diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go index a53e39399..3c4b8f018 100644 --- a/apis/flowcollector/v1beta1/flowcollector_types.go +++ b/apis/flowcollector/v1beta1/flowcollector_types.go @@ -239,6 +239,9 @@ type FlowCollectorEBPF struct { // - `FlowRTT` [unsupported (*)]: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
// +optional Features []AgentFeature `json:"features,omitempty"` + // Metrics server endpoint configuration for Prometheus scraper + // +optional + Server MetricsServerConfig `json:"server,omitempty"` } // `FlowCollectorKafka` defines the desired Kafka config of FlowCollector diff --git a/apis/flowcollector/v1beta1/zz_generated.conversion.go b/apis/flowcollector/v1beta1/zz_generated.conversion.go index 65897b2f2..d26496709 100644 --- a/apis/flowcollector/v1beta1/zz_generated.conversion.go +++ b/apis/flowcollector/v1beta1/zz_generated.conversion.go @@ -552,6 +552,9 @@ func autoConvert_v1beta1_FlowCollectorEBPF_To_v1beta2_FlowCollectorEBPF(in *Flow out.KafkaBatchSize = in.KafkaBatchSize // WARNING: in.Debug requires manual conversion: does not exist in peer-type out.Features = *(*[]v1beta2.AgentFeature)(unsafe.Pointer(&in.Features)) + if err := Convert_v1beta1_MetricsServerConfig_To_v1beta2_MetricsServerConfig(&in.Server, &out.Server, s); err != nil { + return err + } return nil } @@ -568,6 +571,9 @@ func autoConvert_v1beta2_FlowCollectorEBPF_To_v1beta1_FlowCollectorEBPF(in *v1be out.KafkaBatchSize = in.KafkaBatchSize // WARNING: in.Advanced requires manual conversion: does not exist in peer-type out.Features = *(*[]AgentFeature)(unsafe.Pointer(&in.Features)) + if err := Convert_v1beta2_MetricsServerConfig_To_v1beta1_MetricsServerConfig(&in.Server, &out.Server, s); err != nil { + return err + } return nil } diff --git a/apis/flowcollector/v1beta1/zz_generated.deepcopy.go b/apis/flowcollector/v1beta1/zz_generated.deepcopy.go index 48ebf3e72..a3088cd79 100644 --- a/apis/flowcollector/v1beta1/zz_generated.deepcopy.go +++ b/apis/flowcollector/v1beta1/zz_generated.deepcopy.go @@ -282,6 +282,7 @@ func (in *FlowCollectorEBPF) DeepCopyInto(out *FlowCollectorEBPF) { *out = make([]AgentFeature, len(*in)) copy(*out, *in) } + in.Server.DeepCopyInto(&out.Server) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowCollectorEBPF. diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go index 00f4f24a1..5358cf875 100644 --- a/apis/flowcollector/v1beta2/flowcollector_types.go +++ b/apis/flowcollector/v1beta2/flowcollector_types.go @@ -246,6 +246,9 @@ type FlowCollectorEBPF struct { // - `FlowRTT`: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
// +optional Features []AgentFeature `json:"features,omitempty"` + // Metrics server endpoint configuration for Prometheus scraper + // +optional + Server MetricsServerConfig `json:"server,omitempty"` } // `FlowCollectorKafka` defines the desired Kafka config of FlowCollector diff --git a/apis/flowcollector/v1beta2/zz_generated.deepcopy.go b/apis/flowcollector/v1beta2/zz_generated.deepcopy.go index d659b863a..1d54b5b28 100644 --- a/apis/flowcollector/v1beta2/zz_generated.deepcopy.go +++ b/apis/flowcollector/v1beta2/zz_generated.deepcopy.go @@ -417,6 +417,7 @@ func (in *FlowCollectorEBPF) DeepCopyInto(out *FlowCollectorEBPF) { *out = make([]AgentFeature, len(*in)) copy(*out, *in) } + in.Server.DeepCopyInto(&out.Server) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowCollectorEBPF. diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index 9d4e478dc..d00176ae1 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -261,6 +261,106 @@ spec: format: int32 minimum: 0 type: integer + server: + description: Metrics server endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: The prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping + client-side verification of the provided certificate. + If set to `true`, the `providedCaFile` field is + ignored.' + type: boolean + provided: + description: TLS configuration when `type` is set + to `PROVIDED`. + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map + or secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the + config map or secret. Omit when the key is not + necessary.' + type: string + name: + description: Name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + providedCaFile: + description: Reference to the CA file when `type` + is set to `PROVIDED`. + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret + containing the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Select the type of TLS configuration:
+ - `DISABLED` (default) to not configure TLS for + the endpoint. - `PROVIDED` to manually provide cert + file and a key file. - `AUTO` to use OpenShift auto + generated certificate using annotations. + enum: + - DISABLED + - PROVIDED + - AUTO + type: string + type: object + type: object type: object ipfix: description: '`ipfix` [deprecated (*)] - describes the settings @@ -2956,6 +3056,106 @@ spec: format: int32 minimum: 0 type: integer + server: + description: Metrics server endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: The prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping + client-side verification of the provided certificate. + If set to `true`, the `providedCaFile` field is + ignored.' + type: boolean + provided: + description: TLS configuration when `type` is set + to `Provided`. + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map + or secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the + config map or secret. Omit when the key is not + necessary.' + type: string + name: + description: Name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + providedCaFile: + description: Reference to the CA file when `type` + is set to `Provided`. + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret + containing the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: Disabled + description: Select the type of TLS configuration:
+ - `Disabled` (default) to not configure TLS for + the endpoint. - `Provided` to manually provide cert + file and a key file. - `Auto` to use OpenShift auto + generated certificate using annotations. + enum: + - Disabled + - Provided + - Auto + type: string + type: object + type: object type: object ipfix: description: '`ipfix` [deprecated (*)] - describes the settings diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index 3f24a6d0c..6f9004702 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -692,6 +692,10 @@ spec: path: agent.ebpf.interfaces - displayName: Sampling path: agent.ebpf.sampling + - displayName: Server + path: agent.ebpf.server + - displayName: Port + path: agent.ebpf.server.port - displayName: Enable path: consolePlugin.portNaming.enable - displayName: Port names diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 6a942d9aa..54c5b185a 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -248,6 +248,106 @@ spec: format: int32 minimum: 0 type: integer + server: + description: Metrics server endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: The prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping + client-side verification of the provided certificate. + If set to `true`, the `providedCaFile` field is + ignored.' + type: boolean + provided: + description: TLS configuration when `type` is set + to `PROVIDED`. + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map + or secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the + config map or secret. Omit when the key is not + necessary.' + type: string + name: + description: Name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + providedCaFile: + description: Reference to the CA file when `type` + is set to `PROVIDED`. + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret + containing the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: DISABLED + description: Select the type of TLS configuration:
+ - `DISABLED` (default) to not configure TLS for + the endpoint. - `PROVIDED` to manually provide cert + file and a key file. - `AUTO` to use OpenShift auto + generated certificate using annotations. + enum: + - DISABLED + - PROVIDED + - AUTO + type: string + type: object + type: object type: object ipfix: description: '`ipfix` [deprecated (*)] - describes the settings @@ -2943,6 +3043,106 @@ spec: format: int32 minimum: 0 type: integer + server: + description: Metrics server endpoint configuration for Prometheus + scraper + properties: + port: + default: 9102 + description: The prometheus HTTP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: TLS configuration. + properties: + insecureSkipVerify: + default: false + description: '`insecureSkipVerify` allows skipping + client-side verification of the provided certificate. + If set to `true`, the `providedCaFile` field is + ignored.' + type: boolean + provided: + description: TLS configuration when `type` is set + to `Provided`. + properties: + certFile: + description: '`certFile` defines the path to the + certificate file name within the config map + or secret' + type: string + certKey: + description: '`certKey` defines the path to the + certificate private key file name within the + config map or secret. Omit when the key is not + necessary.' + type: string + name: + description: Name of the config map or secret + containing certificates + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing certificates. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the certificate reference: + `configmap` or `secret`' + enum: + - configmap + - secret + type: string + type: object + providedCaFile: + description: Reference to the CA file when `type` + is set to `Provided`. + properties: + file: + description: File name within the config map or + secret + type: string + name: + description: Name of the config map or secret + containing the file + type: string + namespace: + default: "" + description: Namespace of the config map or secret + containing the file. If omitted, the default + is to use the same namespace as where NetObserv + is deployed. If the namespace is different, + the config map or the secret is copied so that + it can be mounted as required. + type: string + type: + description: 'Type for the file reference: "configmap" + or "secret"' + enum: + - configmap + - secret + type: string + type: object + type: + default: Disabled + description: Select the type of TLS configuration:
+ - `Disabled` (default) to not configure TLS for + the endpoint. - `Provided` to manually provide cert + file and a key file. - `Auto` to use OpenShift auto + generated certificate using annotations. + enum: + - Disabled + - Provided + - Auto + type: string + type: object + type: object type: object ipfix: description: '`ipfix` [deprecated (*)] - describes the settings diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go index 808edccf5..86ffdcaef 100644 --- a/controllers/consoleplugin/consoleplugin_objects.go +++ b/controllers/consoleplugin/consoleplugin_objects.go @@ -278,7 +278,7 @@ func (b *builder) mainService() *corev1.Service { // Some Kubernetes versions might automatically set TargetPort to Port. We need to // explicitly set it here so the reconcile loop verifies that the owned service // is equal as the desired service - TargetPort: intstr.FromInt(int(*b.advanced.Port)), + TargetPort: intstr.FromInt32(*b.advanced.Port), }}, }, } @@ -300,7 +300,7 @@ func (b *builder) metricsService() *corev1.Service { // Some Kubernetes versions might automatically set TargetPort to Port. We need to // explicitly set it here so the reconcile loop verifies that the owned service // is equal as the desired service - TargetPort: intstr.FromInt(metricsPort), + TargetPort: intstr.FromInt32(metricsPort), }}, }, } diff --git a/controllers/constants/constants.go b/controllers/constants/constants.go index 90a87b404..352c8a52f 100644 --- a/controllers/constants/constants.go +++ b/controllers/constants/constants.go @@ -14,10 +14,12 @@ const ( PluginName = "netobserv-plugin" // EBPFAgentName and other constants for it - EBPFAgentName = "netobserv-ebpf-agent" - EBPFPrivilegedNSSuffix = "-privileged" - EBPFServiceAccount = EBPFAgentName - EBPFSecurityContext = EBPFAgentName + EBPFAgentName = "netobserv-ebpf-agent" + EBPFAgentMetricsSvcName = "ebpf-agent-svc-prom" + EBPFAgentMetricsSvcMonitoringName = "ebpf-agent-svc-monitor" + EBPFPrivilegedNSSuffix = "-privileged" + EBPFServiceAccount = EBPFAgentName + EBPFSecurityContext = EBPFAgentName OpenShiftCertificateAnnotation = "service.beta.openshift.io/serving-cert-secret-name" diff --git a/controllers/ebpf/agent-metrics-test.go b/controllers/ebpf/agent-metrics-test.go new file mode 100644 index 000000000..a95a6ea55 --- /dev/null +++ b/controllers/ebpf/agent-metrics-test.go @@ -0,0 +1,45 @@ +package ebpf + +import ( + "github.com/netobserv/network-observability-operator/controllers/constants" + "testing" + + flowslatest "github.com/netobserv/network-observability-operator/apis/flowcollector/v1beta2" + + "github.com/stretchr/testify/assert" // Import the testify library for assertions +) + +func TestPromService(t *testing.T) { + // Create a new instance of your controller + controller := &AgentController{} + + // Create a sample FlowCollectorEBPF object for testing + target := &flowslatest.FlowCollectorEBPF{ + Server: flowslatest.MetricsServerConfig{ + Port: 8080, // Sample port for testing + }, + } + + // Call the promService function + service := controller.promService(target) + + // Assert that the returned service is not nil + assert.NotNil(t, service) + // Assert that the service name is as expected + assert.Equal(t, constants.EBPFAgentMetricsSvcName, service.ObjectMeta.Name) + // Add more assertions as needed for other properties of the service +} + +func TestPromServiceMonitoring(t *testing.T) { + // Create a new instance of your controller + controller := &AgentController{} + + // Call the promServiceMonitoring function + monitor := controller.promServiceMonitoring() + + // Assert that the returned monitor is not nil + assert.NotNil(t, monitor) + // Assert that the monitor name is as expected + assert.Equal(t, constants.EBPFAgentMetricsSvcMonitoringName, monitor.ObjectMeta.Name) + // Add more assertions as needed for other properties of the monitor +} diff --git a/controllers/ebpf/agent-metrics.go b/controllers/ebpf/agent-metrics.go new file mode 100644 index 000000000..6c5158fb5 --- /dev/null +++ b/controllers/ebpf/agent-metrics.go @@ -0,0 +1,90 @@ +package ebpf + +import ( + "context" + "k8s.io/apimachinery/pkg/api/errors" + + flowslatest "github.com/netobserv/network-observability-operator/apis/flowcollector/v1beta2" + "github.com/netobserv/network-observability-operator/controllers/constants" + "github.com/netobserv/network-observability-operator/controllers/reconcilers" + "github.com/netobserv/network-observability-operator/pkg/helper" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func (c *AgentController) ReconcileMetricsService(ctx context.Context, target *flowslatest.FlowCollectorEBPF) error { + report := helper.NewChangeReport("EBPF Agent prometheus service") + defer report.LogIfNeeded(ctx) + + if err := c.ReconcileService(ctx, c.promSvc, c.promService(target), &report); err != nil && !errors.IsAlreadyExists(err) { + return err + } + if c.AvailableAPIs.HasSvcMonitor() { + serviceMonitor := c.promServiceMonitoring() + if err := reconcilers.GenericReconcile(ctx, c.Managed, &c.Client, c.serviceMonitor, + serviceMonitor, &report, helper.ServiceMonitorChanged); err != nil && !errors.IsAlreadyExists(err) { + return err + } + } + return nil +} + +func (c *AgentController) promService(target *flowslatest.FlowCollectorEBPF) *corev1.Service { + svc := corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: constants.EBPFAgentMetricsSvcName, + Namespace: c.PrivilegedNamespace(), + Labels: map[string]string{ + "app": constants.EBPFAgentName, + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": constants.EBPFAgentName, + }, + Ports: []corev1.ServicePort{{ + Name: "metrics", + Port: target.Server.Port, + Protocol: corev1.ProtocolTCP, + TargetPort: intstr.FromInt32(target.Server.Port), + }}, + }, + } + return &svc +} + +func (c *AgentController) promServiceMonitoring() *monitoringv1.ServiceMonitor { + agentServiceMonitorObject := monitoringv1.ServiceMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: constants.EBPFAgentMetricsSvcMonitoringName, + Namespace: c.PrivilegedNamespace(), + Labels: map[string]string{ + "app": constants.EBPFAgentName, + }, + }, + Spec: monitoringv1.ServiceMonitorSpec{ + Endpoints: []monitoringv1.Endpoint{ + { + Port: "metrics", + Interval: "30s", + Scheme: "http", + }, + }, + NamespaceSelector: monitoringv1.NamespaceSelector{ + MatchNames: []string{ + c.PrivilegedNamespace(), + }, + }, + Selector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": constants.EBPFAgentName, + }, + }, + }, + } + + return &agentServiceMonitorObject +} diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go index 500cf22ab..dd2f1e7d9 100644 --- a/controllers/ebpf/agent_controller.go +++ b/controllers/ebpf/agent_controller.go @@ -15,6 +15,7 @@ import ( "github.com/netobserv/network-observability-operator/pkg/watchers" "github.com/go-logr/logr" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -89,15 +90,22 @@ const ( // accounts, SecurityContextConstraints... type AgentController struct { *reconcilers.Instance - permissions permissions.Reconciler - volumes volumes.Builder + permissions permissions.Reconciler + volumes volumes.Builder + promSvc *corev1.Service + serviceMonitor *monitoringv1.ServiceMonitor } func NewAgentController(common *reconcilers.Instance) *AgentController { - return &AgentController{ + agent := AgentController{ Instance: common, permissions: permissions.NewReconciler(common), + promSvc: common.Managed.NewService(constants.EBPFAgentMetricsSvcName), } + if common.AvailableAPIs.HasSvcMonitor() { + agent.serviceMonitor = common.Managed.NewServiceMonitor(constants.EBPFAgentMetricsSvcMonitoringName) + } + return &agent } func (c *AgentController) Reconcile(ctx context.Context, target *flowslatest.FlowCollector) error { @@ -134,7 +142,10 @@ func (c *AgentController) Reconcile(ctx context.Context, target *flowslatest.Flo if err != nil { return err } - + err = c.reconcilePrometheusService(ctx, &target.Spec.Agent.EBPF) + if err != nil { + return fmt.Errorf("reconciling prometheus service: %w", err) + } switch requiredAction(current, desired) { case actionCreate: rlog.Info("action: create agent") @@ -500,3 +511,7 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1 return config } + +func (c *AgentController) reconcilePrometheusService(ctx context.Context, target *flowslatest.FlowCollectorEBPF) error { + return c.ReconcileMetricsService(ctx, target) +} diff --git a/controllers/flowcollector_controller_iso_test.go b/controllers/flowcollector_controller_iso_test.go index c847d29a6..93eff2530 100644 --- a/controllers/flowcollector_controller_iso_test.go +++ b/controllers/flowcollector_controller_iso_test.go @@ -119,6 +119,13 @@ func flowCollectorIsoSpecs() { Privileged: false, KafkaBatchSize: 0, Features: nil, + Server: flowslatest.MetricsServerConfig{ + Port: 12347, + TLS: flowslatest.ServerTLS{ + Type: "Disabled", + Provided: nil, + }, + }, }, }, ConsolePlugin: flowslatest.FlowCollectorConsolePlugin{ diff --git a/controllers/flp/flp_common_objects.go b/controllers/flp/flp_common_objects.go index 8cc080d6d..036c06bda 100644 --- a/controllers/flp/flp_common_objects.go +++ b/controllers/flp/flp_common_objects.go @@ -353,7 +353,7 @@ func (b *builder) promService() *corev1.Service { // Some Kubernetes versions might automatically set TargetPort to Port. We need to // explicitly set it here so the reconcile loop verifies that the owned service // is equal as the desired service - TargetPort: intstr.FromInt(int(b.desired.Processor.Metrics.Server.Port)), + TargetPort: intstr.FromInt32(b.desired.Processor.Metrics.Server.Port), }}, }, } diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md index 74667b520..f8d1357aa 100644 --- a/docs/FlowCollector.md +++ b/docs/FlowCollector.md @@ -315,6 +315,13 @@ Agent configuration for flows extraction. Minimum: 0
false + + server + object + + Metrics server endpoint configuration for Prometheus scraper
+ + false @@ -416,6 +423,209 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. +### FlowCollector.spec.agent.ebpf.server +[↩ Parent](#flowcollectorspecagentebpf) + + + +Metrics server endpoint configuration for Prometheus scraper + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + The prometheus HTTP port
+
+ Format: int32
+ Default: 9102
+ Minimum: 1
+ Maximum: 65535
+ 		false
tlsobject + TLS configuration.
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls +[↩ Parent](#flowcollectorspecagentebpfserver) + + + +TLS configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
insecureSkipVerifyboolean + `insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored.
+
+ Default: false
+ 		false
providedobject + TLS configuration when `type` is set to `PROVIDED`.
+ 		false
providedCaFileobject + Reference to the CA file when `type` is set to `PROVIDED`.
+ 		false
typeenum + Select the type of TLS configuration:
- `DISABLED` (default) to not configure TLS for the endpoint. - `PROVIDED` to manually provide cert file and a key file. - `AUTO` to use OpenShift auto generated certificate using annotations.
