NETOBSERV-791 Better organize OLM form (#425)

* specDescriptors / statusDescriptors convert checkboxes to switch console plugin display only when loki enabled update bundle rebased / apply to v1beta2 * Reorganize some settings: Hide some of them (e.g. ipfix), move others in advanced * Generate some specDescriptors from script * Make FlowCollector required * fixed required CRD annotation --------- Co-authored-by: Joel Takvorian <[email protected]>
netobserv · Jan 25, 2024 · fd30f97 · fd30f97
1 parent 88d6b78
commit fd30f97
Show file tree

Hide file tree

Showing 10 changed files with 683 additions and 42 deletions.
diff --git a/Makefile b/Makefile
@@ -387,12 +387,15 @@ bundle-prepare: OPSDK generate kustomize ## Generate bundle manifests and metada
 bundle: bundle-prepare ## Generate final bundle files.
 	rm -r bundle/manifests
 	rm -r bundle/metadata
+	cp ./config/csv/bases/netobserv-operator.clusterserviceversion.yaml tmp-csv
+	hack/crd2csvSpecDesc.sh v1beta2
 	$(SED) -e 's/^/    /' config/descriptions/upstream.md > tmp-desc
 	$(KUSTOMIZE) build $(BUNDLE_CONFIG) \
 		| $(SED) -e 's~:container-image:~$(IMAGE)~' \
 		| $(SED) -e "/':full-description:'/r tmp-desc" \
 		| $(SED) -e "s/':full-description:'/|\-/" \
 		| $(OPSDK) generate bundle -q --overwrite --version $(BUNDLE_VERSION) $(BUNDLE_METADATA_OPTS)
+	mv tmp-csv ./config/csv/bases/netobserv-operator.clusterserviceversion.yaml
 	rm tmp-desc
 	sh -c '\
 	VALIDATION_OUTPUT=$$($(OPSDK) bundle validate ./bundle --select-optional suite=operatorframework); \

diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go
@@ -212,11 +212,11 @@ type FlowCollectorEBPF struct {
 	// `logLevel` defines the log level for the NetObserv eBPF Agent
 	LogLevel string `json:"logLevel,omitempty"`
 
-	// Privileged mode for the eBPF Agent container. In general this setting can be ignored or set to `false`:
-	// in that case, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE)
-	// to the container, to enable its correct operation.
+	// Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
+	// granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container.
 	// If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
 	// is in use, then you can turn on this mode for more global privileges.
+	// Some agent features require the privileged mode, such as packet drops tracking (see `features`).
 	// +optional
 	Privileged bool `json:"privileged,omitempty"`
 

diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go
@@ -219,11 +219,11 @@ type FlowCollectorEBPF struct {
 	// `logLevel` defines the log level for the NetObserv eBPF Agent
 	LogLevel string `json:"logLevel,omitempty"`
 
-	// Privileged mode for the eBPF Agent container. In general this setting can be ignored or set to `false`:
-	// in that case, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE)
-	// to the container, to enable its correct operation.
+	// Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
+	// granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container.
 	// If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
 	// is in use, then you can turn on this mode for more global privileges.
+	// Some agent features require the privileged mode, such as packet drops tracking (see `features`).
 	// +optional
 	Privileged bool `json:"privileged,omitempty"`
 

diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -2608,14 +2608,14 @@ spec:
                         - panic
                         type: string
                       privileged:
-                        description: 'Privileged mode for the eBPF Agent container.
-                          In general this setting can be ignored or set to `false`:
-                          in that case, the operator sets granular capabilities (BPF,
-                          PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, to enable
-                          its correct operation. If for some reason these capabilities
-                          cannot be set, such as if an old kernel version not knowing
-                          CAP_BPF is in use, then you can turn on this mode for more
-                          global privileges.'
+                        description: Privileged mode for the eBPF Agent container.
+                          When ignored or set to `false`, the operator sets granular
+                          capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to
+                          the container. If for some reason these capabilities cannot
+                          be set, such as if an old kernel version not knowing CAP_BPF
+                          is in use, then you can turn on this mode for more global
+                          privileges. Some agent features require the privileged mode,
+                          such as packet drops tracking (see `features`).
                         type: boolean
                       resources:
                         default:
@@ -5298,14 +5298,14 @@ spec:
                         - panic
                         type: string
                       privileged:
-                        description: 'Privileged mode for the eBPF Agent container.
-                          In general this setting can be ignored or set to `false`:
-                          in that case, the operator sets granular capabilities (BPF,
-                          PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, to enable
-                          its correct operation. If for some reason these capabilities
-                          cannot be set, such as if an old kernel version not knowing
-                          CAP_BPF is in use, then you can turn on this mode for more
-                          global privileges.'
+                        description: Privileged mode for the eBPF Agent container.
+                          When ignored or set to `false`, the operator sets granular
+                          capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to
+                          the container. If for some reason these capabilities cannot
+                          be set, such as if an old kernel version not knowing CAP_BPF
+                          is in use, then you can turn on this mode for more global
+                          privileges. Some agent features require the privileged mode,
+                          such as packet drops tracking (see `features`).
                         type: boolean
                       resources:
                         default: