screens and commands

Author: jpinsonneau

content/posts/2025-01-23-cli_whats_new_1.8.md

@@ -28,11 +28,39 @@ This update adds several options to the CLI, covering more scenarios and enablin
 ### Operate in the Background
 The `--background` option allows you to start a flow or packet capture without connecting your terminal to the collector pod. This enables you to let the capture run in the background while you work on something else. You can check the capture's progress using the `follow` command and copy the collector output locally using the `copy` command. Once the job is complete, you can `stop` or `cleanup` everything.
 
+```sh
+oc netobserv flows --background # Run a flow capture in the background
+
+oc netobserv follow             # Show current capture progression
+
+oc netobserv stop               # Stop the capture keeping the collector running
+
+oc netobserv copy               # Copy the output
+
+oc netobserv cleanup            # Remove all
+```
+
 ### Customizable Namespace
 You can now customize the capture namespace using the `NETOBSERV_NAMESPACE` environment variable. When the CLI starts, it automatically checks if this namespace exists and will stop if it finds any conflict with a pending capture. This is particularly useful if you want to run captures in parallel.
 
+```sh
+NETOBSERV_NAMESPACE=my_ns oc netobserv [flows|packets|metrics|follow|stop|copy|cleanup]
+```
+
 ### Subnets Labelling
-The tool can now read configurations from `cluster-config-v1` and `network` to identify **Machine**, **Pods**, and **Services** subnets using the `--get-subnet` option. This will automatically add `SrcSubnetLabel` and `DstSubnetLabel` to your flows.
+The tool can now read configurations from `cluster-config-v1` and `network` to identify **Machine**, **Pods**, and **Services** subnets using the `--get-subnets` option. This will automatically add `SrcSubnetLabel` and `DstSubnetLabel` to your flows.
+
+You will see subnets being configured during the creation of the agents:
+```sh
+creating flow-capture agents:
+opt: get_subnets, value: true
+Found subnets:
+    Services: "172.30.0.0/16"
+    Pods: "10.128.0.0/14"
+    Machines: "10.0.0.0/16"
+```
+
+![subnet labels]({page.image('cli-whats-new-1-8/subnets.png')})
 
 ### YAML Configuration Output
 Outputting a `.yml` file instead of running the capture is now possible using the `--yaml` option. The file will contain all the resources needed to run the capture, such as the namespace, the agents embedding the pipeline and its configuration, and the related services. The collector will need to be run manually in parallel to start the capture.
@@ -43,29 +71,56 @@ Filtering is crucial to gather precise network data without involving excessive
 ### Assigning Agents to Nodes
 It's now possible to define agents `nodeSelector` to capture on a subset of nodes. You can rely on existing labels or create a dedicated one for this usage. For example, you can run:
 ```sh
-`oc netobserv flows --node-selector=kubernetes.io/hostname:my-node
+oc netobserv flows --node-selector=kubernetes.io/hostname:my-node
 ```
 to run the agents on the node with the `kubernetes.io/hostname:my-node` label.
 
 ### eBPF Filters
 Agents recently introduced [the ability to filter](https://github.com/netobserv/netobserv-ebpf-agent/blob/main/docs/flow_filtering.md) on IPs, Ports, Protocol, Action, TCPFlags, and more simultaneously. You can now apply these filters in the CLI as shown below:
 
 ```sh
-netobserv flows \                 # Capture flows
+oc netobserv flows \              # Capture flows
 --protocol=TCP --port=8080 \      # either on TCP 8080
 or --protocol=UDP                 # or UDP
 ```
 
+You will see filters being validated during the creation of the agents:
+```sh
+creating flow-capture agents:
+opt: filter_protocol, value: TCP
+opt: filter_port, value: 8080
+opt: add_filter
+opt: filter_protocol, value: UDP
+```
+
+![filters]({page.image('cli-whats-new-1-8/filters.png')})
+
 You can add as many filters as you want and separate them by or to create multiple capture scenarios.
 
 ### Regular Expressions Usage
 If you need to filter on enriched content beyond the agent-level filters, you can use **regexes** to match any field/value pair. To filter all traffic from OpenShift namespaces, for example, you can use `--regexes=SrcK8S_Namespace~openshift.*`.
 
