation should not cause any data loss.
22
+
> [!TIP]
23
+
NetObserv can be used in downstream products, which may provide their own documentation. If you are using such a product, please refer to that documentation instead:
24
+
>
25
+
> - On OpenShift: [see Network Observability operator](https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/network_observability/installing-network-observability-operators).
26
26
27
27
### Pre-requisite
28
28
29
-
The following architectures are supported: amd64, arm64, ppc64le and s390x.
29
+
The following architectures are supported: _amd64_, _arm64_, _ppc64le_ and _s390x_.
30
30
31
31
NetObserv has a couple of dependencies that must be installed on your cluster:
32
32
@@ -54,12 +54,10 @@ Loki is not mandatory but improves the overall experience with NetObserv.
You can now create a `FlowCollector` resource. Refer to the [Configuration section](#configuration) of this document. A short `FlowCollector` should work, using most default values, plus with the standalone console enabled:
@@ -95,7 +93,6 @@ EOF
95
93
```
96
94
97
95
A few remarks:
98
-
-`spec.consolePlugin.standalone` can be set to true to deploy the [web console](https://github.com/netobserv/network-observability-console-plugin) as a standalone, as opposed to an OpenShift Console plugin. If you're in OpenShift, it's not recommended to set this mode, so you get a more integrated experience with the Console.
99
96
- You can change the Prometheus and Loki URLs depending on your installation. This example works if you use the "standalone" installation described above, with `install.loki=true` and `install.prom-stack=true`. Check more configuration options for [Prometheus](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md#flowcollectorspecprometheus-1) and [Loki](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md#flowcollectorspecloki-1).
100
97
- You can enable networkPolicy, which makes the operator lock down the namespaces that it manages; however, this is highly dependent on your cluster topology, and may cause malfunctions, such as preventing NetObserv pods from communicating with the Kube API server.
101
98
- The processor env `SERVER_NOTLS` means that the communication between eBPF agents and Flowlogs-pipeline won't be encrypted. To enable TLS, you need to supply the TLS certificates to Flowlogs-pipeline (a Secret named `flowlogs-pipeline-cert`), and the CA to the eBPF agents (a ConfigMap named `flowlogs-pipeline-ca` in the privileged namespace). [Check this issue](https://github.com/netobserv/network-observability-operator/issues/2360) if you want to help making it simpler.
@@ -141,11 +138,9 @@ Refer to the [Configuration section](#configuration) of this document.
141
138
142
139
Historically, Grafana Loki was a strict dependency but it isn't anymore. If you don't want to install it, you can still get the Prometheus metrics, and/or export raw flows to a custom collector. But be aware that some of the Console plugin features will be disabled. For instance, you will not be able to view raw flows there, and the metrics / topology will have a more limited level of details, missing information such as pods or IPs.
143
140
144
-
### OpenShift Console
145
-
146
-
_Pre-requisite: OpenShift 4.10 or above_
141
+
### Web Console
147
142
148
-
If the OpenShift Console is detected in the cluster, a console plugin is deployed when a `FlowCollector` is installed. It adds new pages and tabs to the console:
143
+
When `FlowCollector`is installed, a standalone web console is deployed or, when available, a console plugin. It provides the following views:
149
144
150
145
#### Overview metrics
151
146
@@ -168,12 +163,6 @@ The table view shows raw flows, ie. non aggregated, still with the same filterin
These views are accessible directly from the main menu, and also as contextual tabs for any Pod, Deployment, Service (etc.) in their details page, with filters set to focus on that particular resource.
The `FlowCollector` resource is used to configure the operator and its managed components. A comprehensive documentation is [available here](./docs/FlowCollector.md), and a full sample file [there](./config/samples/flows_v1beta2_flowcollector.yaml).
@@ -267,7 +256,7 @@ More information about multi-tenancy can be found on [this page](https://github.
267
256
268
257
For a production deployment, it is highly recommended to lock down the `netobserv` namespace (or wherever NetObserv is installed) using network policies.
269
258
270
-
You can set `spec.networkPolicy.enable` to `true` to make NetObserv install automatically a network policy. The policy may need to be fined-tuned for your environment (e.g. for access to kube apiserver, or Prometheus). It has been mostly tested on OpenShift.
