NETOBSERV-2534: Have a way to pause Network Observability functions (#2362)

* hold flag implementation

* skip SCC

* Use FlowCollector OnHold instead of CSV

* Delete agent SA on hold

---------

Co-authored-by: Joel Takvorian <jtakvori@redhat.com>

Author: jpinsonneau

api/flowcollector/v1beta2/flowcollector_types.go

@@ -91,6 +91,9 @@ type FlowCollectorSpec struct {
 
 	// `networkPolicy` defines network policy settings for NetObserv components isolation.
 	NetworkPolicy NetworkPolicy `json:"networkPolicy,omitempty"`
+
+	// `execution` defines configuration related to the execution of the flow collection process.
+	Execution FlowCollectorExecution `json:"execution,omitempty"`
 }
 
 type NetworkPolicy struct {
@@ -1542,6 +1545,25 @@ type FlowCollectorExporter struct {
 	OpenTelemetry FlowCollectorOpenTelemetry `json:"openTelemetry,omitempty"`
 }
 
+type ExecutionMode string
+
+const (
+	Running ExecutionMode = "Running"
+	OnHold  ExecutionMode = "OnHold"
+)
+
+// `FlowCollectorExecution` defines the flow collection process execution desired state.
+type FlowCollectorExecution struct {
+	// `mode` is the flow collection process execution desired mode: `Running` or `OnHold`.
+	// When `OnHold`, the operator deletes all managed services and workloads, with the exception
+	// of the static console plugin, and the operator itself.
+	// It allows to use minimal cluster resources without losing configuration.
+	// +kubebuilder:validation:Enum:="";"Running";"OnHold"
+	// +kubebuilder:default:=Running
+	// +optional
+	Mode ExecutionMode `json:"mode"`
+}
+
 // `FlowCollectorStatus` defines the observed state of FlowCollector
 type FlowCollectorStatus struct {
 	// Important: Run "make" to regenerate code after modifying this file

api/flowcollector/v1beta2/helper.go

@@ -13,6 +13,10 @@ func (spec *FlowCollectorSpec) GetNamespace() string {
 	return constants.DefaultOperatorNamespace
 }
 
+func (spec *FlowCollectorSpec) OnHold() bool {
+	return spec.Execution.Mode == OnHold
+}
+
 func (spec *FlowCollectorSpec) GetSampling() int {
 	if spec.Agent.EBPF.Sampling == nil {
 		return 50

api/flowcollector/v1beta2/zz_generated.deepcopy.go

@@ -3245,6 +3245,23 @@ spec:
                 - Direct
                 - Kafka
                 type: string
+              execution:
+                description: '`execution` defines configuration related to the execution
+                  of the flow collection process.'
+                properties:
+                  mode:
+                    default: Running
+                    description: |-
+                      `mode` is the flow collection process execution desired mode: `Running` or `OnHold`.
+                      When `OnHold`, the operator deletes all managed services and workloads, with the exception
+                      of the static console plugin, and the operator itself.
+                      It allows to use minimal cluster resources without losing configuration.
+                    enum:
+                    - ""
+                    - Running
+                    - OnHold
+                    type: string
+                type: object
               exporters:
                 description: '`exporters` defines additional optional exporters for
                   custom consumption or storage.'

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -410,6 +410,10 @@ spec:
         path: consolePlugin.standalone
       - displayName: Unmanaged replicas
         path: consolePlugin.unmanagedReplicas
+      - displayName: Execution
+        path: execution
+      - displayName: Mode
+        path: execution.mode
       - displayName: Address
         path: kafka.address
       - displayName: Topic

bundle/manifests/netobserv-operator.clusterserviceversion.yaml

@@ -3040,6 +3040,22 @@ spec:
                     - Direct
                     - Kafka
                   type: string
+                execution:
+                  description: '`execution` defines configuration related to the execution of the flow collection process.'
+                  properties:
+                    mode:
+                      default: Running
+                      description: |-
+                        `mode` is the flow collection process execution desired mode: `Running` or `OnHold`.
+                        When `OnHold`, the operator deletes all managed services and workloads, with the exception
+                        of the static console plugin, and the operator itself.
+                        It allows to use minimal cluster resources without losing configuration.
+                      enum:
+                        - ""
+                        - Running
+                        - OnHold
+                      type: string
+                  type: object
                 exporters:
                   description: '`exporters` defines additional optional exporters for custom consumption or storage.'
                   items:

