-
Notifications
You must be signed in to change notification settings - Fork 1.8k
[enterprise-4.15] OSDOCS-15828 [NETOBSERV] Refactor release notes 1.7 #102579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
gwynnemonahan
wants to merge
1
commit into
openshift:enterprise-4.15
Choose a base branch
from
gwynnemonahan:manual-cherry-pick-enterprise-4-15-OSDOCS-15828
base: enterprise-4.15
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+132
−328
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
23 changes: 23 additions & 0 deletions
23
modules/network-observability-operator-release-notes-1-7-0-fixed-issues.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| // Module included in the following assemblies: | ||
| // * network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc | ||
|
|
||
| :_mod-docs-content-type: REFERENCE | ||
| [id="network-observability-operator-release-notes-1-7-0-fixed-issues_{context}"] | ||
| = Network Observability Operator 1.7.0 fixed issues | ||
|
|
||
| [role="_abstract"] | ||
| You can review the following fixed issues for the Network Observability Operator 1.7.0 release. | ||
|
|
||
| * Previously, when using a {op-system-base} 9.2 real-time kernel, some of the webhooks did not work. Now, a fix is in place to check whether this {op-system-base} 9.2 real-time kernel is being used. If the kernel is being used, a warning is displayed about the features that do not work, such as packet drop and neither Round-trip Time when using `s390x` architecture. The fix is in OpenShift 4.16 and later. (link:https://issues.redhat.com/browse/NETOBSERV-1808[*NETOBSERV-1808*]) | ||
| * Previously, in the *Manage panels* dialog in the *Overview* tab, filtering on *total*, *bar*, *donut*, or *line* did not show a result. Now the available panels are correctly filtered. (link:https://issues.redhat.com/browse/NETOBSERV-1540[*NETOBSERV-1540*]) | ||
| * Previously, under high stress, the eBPF agents were susceptible to enter into a state where they generated a high number of small flows, almost not aggregated. With this fix, the aggregation process is still maintained under high stress, resulting in less flows being created. This fix improves the resource consumption not only in the eBPF agent but also in `flowlogs-pipeline` and Loki. (link:https://issues.redhat.com/browse/NETOBSERV-1564[*NETOBSERV-1564*]) | ||
| * Previously, when the `workload_flows_total` metric was enabled instead of the `namespace_flows_total` metric, the health dashboard stopped showing `By namespace` flow charts. With this fix, the health dashboard now shows the flow charts when the `workload_flows_total` is enabled. (link:https://issues.redhat.com/browse/NETOBSERV-1746[*NETOBSERV-1746*]) | ||
| * Previously, when you used the `FlowMetrics` API to generate a custom metric and later modified its labels, such as by adding a new label, the metric stopped populating and an error was shown in the `flowlogs-pipeline` logs. With this fix, you can modify the labels, and the error is no longer raised in the `flowlogs-pipeline` logs. (link:https://issues.redhat.com/browse/NETOBSERV-1748[*NETOBSERV-1748*]) | ||
| * Previously, there was an inconsistency with the default Loki `WriteBatchSize` configuration: it was set to 100 KB in the `FlowCollector` CRD default, and 10 MB in the OLM sample or default configuration. Both are now aligned to 10 MB, which generally provides better performances and less resource footprint. (link:https://issues.redhat.com/browse/NETOBSERV-1766[*NETOBSERV-1766*]) | ||
| * Previously, the eBPF flow filter on ports was ignored if you did not specify a protocol. With this fix, you can set eBPF flow filters independently on ports and or protocols. (link:https://issues.redhat.com/browse/NETOBSERV-1779[*NETOBSERV-1779*]) | ||
| * Previously, traffic from Pods to Services was hidden from the *Topology view*. Only the return traffic from Services to Pods was visible. With this fix, that traffic is correctly displayed. (link:https://issues.redhat.com/browse/NETOBSERV-1788[*NETOBSERV-1788*]) | ||
| * Previously, non-cluster administrator users that had access to Network Observability saw an error in the console plugin when they tried to filter for something that triggered auto-completion, such as a namespace. With this fix, no error is displayed, and the auto-completion returns the expected results. (link:https://issues.redhat.com/browse/NETOBSERV-1798[*NETOBSERV-1798*]) | ||
