Merge pull request #65472 from openshift-cherrypick-robot/cherry-pick…

…-64448-to-enterprise-4.14 [enterprise-4.14] OCPBUGS-17785: Document SR-IOV/FlowCollector config
openshift · Sep 28, 2023 · 1996f5a · 1996f5a
2 parents 29a1996 + 9432aad
commit 1996f5a
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 4 deletions.
diff --git a/modules/network-observability-SRIOV-configuration.adoc b/modules/network-observability-SRIOV-configuration.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * network_observability/configuring-operator.adoc
+
+:_content-type: PROCEDURE
+[id="network-observability-SR-IOV-config_{context}"]
+= Configuring monitoring for SR-IOV interface traffic
+In order to collect traffic from a cluster with a Single Root I/O Virtualization (SR-IOV) device, you must set the `FlowCollector` `spec.agent.ebpf.privileged` field to `true`. Then, the eBPF agent monitors other network namespaces in addition to the host network namespaces, which are monitored by default. When a pod with a virtual functions (VF) interface is created, a new network namespace is created. With `SRIOVNetwork` policy `IPAM` configurations specified, the VF interface is migrated from the host network namespace to the pod network namespace.
+
+.Prerequisites
+* Access to an {product-title} cluster with a SR-IOV device. 
+* The `SRIOVNetwork` custom resource (CR) `spec.ipam` configuration must be set with an IP address from the range that the interface lists or from other plugins.
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 
+. Select *cluster* and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource. A sample configuration is as follows:
++
+[id="network-observability-flowcollector-configuring-SRIOV-monitoring{context}"]
+.Configure `FlowCollector` for SR-IOV monitoring
+[source,yaml]
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  namespace: netobserv
+  deploymentModel: DIRECT
+  agent:
+    type: EBPF
+    ebpf:        
+      privileged: true   <1> 
+----
+<1> The `spec.agent.ebpf.privileged` field value must be set to `true` to enable SR-IOV monitoring.
diff --git a/modules/network-observability-loki-secret.adoc b/modules/network-observability-loki-secret.adoc
@@ -8,7 +8,7 @@
 The Loki Operator supports a few log storage options, such as AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation. The following example shows how to create a secret for AWS S3 storage. The secret created in this example, `loki-s3`, is referenced in "Creating a LokiStack resource". You can create this secret in the web console or CLI.
 
 . Using the web console, navigate to the *Project* -> *All Projects* dropdown and select *Create Project*. Name the project `netobserv` and click *Create*.
-. Navigate to the Import icon, *+*, in the top right corner. Paste your YAML file into the editor. It is important to create this YAML file in the `netobserv` namespace that uses the `access_key_id` and `access_key_secret` to specify your credentials. 
+. Navigate to the Import icon, *+*, in the top right corner. Paste your YAML file into the editor. 
 +
 The following shows an example secret YAML file for S3 storage:
 +

diff --git a/modules/network-observability-lokistack-create.adoc b/modules/network-observability-lokistack-create.adoc
@@ -5,7 +5,7 @@
 :_content-type: PROCEDURE
 [id="network-observability-lokistack-create_{context}"]
 = Creating a LokiStack custom resource 
-It is recommended to deploy the LokiStack in the same namespace referenced by the `FlowCollector` specification, `spec.namespace`. You can use the web console or CLI to create a namespace, or new project. 
+You can deploy a LokiStack using the web console or CLI to create a namespace, or new project. 
 
 .Procedure
 
@@ -20,7 +20,7 @@ It is recommended to deploy the LokiStack in the same namespace referenced by th
   kind: LokiStack
   metadata:
     name: loki
-    namespace: netobserv    <1>
+    namespace: netobserv   <1>
   spec:
     size: 1x.small
     storage:
@@ -39,7 +39,7 @@ It is recommended to deploy the LokiStack in the same namespace referenced by th
 +
 [IMPORTANT]
 ====
-You must not reuse the same LokiStack that is used for cluster logging.
+You must not reuse the same `LokiStack` that is used for cluster logging.
 ====
 . Click *Create*. 
 

diff --git a/networking/network_observability/configuring-operator.adoc b/networking/network_observability/configuring-operator.adoc
@@ -24,5 +24,10 @@ For more information about specifying flow format, see xref:../../networking/net
 
 include::modules/network-observability-configuring-FLP-sampling.adoc[leveloffset=+1]
 include::modules/network-observability-configuring-quickfilters-flowcollector.adoc[leveloffset=+1]
+include::modules/network-observability-SRIOV-configuration.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+For more information about creating the `SriovNetwork` custom resource, see xref:../../networking/hardware_networks/configuring-sriov-device.adoc#cnf-creating-an-additional-sriov-network-with-vrf-plug-in_configuring-sriov-device[Creating an additional SR-IOV network attachment with the CNI VRF plugin].
+
 include::modules/network-observability-resource-recommendations.adoc[leveloffset=+1]
 include::modules/network-observability-resources-table.adoc[leveloffset=+2]