NETOBSERV-220 implement ovn-kubernetes reconciler (#97)

* Create ovn-k reconciler that directly acts on ovnk daemonset config Distinct case openshift / other for hostnetwork - With Openshift use its SCC API - Else use pod's spec hostnetwork Update documentation * ovnk reconciler: address feedback - Configure ovnk (namespace, daemonset, container name). Defaults should work in most cases. - Detect CNO presence to switch between CNO or upstream ovnk - Merge the existing Console detection in a new "AvailableAPIs" mechanism in the existing dicover package * Add finalizer to cleanup ovn-kube env
netobserv · May 19, 2022 · 64b0d2e · 64b0d2e
1 parent b2dc47f
commit 64b0d2e
Show file tree

Hide file tree

Showing 15 changed files with 551 additions and 162 deletions.
diff --git a/README.md b/README.md
@@ -7,10 +7,10 @@ An OpenShift / Kubernetes operator for network observability. It deploys a flow
 A Grafana dashboard is also provided.
 
 It is also possible to use without OpenShift:
-- Using the upstream [ovn-kubernetes](https://github.com/ovn-org/ovn-kubernetes/) with any supported Kubernetes flavour ([see below](#ovnk-config) for enabling IPFIX exports on ovn-kubernetes).
+- Using the upstream [ovn-kubernetes](https://github.com/ovn-org/ovn-kubernetes/) with any supported Kubernetes flavour.
 - If you don't use ovn-kubernetes but still can manage having IPFIX exports by a different mean, you're more on your own, but still should be able to use this operator. You will need to configure the IPFIX export to push flows to the `flowlogs-pipeline` component deployed by this operator. You could also consider using [flowlogs-pipeline](https://github.com/netobserv/flowlogs-pipeline) directly.
 
-The operator itself is deployed in the namespace "network-observability", whereas managed components are deployed in a namespace configured via a Custom Resource (see [FlowCollector custom resource](#flowcollector-custom-resource) section below).
+Managed components are deployed in a namespace configured via a Custom Resource (see [FlowCollector custom resource](#flowcollector-custom-resource) section below).
 
 ## Deploy an existing image
 
@@ -110,26 +110,17 @@ Note that the `FlowCollector` resource must be unique and must be named `cluster
 
 ## Enabling OVS IPFIX export
 
-If you use OpenShift 4.10, you don't have anything to do: the operator will configure OVS *via* the Cluster Network Operator. Else, some manual steps are still required:
+If you use OpenShift 4.10 or the upstream ovn-kubernetes without OpenShift, you don't have anything to do: the operator will configure OVS *via* OpenShift Cluster Network Operator, or the ovn-kubernetes layer directly.
 
-<a name="ovnk-config"></a>
-
-### With upstream ovn-kubernetes (e.g. using KIND)
-
-```bash
-FLP_IP=`kubectl get svc flowlogs-pipeline -n network-observability -ojsonpath='{.spec.clusterIP}'` && echo $FLP_IP
-kubectl set env daemonset/ovnkube-node -c ovnkube-node -n ovn-kubernetes OVN_IPFIX_TARGETS="$FLP_IP:2055"
-```
-
-### On older OpenShift with OVN-Kubernetes CNI
-
-In OpenShift, a difference with the upstream `ovn-kubernetes` is that the flows export config is managed by the `ClusterNetworkOperator`.
+Else if you use OpenShift 4.8 or 4.9, some manual steps are still required
 
 ```bash
 FLP_IP=`oc get svc flowlogs-pipeline -n network-observability -ojsonpath='{.spec.clusterIP}'` && echo $FLP_IP
 oc patch networks.operator.openshift.io cluster --type='json' -p "[{'op': 'add', 'path': '/spec', 'value': {'exportNetworkFlows': {'ipfix': { 'collectors': ['$FLP_IP:2055']}}}}]"
 ```
 
+OpenShift versions older than 4.8 don't support IPFIX exports.
+
 ## Installing Loki
 
 Loki is used to store the flows, however its installation is not managed directly by the operator. There are several options to install Loki, like using the `loki-operator` or the helm charts. Get some help about it on [this page](https://github.com/netobserv/documents/blob/main/hack_loki.md).

diff --git a/api/v1alpha1/flowcollector_types.go b/api/v1alpha1/flowcollector_types.go
@@ -77,7 +77,10 @@ type FlowCollectorSpec struct {
 	ConsolePlugin FlowCollectorConsolePlugin `json:"consolePlugin,omitempty"`
 
