Skip to content

Commit

Permalink
UDN mappning feature APIs support
Browse files Browse the repository at this point in the history
Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
  • Loading branch information
msherif1234 committed Jan 20, 2025
1 parent 82eb709 commit 0eebb0b
Show file tree
Hide file tree
Showing 11 changed files with 69 additions and 4 deletions.
5 changes: 4 additions & 1 deletion apis/flowcollector/v1beta1/flowcollector_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,8 @@ type FlowCollectorIPFIX struct {
// - `NetworkEvents`, to track Network events.<br>
// - `PacketTranslation`, to enrich flows with packets translation information. <br>
// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
// - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
type AgentFeature string

const (
Expand All @@ -164,6 +165,7 @@ const (
NetworkEvents AgentFeature = "NetworkEvents"
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
UDNMapping AgentFeature = "UDNMapping"
)

// Name of an eBPF agent alert.
Expand Down Expand Up @@ -358,6 +360,7 @@ type FlowCollectorEBPF struct {
// the kernel debug filesystem, so the eBPF pod has to run as privileged.
// - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
// - `UDNMapping`, to enable interfaces mappind to udn. <br>
// +optional
Features []AgentFeature `json:"features,omitempty"`

Expand Down
8 changes: 7 additions & 1 deletion apis/flowcollector/v1beta2/flowcollector_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,8 @@ type FlowCollectorIPFIX struct {
// - `NetworkEvents`, to track Network events [Developer Preview].<br>
// - `PacketTranslation`, to enrich flows with packets translation information. <br>
// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
// - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
type AgentFeature string

const (
Expand All @@ -187,6 +188,7 @@ const (
NetworkEvents AgentFeature = "NetworkEvents"
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
UDNMapping AgentFeature = "UDNMapping"
)

// Name of an eBPF agent alert.
Expand Down Expand Up @@ -384,6 +386,10 @@ type FlowCollectorEBPF struct {
// - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
// IMPORTANT: This feature is available as a Developer Preview.<br>
// - `UDNMapping`, to enable interfaces mappind to udn. <br>
// This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
// It requires using the OVN-Kubernetes network plugin with the Observability feature.
// IMPORTANT: This feature is available as a Developer Preview.<br>
// +optional
Features []AgentFeature `json:"features,omitempty"`

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollector) (adm
if slices.Contains(fc.Spec.Agent.EBPF.Features, EbpfManager) && !fc.Spec.Agent.EBPF.Privileged {
warnings = append(warnings, "The BPF Manager feature requires eBPF Agent to run in privileged mode")
}
if slices.Contains(fc.Spec.Agent.EBPF.Features, UDNMapping) && !fc.Spec.Agent.EBPF.Privileged {
warnings = append(warnings, "The UDNMapping feature requires eBPF Agent to run in privileged mode")
}
var errs []error
if fc.Spec.Agent.EBPF.FlowFilter != nil && fc.Spec.Agent.EBPF.FlowFilter.Enable != nil && *fc.Spec.Agent.EBPF.FlowFilter.Enable {
m := make(map[string]bool)
Expand Down
9 changes: 9 additions & 0 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ spec:
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
- `UDNMapping`, to enable interfaces mappind to udn. <br>
items:
description: |-
Agent feature, can be one of:<br>
Expand All @@ -146,13 +147,15 @@ spec:
- `NetworkEvents`, to track Network events.<br>
- `PacketTranslation`, to enrich flows with packets translation information. <br>
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
- `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
enum:
- PacketDrop
- DNSTracking
- FlowRTT
- NetworkEvents
- PacketTranslation
- EbpfManager
- UDNMapping
type: string
type: array
flowFilter:
Expand Down Expand Up @@ -3949,6 +3952,10 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
IMPORTANT: This feature is available as a Developer Preview.<br>
- `UDNMapping`, to enable interfaces mappind to udn. <br>
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
IMPORTANT: This feature is available as a Developer Preview.<br>
items:
description: |-
Agent feature, can be one of:<br>
Expand All @@ -3958,13 +3965,15 @@ spec:
- `NetworkEvents`, to track Network events [Developer Preview].<br>
- `PacketTranslation`, to enrich flows with packets translation information. <br>
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
- `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
enum:
- PacketDrop
- DNSTracking
- FlowRTT
- NetworkEvents
- PacketTranslation
- EbpfManager
- UDNMapping
type: string
type: array
flowFilter:
Expand Down
9 changes: 9 additions & 0 deletions config/crd/bases/flows.netobserv.io_flowcollectors.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ spec:
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
- `UDNMapping`, to enable interfaces mappind to udn. <br>
items:
description: |-
Agent feature, can be one of:<br>
Expand All @@ -131,13 +132,15 @@ spec:
- `NetworkEvents`, to track Network events.<br>
- `PacketTranslation`, to enrich flows with packets translation information. <br>
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
- `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
enum:
- PacketDrop
- DNSTracking
- FlowRTT
- NetworkEvents
- PacketTranslation
- EbpfManager
- UDNMapping
type: string
type: array
flowFilter:
Expand Down Expand Up @@ -3631,6 +3634,10 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
IMPORTANT: This feature is available as a Developer Preview.<br>
- `UDNMapping`, to enable interfaces mappind to udn. <br>
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
IMPORTANT: This feature is available as a Developer Preview.<br>
items:
description: |-
Agent feature, can be one of:<br>
Expand All @@ -3640,13 +3647,15 @@ spec:
- `NetworkEvents`, to track Network events [Developer Preview].<br>
- `PacketTranslation`, to enrich flows with packets translation information. <br>
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
- `UDNMapping`, to enable interfaces mappind to udn [Developer Preview]. <br>
enum:
- PacketDrop
- DNSTracking
- FlowRTT
- NetworkEvents
- PacketTranslation
- EbpfManager
- UDNMapping
type: string
type: array
flowFilter:
Expand Down
1 change: 1 addition & 0 deletions config/samples/flows_v1beta2_flowcollector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ spec:
# - "NetworkEvents"
# - "PacketTranslation"
# - "EbpfManager"
# - "UDNMapping"
interfaces: []
excludeInterfaces: ["lo"]
kafkaBatchSize: 1048576
Expand Down
12 changes: 12 additions & 0 deletions controllers/consoleplugin/config/static-frontend-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,13 @@ columns:
filter: ifdirections
default: false
width: 10
- id: Udns
name: UDN labels
field: Udns
filter: udns
default: true
width: 10
feature: udnMapping
- id: FlowDirInts
name: Interfaces and Directions
tooltip: Pairs of network interface and direction of the Flow observed at the network interface observation point.
Expand Down Expand Up @@ -955,6 +962,8 @@ filters:
name: User Defined Network
component: autocomplete
hint: Specify a user defined network name.
- id: udns
name: interface assigned udn label
- id: id
name: Conversation Id
component: text
Expand Down Expand Up @@ -1296,6 +1305,9 @@ fields:
- name: Interfaces
type: string
description: Network interfaces
- name: Udns
type: string
description: Network interfaces UDNs mapping
- name: Flags
type: string
description: |
Expand Down
4 changes: 4 additions & 0 deletions controllers/consoleplugin/consoleplugin_objects.go
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,10 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
fconf.Features = append(fconf.Features, "packetTranslation")
}