+
+ Enum: DISABLED, PROVIDED, AUTO
+ Default: DISABLED
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls.provided +[↩ Parent](#flowcollectorspecagentebpfservertls) + + + +TLS configuration when `type` is set to `PROVIDED`. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
certFilestring + `certFile` defines the path to the certificate file name within the config map or secret
+ 		false
certKeystring + `certKey` defines the path to the certificate private key file name within the config map or secret. Omit when the key is not necessary.
+ 		false
namestring + Name of the config map or secret containing certificates
+ 		false
namespacestring + Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+ Default:
+ 		false
typeenum + Type for the certificate reference: `configmap` or `secret`
+
+ Enum: configmap, secret
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls.providedCaFile +[↩ Parent](#flowcollectorspecagentebpfservertls) + + + +Reference to the CA file when `type` is set to `PROVIDED`. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
filestring + File name within the config map or secret
+ 		false
namestring + Name of the config map or secret containing the file
+ 		false
namespacestring + Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+ Default:
+ 		false
typeenum + Type for the file reference: "configmap" or "secret"
+
+ Enum: configmap, secret
+ 		false
+ + ### FlowCollector.spec.agent.ipfix [↩ Parent](#flowcollectorspecagent) @@ -4975,6 +5185,13 @@ Agent configuration for flows extraction. Minimum: 0
false + + server + object + + Metrics server endpoint configuration for Prometheus scraper
+ + false @@ -5076,6 +5293,209 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. +### FlowCollector.spec.agent.ebpf.server +[↩ Parent](#flowcollectorspecagentebpf-1) + + + +Metrics server endpoint configuration for Prometheus scraper + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + The prometheus HTTP port
+
+ Format: int32
+ Default: 9102
+ Minimum: 1
+ Maximum: 65535
+ 		false
tlsobject + TLS configuration.
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls +[↩ Parent](#flowcollectorspecagentebpfserver-1) + + + +TLS configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
insecureSkipVerifyboolean + `insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored.
+
+ Default: false
+ 		false
providedobject + TLS configuration when `type` is set to `Provided`.
+ 		false
providedCaFileobject + Reference to the CA file when `type` is set to `Provided`.
+ 		false
typeenum + Select the type of TLS configuration:
- `Disabled` (default) to not configure TLS for the endpoint. - `Provided` to manually provide cert file and a key file. - `Auto` to use OpenShift auto generated certificate using annotations.
+
+ Enum: Disabled, Provided, Auto
+ Default: Disabled
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls.provided +[↩ Parent](#flowcollectorspecagentebpfservertls-1) + + + +TLS configuration when `type` is set to `Provided`. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
certFilestring + `certFile` defines the path to the certificate file name within the config map or secret
+ 		false
certKeystring + `certKey` defines the path to the certificate private key file name within the config map or secret. Omit when the key is not necessary.
+ 		false
namestring + Name of the config map or secret containing certificates
+ 		false
namespacestring + Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+ Default:
+ 		false
typeenum + Type for the certificate reference: `configmap` or `secret`
+
+ Enum: configmap, secret
+ 		false
+ + +### FlowCollector.spec.agent.ebpf.server.tls.providedCaFile +[↩ Parent](#flowcollectorspecagentebpfservertls-1) + + + +Reference to the CA file when `type` is set to `Provided`. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
filestring + File name within the config map or secret
+ 		false
namestring + Name of the config map or secret containing the file
+ 		false
namespacestring + Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+ Default:
+ 		false
typeenum + Type for the file reference: "configmap" or "secret"
+
+ Enum: configmap, secret
+ 		false
+ + ### FlowCollector.spec.agent.ipfix [↩ Parent](#flowcollectorspecagent-1) diff --git a/go.sum b/go.sum index 0f601e06e..4b6ea290d 100644 --- a/go.sum +++ b/go.sum @@ -125,7 +125,6 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -186,7 +185,6 @@ github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -213,7 +211,6 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= -go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=