| * When the secondary interface support was added, you had to iterate multiple times to register the per network namespace with the netlink to learn about interface notifications. At the same time, unsuccessful handlers caused a leaking file descriptor because with TCX hook, unlike TC, handlers needed to be explicitly removed when the interface went down. Furthermore, when the network namespace was deleted, there was no Go close channel event to terminate the netlink goroutine socket, which caused go threads to leak. Now, there are no longer leaking file descriptors or go threads when you create or delete pods. (link:https://issues.redhat.com/browse/NETOBSERV-1805[*NETOBSERV-1805*]) | ||
| * Previously, the ICMP type and value were displaying 'n/a' in the *Traffic flows* table even when related data was available in the flow JSON. With this fix, ICMP columns display related values as expected in the flow table. (link:https://issues.redhat.com/browse/NETOBSERV-1806[*NETOBSERV-1806*]) | ||
| * Previously in the console plugin, it wasn't always possible to filter for unset fields, such as unset DNS latency. With this fix, filtering on unset fields is now possible. (link:https://issues.redhat.com/browse/NETOBSERV-1816[*NETOBSERV-1816*]) | ||
| * Previously, when you cleared filters in the OpenShift web console plugin, sometimes the filters reappeared after you navigated to another page and returned to the page with filters. With this fix, filters do not unexpectedly reappear after they are cleared. (link:https://issues.redhat.com/browse/NETOBSERV-1733[*NETOBSERV-1733*]) |
33 changes: 33 additions & 0 deletions
33
modules/network-observability-operator-release-notes-1-7-0-known-issues.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| // Module included in the following assemblies: | ||
| // * network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc | ||
|
|
||
| :_mod-docs-content-type: REFERENCE | ||
| [id="network-observability-operator-release-notes-1-7-0-known-issues_{context}"] | ||
| = Network Observability Operator 1.7.0 known issues | ||
|
|
||
| [role="_abstract"] | ||
| You can review the following known issues for the Network Observability Operator 1.7.0 release. | ||
|
|
||
| * When you use the must-gather tool with network observability, logs are not collected when the cluster has FIPS enabled. (link:https://issues.redhat.com/browse/NETOBSERV-1830[*NETOBSERV-1830*]) | ||
| * When the `spec.networkPolicy` is enabled in the `FlowCollector`, which installs a network policy on the `netobserv` namespace, it is impossible to use the `FlowMetrics` API. The network policy blocks calls to the validation webhook. As a workaround, use the following network policy: | ||
| + | ||
| [source,yaml] | ||
| ---- | ||
| kind: NetworkPolicy | ||
| apiVersion: networking.k8s.io/v1 | ||
| metadata: | ||
| name: allow-from-hostnetwork | ||
| namespace: netobserv | ||
| spec: | ||
| podSelector: | ||
| matchLabels: | ||
| app: netobserv-operator | ||
| ingress: | ||
| - from: | ||
| - namespaceSelector: | ||
| matchLabels: | ||
| policy-group.network.openshift.io/host-network: '' | ||
| policyTypes: | ||
| - Ingress | ||
| ---- | ||
| (link:https://issues.redhat.com/browse/NETOBSERV-1934[*NETOBSERV-193*]) |
57 changes: 57 additions & 0 deletions
57
...k-observability-operator-release-notes-1-7-0-new-features-and-enhancements.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| // Module included in the following assemblies: | ||
| // * network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc | ||
|
|
||
| :_mod-docs-content-type: REFERENCE | ||
| [id="network-observability-operator-release-notes-1-7-0-new-features-and-enhancements_{context}"] | ||
| = Network Observability Operator 1.7.0 new features and enhancements | ||
|
|
||
| [role="_abstract"] | ||
| You can review the following new features and enhancements for the Network Observability Operator 1.7.0 release. | ||
|
|
||
| [id="network-observability-operator-otel-1-7_{context}"] | ||
| == OpenTelemetry support | ||
| You can now export enriched network flows to a compatible OpenTelemetry endpoint, such as the Red{nbsp}Hat build of OpenTelemetry. For more information see xref:../../../observability/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data]. | ||
|
|
||
| [id="network-observability-operator-developer-perspective-1-7_{context}"] | ||
| == Network observability Developer perspective | ||
| You can now use network observability in the *Developer* perspective. For more information, see xref:../../../observability/network_observability/network-observability-overview.adoc#network-observability-openshift-console-integration_network-observability-overview[{product-title} console integration]. | ||
gwynnemonahan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| [id="tcp-flags-filters-1-7_{context}"] | ||
| == TCP flags filtering | ||