 	// ClusterNetworkOperator contains settings related to the cluster network operator
-	ClusterNetworkOperator ClusterNetworkOperator `json:"clusterNetworkOperator,omitempty"`
+	ClusterNetworkOperator ClusterNetworkOperatorConfig `json:"clusterNetworkOperator,omitempty"`
+
+	// OVNKubernetes contains settings related to ovn-kubernetes. This configuration is necessary only if OpenShift Cluster Network Operator is not used / configured.
+	OVNKubernetes OVNKubernetesConfig `json:"ovnKubernetes,omitempty"`
 }
 
 // FlowCollectorIPFIX defines a FlowCollector that uses IPFIX on OVN-Kubernetes to collect the
@@ -369,15 +372,32 @@ type ConsolePluginPortConfig struct {
 	PortNames map[string]string `json:"portNames,omitempty" yaml:"portNames,omitempty"`
 }
 
-// CNO defines the desired configuration related to the Cluster Network Configuration
-type ClusterNetworkOperator struct {
+// ClusterNetworkOperatorConfig defines the desired configuration related to the Cluster Network Configuration
+type ClusterNetworkOperatorConfig struct {
 	// Important: Run "make generate" to regenerate code after modifying this file
 
 	//+kubebuilder:default:=openshift-network-operator
 	// Namespace  where the configmap is going to be deployed.
 	Namespace string `json:"namespace,omitempty"`
 }
 
+// OVNKubernetesConfig defines the desired configuration related to the OVNKubernetes network provider, when Cluster Network Operator isn't installed.
+type OVNKubernetesConfig struct {
+	// Important: Run "make generate" to regenerate code after modifying this file
+
+	//+kubebuilder:default:=ovn-kubernetes
+	// Namespace where ovn-kubernetes pods are deployed.
+	Namespace string `json:"namespace,omitempty"`
+
+	//+kubebuilder:default:=ovnkube-node
+	// Name of the DaemonSet controlling the ovn-kubernetes pods.
+	DaemonSetName string `json:"daemonSetName,omitempty"`
+
+	//+kubebuilder:default:=ovnkube-node
+	// Name of the container to configure for IPFIX.
+	ContainerName string `json:"containerName,omitempty"`
+}
+
 // FlowCollectorStatus defines the observed state of FlowCollector
 type FlowCollectorStatus struct {
 	// Important: Run "make" to regenerate code after modifying this file

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -1533,6 +1533,25 @@ spec:
                   going to be deployed. If empty, the namespace of the operator is
                   going to be used
                 type: string
+              ovnKubernetes:
+                description: OVNKubernetes contains settings related to ovn-kubernetes.
+                  This configuration is necessary only if OpenShift Cluster Network
+                  Operator is not used / configured.
+                properties:
+                  containerName:
+                    default: ovnkube-node
+                    description: Name of the container to configure for IPFIX.
+                    type: string
+                  daemonSetName:
+                    default: ovnkube-node
+                    description: Name of the DaemonSet controlling the ovn-kubernetes
+                      pods.
+                    type: string
+                  namespace:
+                    default: ovn-kubernetes
+                    description: Namespace where ovn-kubernetes pods are deployed.
+                    type: string
+                type: object
             required:
             - agent
             type: object

diff --git a/config/manifests/bases/netobserv-operator.clusterserviceversion.yaml b/config/manifests/bases/netobserv-operator.clusterserviceversion.yaml
@@ -58,14 +58,7 @@ spec:
     To turn it off, remove the `exportNetworkFlows` from `networks.operator.openshift.io/cluster`.
 
     #### Generic Kubernetes with ovn-kubernetes
-    You need to explicitly turn on IPFIX export in ovn-kubernetes:
-
-    ```
-    FLP_IP=`kubectl get svc flowlogs-pipeline -n network-observability -ojsonpath='{.spec.clusterIP}'` && echo $FLP_IP
-    kubectl set env daemonset/ovnkube-node -c ovnkube-node -n ovn-kubernetes OVN_IPFIX_TARGETS="$FLP_IP:2055"
-    ```
-
-    To turn it off, remove the `OVN_IPFIX_TARGETS` env from `daemonset/ovnkube-node`.
+    No further action is required to enable IPFIX exports. If you want to turn off the exports, remove the `FlowCollector` cluster resource.
 
     ### OpenShift Console
     OpenShift 4.10 or above is required to use the Console plugin. The operator should register this plugin automatically if `spec.consolePlugin.register` is set to `true` (default).

diff --git a/config/samples/flows_v1alpha1_flowcollector.yaml b/config/samples/flows_v1alpha1_flowcollector.yaml
@@ -51,3 +51,7 @@ spec:
         "3100": loki
   clusterNetworkOperator:
     namespace: "openshift-network-operator"
+  ovnKubernetes:
+    namespace: "ovn-kubernetes"
+    daemonSetName: "ovnkube-node"
+    containerName: "ovnkube-node"