+You will see regexes being validated during the creation of the agents:
+```sh
+creating flow-capture agents:
+opt: filter_regexes, value: SrcK8S_Namespace~openshift.*
+key: SrcK8S_Namespace value: openshift.*
+```
+
+![regexes]({page.image('cli-whats-new-1-8/regexes.png')})
+
 Regexes are comma-separated, so you can use multiple at once, such as `--regexes=SrcK8S_Namespace~my-ns,SrcK8S_Name~my-app`. Refer to the [flows format](https://github.com/netobserv/network-observability-operator/blob/main/docs/flows-format.adoc) to see the possible fields.
 
 ## Unified Collector UI
 Capturing **packets** now resembles **flows** capture, allowing you to live filter the content. This improvement was made possible by introducing the [flowlogs-pipeline](https://github.com/netobserv/flowlogs-pipeline) component inside [eBPF agents](https://github.com/netobserv/netobserv-ebpf-agent), which parse packets and generate flows from them. All filtering capabilities are compatible with this approach!
 
+Run a packet capture on a specitic port for example:
+```sh
+oc netobserv packets --port=80
+```
+
+![packet capture]({page.image('cli-whats-new-1-8/packets.png')})
+
 ## Metrics Capture on OpenShift
 Capturing metrics is now possible using the `metrics` command. This creates a `ServiceMonitor` to gather metrics from the agents and store them in [Prometheus](https://prometheus.io/). You can enable all or specific features to gather more information about your network, such in:
 ```sh
@@ -83,7 +138,7 @@ On top of the features, you can use all the filtering capabilities mentioned abo
 
 ## Help!
 
-The help has been enhanced to provide examples for each command and option. You can type `oc netobserv help` for the general help message or request help on a specific command, such as `oc netobserv metrics help`, to get its options list.
+The help has been enhanced to provide examples for each command and option. You can type `oc netobserv help` for the general help message:
 
 ```sh
 $ oc netobserv help
@@ -128,6 +183,50 @@ advanced examples:
     --max-bytes=100000000                                     # for a maximum of 100MB
 ```
 
+You can also request help on a specific command, such as `oc netobserv metrics help`, to get its options list:
+```sh
+$ oc netobserv metrics help
+
+Netobserv allows you to capture metrics on your OCP cluster.
+Find more information at: https://github.com/netobserv/network-observability-cli/
+
+Syntax: netobserv metrics [options]
+
+features:
+  --enable_all:                 enable all eBPF features                   (default: false)
+  --enable_dns:                 enable DNS tracking                        (default: false)
+  --enable_network_events:      enable network events monitoring           (default: false)
+  --enable_pkt_translation:     enable packet translation                  (default: false)
+  --enable_pkt_drop:            enable packet drop                         (default: false)
+  --enable_rtt:                 enable RTT tracking                        (default: false)
+  --enable_udn_mapping:         enable User Defined Network mapping (default: false)
+  --get-subnets:                get subnets informations                   (default: false)
+
+filters:
+  --action:                     filter action                              (default: Accept)
+  --cidr:                       filter CIDR                                (default: 0.0.0.0/0)
+  --direction:                  filter direction                           (default: n/a)
+  --dport:                      filter destination port                    (default: n/a)
+  --dport_range:                filter destination port range              (default: n/a)
+  --dports:                     filter on either of two destination ports  (default: n/a)
+  --drops:                      filter flows with only dropped packets     (default: false)
+  --icmp_code:                  filter ICMP code                           (default: n/a)
+  --icmp_type:                  filter ICMP type                           (default: n/a)
+  --node-selector:              capture on specific nodes                  (default: n/a)
+  --peer_ip:                    filter peer IP                             (default: n/a)
+  --peer_cidr:                  filter peer CIDR                           (default: n/a)
+  --port_range:                 filter port range                          (default: n/a)
+  --port:                       filter port                                (default: n/a)
+  --ports:                      filter on either of two ports              (default: n/a)
+  --protocol:                   filter protocol                            (default: n/a)
+  --regexes:                    filter flows using regular expression      (default: n/a)
+  --sport_range:                filter source port range                   (default: n/a)
+  --sport:                      filter source port                         (default: n/a)
+  --sports:                     filter on either of two source ports       (default: n/a)
+  --tcp_flags:                  filter TCP flags                           (default: n/a)
+  --interfaces:                 interfaces to monitor                      (default: n/a)
+```
+
 ## Feedback
 We hope you enjoyed this article!