if helper.IsUDNMappingEnabled(&b.desired.Agent.EBPF) {
fconf.Features = append(fconf.Features, "udnMapping")
}

if b.desired.Agent.EBPF.Advanced != nil {
if v, ok := b.desired.Agent.EBPF.Advanced.Env[ebpf.EnvDedupeJustMark]; ok {
dedupJustMark, err = strconv.ParseBool(v)
Expand Down
11 changes: 10 additions & 1 deletion controllers/ebpf/agent_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ const (
envFilterRules = "FLOW_FILTER_RULES"
envEnablePacketTranslation = "ENABLE_PKT_TRANSLATION"
envEnableEbpfMgr = "EBPF_PROGRAM_MANAGER_MODE"
envEnableUDNMapping = "ENABLE_UDN_MAPPING"
envListSeparator = ","
)

Expand Down Expand Up @@ -319,7 +320,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
}
}

if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) {
if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) ||
helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.UDNMapping) {
if !coll.Spec.Agent.EBPF.Privileged {
rlog.Error(fmt.Errorf("invalid configuration"), "To use Network Events Monitor"+
"features privileged mode needs to be enabled")
Expand Down Expand Up @@ -699,6 +701,13 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
})
}

if helper.IsUDNMappingEnabled(&coll.Spec.Agent.EBPF) {
config = append(config, corev1.EnvVar{
Name: envEnableUDNMapping,
Value: "true",
})
}

if helper.IsPacketTranslationEnabled(&coll.Spec.Agent.EBPF) {
config = append(config, corev1.EnvVar{
Name: envEnablePacketTranslation,
Expand Down
7 changes: 6 additions & 1 deletion docs/FlowCollector.md
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,8 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<
- `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br><br/>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
- `UDNMapping`, to enable interfaces mappind to udn. <br><br/>
</td>
<td>false</td>
</tr><tr>
Expand Down Expand Up @@ -6265,6 +6266,10 @@ It requires using the OVN-Kubernetes network plugin with the Observability featu
IMPORTANT: This feature is available as a Developer Preview.<br>
- `PacketTranslation`: enable enriching flows with packet's translation information. <br>
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
IMPORTANT: This feature is available as a Developer Preview.<br>
- `UDNMapping`, to enable interfaces mappind to udn. <br>
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
IMPORTANT: This feature is available as a Developer Preview.<br><br/>
</td>
<td>false</td>
Expand Down
4 changes: 4 additions & 0 deletions pkg/helper/flowcollector.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,10 @@ func IsEbpfManagerEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
return IsAgentFeatureEnabled(spec, flowslatest.EbpfManager)
}

func IsUDNMappingEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
return IsAgentFeatureEnabled(spec, flowslatest.UDNMapping)
}

func IsConntrack(spec *flowslatest.FlowCollectorFLP) bool {
return spec != nil && spec.LogTypes != nil && *spec.LogTypes != flowslatest.LogTypeFlows
}
Expand Down

0 comments on commit 0eebb0b

Please sign in to comment.