| You can now use the `tcpFlags` filter to limit the volume of packets processed by the eBPF program. For more information, see xref:../../../observability/network_observability/observing-network-traffic.adoc#network-observability-flowcollector-flowfilter-parameters_nw-observe-network-traffic[Flow filter configuration parameters], xref:../../../observability/network_observability/observing-network-traffic.adoc#network-observability-ebpf-flow-rule-filter_nw-observe-network-traffic[eBPF flow rule filter], and xref:../../../observability/network_observability/metrics-alerts-dashboards.adoc#network-observability-tcp-flag-syn-flood_metrics-dashboards-alerts[Detecting SYN flooding using the FlowMetric API and TCP flags]. | ||
gwynnemonahan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| [id="network-observability-virtualization_{context}"] | ||
| == Network observability for OpenShift Virtualization | ||
| You can observe networking patterns on an {VirtProductName} setup by identifying eBPF-enriched network flows coming from VMs that are connected to secondary networks, such as through Open Virtual Network (OVN)-Kubernetes. For more information, see xref:../../../observability/network_observability/network-observability-secondary-networks.adoc#network-observability-virtualization-config_network-observability-secondary-networks[Configuring virtual machine (VM) secondary network interfaces for network observability]. | ||
gwynnemonahan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| [id="network-observability-network-policy-1-7_{context}"] | ||
| == Network policy deploys in the FlowCollector custom resource (CR) | ||
| With this release, you can configure the `FlowCollector` custom resource (CR) to deploy a network policy for network observability. Previously, if you wanted a network policy, you had to manually create one. The option to manually create a network policy is still available. For more information, see xref:../../../observability/network_observability/network-observability-network-policy.adoc#network-observability-deploy-network-policy_network_observability[Configuring an ingress network policy by using the FlowCollector custom resource]. | ||
|
|
||
| [id="network-observability-fips-compliance-1-7_{context}"] | ||
| == FIPS compliance | ||
| * You can install and use the Network Observability Operator in an {product-title} cluster running in FIPS mode. | ||
| + | ||
| -- | ||
| include::snippets/fips-snippet.adoc[] | ||
| -- | ||
|
|
||
| [id="network-observability-dns-enhancements-1-7_{context}"] | ||
| == eBPF agent enhancements | ||
| The following enhancements are available for the eBPF agent: | ||
|
|
||
| * If the DNS service maps to a different port than `53`, you can specify this DNS tracking port using `spec.agent.ebpf.advanced.env.DNS_TRACKING_PORT`. | ||
| * You can now use two ports for transport protocols (TCP, UDP, or SCTP) filtering rules. | ||
| * You can now filter on transport ports with a wildcard protocol by leaving the protocol field empty. | ||
|
|
||
| For more information, see xref:../../../observability/network_observability/flowcollector-api.adoc#spec-agent-ebpf-advanced[FlowCollector API specifications]. | ||
gwynnemonahan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| [id="network-observability-cli-1-7_{context}"] | ||
| == Network Observability CLI | ||
| The Network Observability CLI (`oc netobserv`), is now generally available. The following enhancements have been made since the 1.6 Technology Preview release: | ||
|
|
||
| * There are now eBPF enrichment filters for packet capture similar to flow capture. | ||
| * You can now use filter `tcp_flags` with both flow and packets capture. | ||
| * The auto-teardown option is available when max-bytes or max-time is reached. | ||
|
|
||
| For more information, see xref:../../../observability/network_observability/netobserv_cli/netobserv-cli-install.adoc#network-observability-netoberv-cli-about_netobserv-cli-install[About the Network Observability CLI] and link:https://access.redhat.com/errata/RHEA-2024:8264[Network Observability CLI 1.7.0]. | ||
gwynnemonahan marked this conversation as resolved.
Show resolved
Hide resolved
|
||
11 changes: 11 additions & 0 deletions
11
modules/network-observability-operator-release-notes-1-7-0.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| // Module included in the following assemblies: | ||
| // * network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc | ||
|
|
||
| :_mod-docs-content-type: REFERENCE | ||
| [id="network-observability-operator-release-notes-1-7-0_{context}"] | ||
| = Network Observability Operator 1.7.0 advisory | ||
|
|
||
| [role="_abstract"] | ||
| You can review the advisory for the Network Observability Operator 1.7.0 release. | ||
|
|
||
| * link:https://access.redhat.com/errata/RHSA-2024:8014[Network Observability Operator 1.7.0] |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.