259
+
You can set `spec.networkPolicy.enable` to `true` to make NetObserv install automatically a network policy. The policy may need to be fined-tuned for your environment (e.g. for access to kube apiserver, or Prometheus), by adding authorized namespaces.
271
260
272
261
A simple example of network policy is [provided here](https://github.com/netobserv/documents/blob/main/examples/lockdown-netobserv.yaml).
Copy file name to clipboardExpand all lines: helm/README.md
+14-14Lines changed: 14 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,25 +1,28 @@
1
1
# NetObserv Operator
2
2
3
-
NetObserv Operator is a Kubernetes / OpenShift operator for network observability. It deploys a monitoring pipeline that consists in:
4
-
-an eBPF agent, that generates network flows from captured packets
5
-
-flowlogs-pipeline, a component that collects, enriches and exports these flows
6
-
-when used in OpenShift, a Console plugin for flows visualization with powerful filtering options, a topology representation and more
3
+
NetObserv Operator is a Kubernetes operator for network observability. It deploys a monitoring pipeline that consists in:
4
+
-An eBPF agent, that generates network flows from captured packets.
5
+
-Flowlogs-pipeline, a component that collects, enriches and exports these flows.
6
+
-A web console for flows visualization with powerful filtering options, a topology representation, a network health view, etc.
7
7
8
8
Flow data is then available in multiple ways, each optional:
9
9
10
-
- As Prometheus metrics
11
-
- As raw flow logs stored in Loki
12
-
- As raw flow logs exported to a collector
10
+
- As Prometheus metrics.
11
+
- As raw flow logs stored in Loki.
12
+
- As raw flow logs exported to a collector via Kafka, OpenTelemetry or IPFIX.
13
13
14
14
## Getting Started
15
15
16
16
You can install the NetObserv Operator using [Helm](https://helm.sh/), or directly from sources.
17
17
18
-
In OpenShift, NetObserv is named Network Observability operator and can be found in OperatorHub as an OLM operator. This section does not apply to it: please refer to the [OpenShift documentation](docs.redhat.com/en/documentation/openshift_container_platform/latest/html/network_observability/installing-network-observability-operators) in that case.
18
+
> [!TIP]
19
+
NetObserv can be used in downstream products, which may provide their own documentation. If you are using such a product, please refer to that documentation instead:
20
+
>
21
+
> - On OpenShift: [see Network Observability operator](https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/network_observability/installing-network-observability-operators).
19
22
20
23
### Pre-requisite
21
24
22
-
The following architectures are supported: amd64, arm64, ppc64le and s390x.
25
+
The following architectures are supported: _amd64_, _arm64_, _ppc64le_ and _s390x_.
23
26
24
27
NetObserv has a couple of dependencies that must be installed on your cluster:
25
28
@@ -47,12 +50,10 @@ Loki is not mandatory but improves the overall experience with NetObserv.
You can now create a `FlowCollector` resource ([full API reference](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md#flowsnetobserviov1beta2)). A short `FlowCollector` should work, using most default values, plus with the standalone console enabled:
@@ -88,7 +89,6 @@ EOF
88
89
```
89
90
90
91
A few remarks:
91
-
-`spec.consolePlugin.standalone` can be set to true to deploy the [web console](https://github.com/netobserv/network-observability-console-plugin) as a standalone, as opposed to an OpenShift Console plugin. If you're in OpenShift, it's not recommended to set this mode, so you get a more integrated experience with the Console.
92
92
- You can change the Prometheus and Loki URLs depending on your installation. This example works if you use the "standalone" installation described above, with `install.loki=true` and `install.prom-stack=true`. Check more configuration options for [Prometheus](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md#flowcollectorspecprometheus-1) and [Loki](https://github.com/netobserv/network-observability-operator/blob/main/docs/FlowCollector.md#flowcollectorspecloki-1).
93
93
- You can enable networkPolicy, which makes the operator lock down the namespaces that it manages; however, this is highly dependent on your cluster topology, and may cause malfunctions, such as preventing NetObserv pods from communicating with the Kube API server.
94
94
- The processor env `SERVER_NOTLS` means that the communication between eBPF agents and Flowlogs-pipeline won't be encrypted. To enable TLS, you need to supply the TLS certificates to Flowlogs-pipeline (a Secret named `flowlogs-pipeline-cert`), and the CA to the eBPF agents (a ConfigMap named `flowlogs-pipeline-ca` in the privileged namespace).
0 commit comments