Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-1532: add TLS support to ebpf agent metrics config #602

Merged
merged 5 commits into from Mar 28, 2024
Merged

NETOBSERV-1532: add TLS support to ebpf agent metrics config #602

merged 5 commits into from Mar 28, 2024

Conversation

msherif1234
Copy link
Contributor

@msherif1234 msherif1234 commented Mar 25, 2024
edited

Description

add TLS config support to ebpf agent

Dependencies

netobserv/netobserv-ebpf-agent#305
#604

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@msherif1234 msherif1234 requested a review from jotak March 25, 2024 14:11
@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Mar 25, 2024
edited by openshift-ci bot

@msherif1234: This pull request references NETOBSERV-1532 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

Description

add TLS config support to ebpf agent

Dependencies

netobserv/netobserv-ebpf-agent#305

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@codecov Codecov
Copy link

codecov bot commented Mar 25, 2024
edited

Codecov Report

Attention: Patch coverage is 25.00000% with 21 lines in your changes are missing coverage. Please review.

Project coverage is 66.78%. Comparing base (c08b28b) to head (dd62867).
Report is 1 commits behind head on main.

Files Patch % Lines
controllers/ebpf/agent_controller.go 25.00% 20 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #602      +/-   ##
==========================================
- Coverage   66.95%   66.78%   -0.17%     
==========================================
  Files          65       65              
  Lines        8116     8139      +23     
==========================================
+ Hits         5434     5436       +2     
- Misses       2334     2354      +20     
- Partials      348      349       +1
Flag Coverage Δ
unittests 66.78% <25.00%> (-0.17%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jotak jotak added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:97a49ff
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-97a49ff
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-97a49ff

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:97a49ff make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-97a49ff

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-97a49ff
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@msherif1234 msherif1234 added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:05f4ef4
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-05f4ef4
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-05f4ef4

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:05f4ef4 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-05f4ef4

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-05f4ef4
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

jotak
jotak reviewed Mar 26, 2024
View reviewed changes
controllers/ebpf/agent_controller.go Outdated
case flowslatest.ServerTLSDisabled:
// nothing to do there
}
if promTLS != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I'm correct, it's missing the volume mount for the certificate?
We have a helper to do that:

		c.volumes.AddCertificate(promTLS, "prom-certs")

see for instance on FLP: https://github.com/netobserv/network-observability-operator/blob/main/controllers/flp/flp_common_objects.go#L295

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@msherif1234 msherif1234 requested a review from jotak March 26, 2024 16:00
@msherif1234
Copy link
Contributor Author

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:7351fcc
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-7351fcc
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-7351fcc

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:7351fcc make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-7351fcc

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-7351fcc
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@msherif1234
Copy link
Contributor Author

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:61f0bb2
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-61f0bb2
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-61f0bb2

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:61f0bb2 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-61f0bb2

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-61f0bb2
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@msherif1234
Copy link
Contributor Author

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:02d87de
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-02d87de
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-02d87de

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:02d87de make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-02d87de

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-02d87de
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 26, 2024
@msherif1234
Copy link
Contributor Author

/ok-to-test

@msherif1234
Copy link
Contributor Author

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 27, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:459ea48
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-459ea48
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-459ea48

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:459ea48 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-459ea48

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-459ea48
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@msherif1234
NETOBSERV-1532: add TLS support to ebpf agent metrics config
29b0656 
Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
@msherif1234
update APIs to mark TLS Provided mode as Unsupported
c6354b2 
Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 27, 2024
@msherif1234
Copy link
Contributor Author

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 27, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:5bc3c02
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-5bc3c02
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-5bc3c02

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:5bc3c02 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-5bc3c02

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-5bc3c02
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@jotak
NETOBSERV-1585: fix issues exposing metrics upstream/downstream
4d9ecfa 
- Fix using TLS with user workload monitoring
- Do not set openshift-monitoring annotation on netobserv namespace
  upstream
- Fix tagging DOWNSTREAM DEPLOYMENT on netobserv-privileged namespace
@jotak
Merge remote-tracking branch 'origin/fix-user-workload-monitoring' in…
8cbbe85 
…to pr-602
@jotak
Use helper function for agent servicemonitor TLS
a6df04a
@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 28, 2024
@jotak
Copy link
Member

jotak commented Mar 28, 2024

@msherif1234 I've added my fix from #604

@jotak jotak added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 28, 2024
@github-actions GitHub Actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:862911c
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-862911c
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-862911c

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:862911c make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-862911c

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-862911c
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@msherif1234
Copy link
Contributor Author

/test e2e-operator

@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Mar 28, 2024
edited by openshift-ci bot

@msherif1234: This pull request references NETOBSERV-1532 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

Description

add TLS config support to ebpf agent

Dependencies

netobserv/netobserv-ebpf-agent#305
#604

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@msherif1234
Copy link
Contributor Author

/test e2e-operator

@memodi
Copy link
Contributor

memodi commented Mar 28, 2024

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved QE has approved this pull request label Mar 28, 2024
@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Mar 28, 2024
edited by openshift-ci bot

@msherif1234: This pull request references NETOBSERV-1532 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

Description

add TLS config support to ebpf agent

Dependencies

netobserv/netobserv-ebpf-agent#305
#604

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@jotak
Copy link
Member

jotak commented Mar 28, 2024

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Mar 28, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 28, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jotak

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit fd49392 into netobserv:main Mar 28, 2024
12 checks passed
@memodi memodi mentioned this pull request Apr 1, 2024
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jotak jotak Awaiting requested review from jotak

Assignees

@jotak jotak

Labels
approved jira/valid-reference lgtm ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. qe-approved QE has approved this pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@msherif1234 @openshift-ci-robot @codecov-commenter @jotak @memodi