config/crd/bases/flows.netobserv.io_flowcollectors.yaml

@@ -122,6 +122,13 @@ Kafka can provide better scalability, resiliency, and high availability (for mor
             <i>Default</i>: Service<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b><a href="#flowcollectorspecexecution">execution</a></b></td>
+        <td>object</td>
+        <td>
+          `execution` defines configuration related to the execution of the flow collection process.<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b><a href="#flowcollectorspecexportersindex">exporters</a></b></td>
         <td>[]object</td>
@@ -6008,6 +6015,39 @@ only the result of this request.<br/>
 </table>
 
 
+### FlowCollector.spec.execution
+<sup><sup>[↩ Parent](#flowcollectorspec)</sup></sup>
+
+
+
+`execution` defines configuration related to the execution of the flow collection process.
+
+<table>
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Type</th>
+            <th>Description</th>
+            <th>Required</th>
+        </tr>
+    </thead>
+    <tbody><tr>
+        <td><b>mode</b></td>
+        <td>enum</td>
+        <td>
+          `mode` is the flow collection process execution desired mode: `Running` or `OnHold`.
+When `OnHold`, the operator deletes all managed services and workloads, with the exception
+of the static console plugin, and the operator itself.
+It allows to use minimal cluster resources without losing configuration.<br/>
+          <br/>
+            <i>Enum</i>: , Running, OnHold<br/>
+            <i>Default</i>: Running<br/>
+        </td>
+        <td>false</td>
+      </tr></tbody>
+</table>
+
+
 ### FlowCollector.spec.exporters[index]
 <sup><sup>[↩ Parent](#flowcollectorspec)</sup></sup>
 

docs/FlowCollector.md

@@ -3044,6 +3044,22 @@ spec:
                     - Direct
                     - Kafka
                   type: string
+                execution:
+                  description: '`execution` defines configuration related to the execution of the flow collection process.'
+                  properties:
+                    mode:
+                      default: Running
+                      description: |-
+                        `mode` is the flow collection process execution desired mode: `Running` or `OnHold`.
+                        When `OnHold`, the operator deletes all managed services and workloads, with the exception
+                        of the static console plugin, and the operator itself.
+                        It allows to use minimal cluster resources without losing configuration.
+                      enum:
+                        - ""
+                        - Running
+                        - OnHold
+                      type: string
+                  type: object
                 exporters:
                   description: '`exporters` defines additional optional exporters for custom consumption or storage.'
                   items:

helm/crds/flows.netobserv.io_flowcollectors.yaml

@@ -70,7 +70,7 @@ func (r *CPReconciler) Reconcile(ctx context.Context, desired *flowslatest.FlowC
 		}
 	}
 
-	if desired.Spec.UseConsolePlugin() && (r.ClusterInfo.HasConsolePlugin() || desired.Spec.ConsolePlugin.Standalone) {
+	if desired.Spec.UseConsolePlugin() && (r.ClusterInfo.HasConsolePlugin() || desired.Spec.ConsolePlugin.Standalone) && !desired.Spec.OnHold() {
 		// Create object builder
 		builder := newBuilder(r.Instance, &desired.Spec, constants.PluginName)
 

internal/controller/consoleplugin/consoleplugin_reconciler.go

@@ -145,10 +145,24 @@ func (c *AgentController) Reconcile(ctx context.Context, target *flowslatest.Flo
 		return err
 	}
 
-	if err := c.permissions.Reconcile(ctx, &target.Spec.Agent.EBPF); err != nil {
+	if err := c.permissions.Reconcile(ctx, target); err != nil {
 		return fmt.Errorf("reconciling permissions: %w", err)
 	}
 
+	if target.Spec.OnHold() {
+		c.Status.SetUnused("FlowCollector is on hold")
+		rlog.Info("action: delete agent")
+		err = c.DeleteIfOwned(ctx, current)
+		if err != nil {
+			return err
+		}
+		err = c.DeleteIfOwned(ctx, c.promSvc)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
 	err = c.reconcileMetricsService(ctx, &target.Spec.Agent.EBPF)
 	if err != nil {
 		return fmt.Errorf("reconciling prometheus service: %w", err)