diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 0fa5c44605..10b6f30851 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -3275,9 +3275,9 @@ Topics: File: network-observability-operator-release-notes-1-10 #Keeping network-observability-operator-release-notes until all entries have been modularized. #Once all entire have been modularized, it will be updated with modules from 1-10 and these comments will be removed. - - Name: Network observability release notes + - Name: Network Observability Operator release notes File: network-observability-operator-release-notes - - Name: Network Observability Operator archived release notes + - Name: Network Observability Operator release notes archive Dir: release_notes_archive Topics: - Name: Network Observability Operator release notes archive diff --git a/modules/network-observability-operator-release-notes-1-9-3-advisory.adoc b/modules/network-observability-operator-release-notes-1-9-3-advisory.adoc index ca4c561ac3..d2443f9518 100644 --- a/modules/network-observability-operator-release-notes-1-9-3-advisory.adoc +++ b/modules/network-observability-operator-release-notes-1-9-3-advisory.adoc @@ -1,5 +1,5 @@ // Module included in the following assemblies: -// * network_observability/network-observability-release-notes-1-9-3.adoc +// * network_observability/network-observability-operator-release-notes.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-operator-release-notes-1-9-3-advisory_{context}"] diff --git a/modules/network-observability-release-notes-1-1-0-bug-fixes.adoc b/modules/network-observability-release-notes-1-1-0-bug-fixes.adoc index 6464f3c4bc..cab760e0db 100644 --- a/modules/network-observability-release-notes-1-1-0-bug-fixes.adoc +++ b/modules/network-observability-release-notes-1-1-0-bug-fixes.adoc @@ -1,8 +1,11 @@ // Module included in the following assemblies: -// * network_observability/network-observability-operator-release-notes-1-1-0.adoc +// * network_observability/network-observability-operator-release-notes-archive.adoc :_mod-docs-content-type: REFERENCE -[id="network-observability-release-notes-1-1-0-bug-fixes_{context}"] -= Network observability 1.1.0 bug fixes +[id="network-observability-release-notes-1-1-0-fixed-issues_{context}"] += Network observability 1.1.0 fixed issues + +[role="_abstract"] +You can view the following fixed issues for the Network Observability Operator 1.1.0 release. * Previously, unless the Loki `authToken` configuration was set to `FORWARD` mode, authentication was not enforced, allowing unauthorized users to retrieve flows. Now, regardless of the Loki `authToken` mode, only cluster administrators can retrieve flows. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2169468[*BZ#2169468*]) \ No newline at end of file diff --git a/modules/network-observability-release-notes-1-1-0-enhancements.adoc b/modules/network-observability-release-notes-1-1-0-enhancements.adoc index 475f4d648e..aa5096b1fb 100644 --- a/modules/network-observability-release-notes-1-1-0-enhancements.adoc +++ b/modules/network-observability-release-notes-1-1-0-enhancements.adoc @@ -1,11 +1,12 @@ // Module included in the following assemblies: -// * network_observability/network-observability-release--operator-notes-1-1-0.adoc +// * network_observability/network-observability-release-notes-archive.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-release-notes-1-1-0-enhancements_{context}"] = Network observability 1.1.0 enhancements -The following advisory is available for the Network Observability Operator 1.1.0: +[role="_abstract"] +You can view the following advisory for the Network Observability Operator 1.1.0: * link:https://access.redhat.com/errata/RHSA-2023:0786[RHSA-2023:0786 Network Observability Operator Security Advisory Update] diff --git a/modules/network-observability-release-notes-1-2-0-advisory.adoc b/modules/network-observability-release-notes-1-2-0-advisory.adoc new file mode 100644 index 0000000000..5d3fd433c0 --- /dev/null +++ b/modules/network-observability-release-notes-1-2-0-advisory.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies: +// * network_observability/network-observability-operator-release-notes-archive.adoc + +:_mod-docs-content-type: REFERENCE +[id="network-observability-release-notes-1-2-0-advisory_{context}"] += Network observability 1.2.0 advisory + +[role="_abstract"] +You can view the following advisory for the Network Observability Operator 1.2.0 release. + +* https://access.redhat.com/errata/RHSA-2023:1817[RHSA-2023:1817 Network Observability Operator 1.2.0] \ No newline at end of file diff --git a/modules/network-observability-release-notes-1-2-0-bug-fixes.adoc b/modules/network-observability-release-notes-1-2-0-bug-fixes.adoc index 6e11aedf1e..8fc852580f 100644 --- a/modules/network-observability-release-notes-1-2-0-bug-fixes.adoc +++ b/modules/network-observability-release-notes-1-2-0-bug-fixes.adoc @@ -1,11 +1,13 @@ // Module included in the following assemblies: - -// * power_monitoring/network-observability-operator-release-notes-1-2-0.adoc +// * network_observability/network-observability-operator-release-notes-archive.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-release-notes-1-2-0-bug-fixes_{context}"] = Network observability 1.2.0 bug fixes +[role="_abstract"] +You can view the following fixed issues for the Network Observability Operator 1.2.0 release. + * Previously, after changing the `namespace` value in the FlowCollector spec, `eBPF` agent pods running in the previous namespace were not appropriately deleted. Now, the pods running in the previous namespace are appropriately deleted. (link:https://issues.redhat.com/browse/NETOBSERV-774[*NETOBSERV-774*]) * Previously, after changing the `caCert.name` value in the FlowCollector spec (such as in Loki section), FlowLogs-Pipeline pods and Console plug-in pods were not restarted, therefore they were unaware of the configuration change. Now, the pods are restarted, so they get the configuration change. (link:https://issues.redhat.com/browse/NETOBSERV-772[*NETOBSERV-772*]) diff --git a/modules/network-observability-release-notes-1-2-0-known-issues.adoc b/modules/network-observability-release-notes-1-2-0-known-issues.adoc new file mode 100644 index 0000000000..e65e8cdc64 --- /dev/null +++ b/modules/network-observability-release-notes-1-2-0-known-issues.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies: +// * network_observability/network-observability-operator-release-notes-archive.adoc + +:_mod-docs-content-type: REFERENCE +[id="network-observability-release-notes-1-2-0-known-issues_{context}"] += Network observability 1.2.0 known issues + +[role="_abstract"] +You can review the following issues and their workarounds, if available, to troubleshoot issues with the Network Observability Operator 1.2.0 release. + +* In the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate transition periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate transition. (link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*]) \ No newline at end of file diff --git a/modules/network-observability-release-notes-1-2-0-new-features-enhancements.adoc b/modules/network-observability-release-notes-1-2-0-new-features-enhancements.adoc index 46c3462657..9cd35d0a80 100644 --- a/modules/network-observability-release-notes-1-2-0-new-features-enhancements.adoc +++ b/modules/network-observability-release-notes-1-2-0-new-features-enhancements.adoc @@ -1,16 +1,13 @@ // Module included in the following assemblies: -// * power_monitoring/network-observability-operator-release-notes-1-2-0.adoc + +// * observability/network-observability-operator-release-notes-archive.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-release-notes-new-features-enhancements-1-2-0_{context}"] = Network observability 1.2.0 new features and enhancements -This release of network observability and the Network Observability Operator includes the following new features and enhancements: - -[id="network-observability-operator-preparing-to-update_{context}"] -== Preparing for the next update - -The subscription of an installed Operator specifies an update channel that tracks and receives updates for the Operator. Until the 1.2 release of the Network Observability Operator, the only channel available was `v1.0.x`. The 1.2 release of the Network Observability Operator introduces the `stable` update channel for tracking and receiving updates. You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in a following release. +[role="_abstract"] +You can view the following new features and enhancements for the Network Observability Operator 1.2.0 release. [id="histogram-feature-1-2_{context}"] == Histogram in Traffic Flows view @@ -25,4 +22,4 @@ You can now query flows by *Log Type*, which enables grouping network flows that [id="health-alerts-feature-1-2_{context}"] == Network observability health alerts -The Network Observability Operator now creates automatic alerts if the `flowlogs-pipeline` is dropping flows because of errors at the write stage or if the Loki ingestion rate limit has been reached. For more information, see "Health dashboards". \ No newline at end of file +The Network Observability Operator now creates automatic alerts if the `flowlogs-pipeline` is dropping flows because of errors at the write stage or if the Loki ingestion rate limit has been reached. For more information, see "Health dashboards". diff --git a/modules/network-observability-release-notes-1-2-0-notable-technical-changes.adoc b/modules/network-observability-release-notes-1-2-0-notable-technical-changes.adoc new file mode 100644 index 0000000000..50499a3586 --- /dev/null +++ b/modules/network-observability-release-notes-1-2-0-notable-technical-changes.adoc @@ -0,0 +1,18 @@ +// Module included in the following assemblies: +// * network_observability/network-observability-operator-release-notes-archive.adoc + +:_mod-docs-content-type: REFERENCE +[id="network-observability-release-notes-1-2-0-notable-technical-changes_{context}"] += Network observability 1.2.0 notable technical changes + +[role="_abstract"] +The Network Observability Operator 1.2.0 release requires installation in the `openshift-netobserv-operator` namespace due to new technical changes. Users who previously used a custom namespace must delete the old instance and reinstall the Operator. + +Previously, you could install the Network Observability Operator using a custom namespace. This release introduces the `conversion webhook` which changes the `ClusterServiceVersion`. Because of this change, all the available namespaces are no longer listed. Additionally, to enable Operator metrics collection, namespaces that are shared with other Operators, like the `openshift-operators` namespace, cannot be used. + +Now, the Operator must be installed in the `openshift-netobserv-operator` namespace. + +You cannot automatically upgrade to the new Operator version if you previously installed the Network Observability Operator using a custom namespace. If you previously installed the Operator using a custom namespace, you must delete the instance of the Operator that was installed and re-install your operator in the `openshift-netobserv-operator` namespace. It is important to note that custom namespaces, such as the commonly used `netobserv` namespace, are still possible for the `FlowCollector`, Loki, Kafka, and other plug-ins. + + * link:https://issues.redhat.com/browse/NETOBSERV-907[*NETOBSERV-907*] + * link:https://https://issues.redhat.com/browse/NETOBSERV-956[*NETOBSERV-956*] \ No newline at end of file diff --git a/modules/network-observability-release-notes-1-2-0-preparing-for-next-update.adoc b/modules/network-observability-release-notes-1-2-0-preparing-for-next-update.adoc new file mode 100644 index 0000000000..a81fd266de --- /dev/null +++ b/modules/network-observability-release-notes-1-2-0-preparing-for-next-update.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies: +// * network_observability/network-observability-release-notes-archive.adoc + +:_mod-docs-content-type: REFERENCE +[id="network-observability-release-notes-1-2-0-preparing-for-next-update_{context}"] += Network observability release notes 1.2.0 preparing for the next update + +[role="_abstract"] +Switch the Network Observability Operator's update channel from the deprecated `v1.0.x` to the `stable` channel to continue receiving future releases and updates. + +The subscription of an installed Operator specifies an update channel that tracks and receives updates for the Operator. Until the 1.2 release of the Network Observability Operator, the only channel available was `v1.0.x`. The 1.2 release of the Network Observability Operator introduces the `stable` update channel for tracking and receiving updates. You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in a following release. \ No newline at end of file diff --git a/modules/network-observability-release-notes-1-9-2-bug-fixes.adoc b/modules/network-observability-release-notes-1-9-2-bug-fixes.adoc index e2d0e5dc95..caabd9f61a 100644 --- a/modules/network-observability-release-notes-1-9-2-bug-fixes.adoc +++ b/modules/network-observability-release-notes-1-9-2-bug-fixes.adoc @@ -1,5 +1,5 @@ // Module included in the following assemblies: -// * network_observability/network-observability-release-notes-1-9-2.adoc +// * network_observability/network-observability-release-notes-archive.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-release-notes-1-9-2-bug-fixes_{context}"] diff --git a/observability/network_observability/network-observability-operator-release-notes.adoc b/observability/network_observability/network-observability-operator-release-notes.adoc index 355d84ae79..481b770f43 100644 --- a/observability/network_observability/network-observability-operator-release-notes.adoc +++ b/observability/network_observability/network-observability-operator-release-notes.adoc @@ -714,56 +714,4 @@ The release of Network Observability Operator 1.3 deprecates the `spec.Loki.auth * Since the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate change periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate change. This issue has only been observed in large-scale environments of 120 nodes or greater.(link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*]) -* When you install the Operator, a warning kernel taint can appear. The reason for this error is that the network observability eBPF agent has memory constraints that prevent preallocating the entire hashmap table. The Operator eBPF agent sets the `BPF_F_NO_PREALLOC` flag so that pre-allocation is disabled when the hashmap is too memory expansive. - -[id="network-observability-operator-release-notes-1-2"] -== Network Observability Operator 1.2.0 -The following advisory is available for the Network Observability Operator 1.2.0: - -* https://access.redhat.com/errata/RHSA-2023:1817[RHSA-2023:1817 Network Observability Operator 1.2.0] - -[id="network-observability-operator-preparing-to-update"] -=== Preparing for the next update -The subscription of an installed Operator specifies an update channel that tracks and receives updates for the Operator. Until the 1.2 release of the Network Observability Operator, the only channel available was `v1.0.x`. The 1.2 release of the Network Observability Operator introduces the `stable` update channel for tracking and receiving updates. You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in a following release. - -[id="network-observability-operator-1.2.0-features-enhancements"] -=== New features and enhancements - -[id="histogram-feature-1.2"] -==== Histogram in Traffic Flows view -* You can now choose to show a histogram bar chart of flows over time. The histogram enables you to visualize the history of flows without hitting the Loki query limit. For more information, see xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-histogram-trafficflow_nw-observe-network-traffic[Using the histogram]. - -[id="conversation-tracking-feature-1.2"] -==== Conversation tracking -* You can now query flows by *Log Type*, which enables grouping network flows that are part of the same conversation. For more information, see xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversations]. - -[id="health-alerts-feature-1.2"] -==== Network observability health alerts -* The Network Observability Operator now creates automatic alerts if the `flowlogs-pipeline` is dropping flows because of errors at the write stage or if the Loki ingestion rate limit has been reached. For more information, see xref:../../observability/network_observability/network-observability-operator-monitoring.adoc#network-observability-health-dashboard-overview_network_observability[Health dashboards]. - -[id="network-observability-operator-1.2.0-bug-fixes"] -=== Bug fixes - -* Previously, after changing the `namespace` value in the FlowCollector spec, `eBPF` agent pods running in the previous namespace were not appropriately deleted. Now, the pods running in the previous namespace are appropriately deleted. (link:https://issues.redhat.com/browse/NETOBSERV-774[*NETOBSERV-774*]) - -* Previously, after changing the `caCert.name` value in the FlowCollector spec (such as in Loki section), FlowLogs-Pipeline pods and Console plug-in pods were not restarted, therefore they were unaware of the configuration change. Now, the pods are restarted, so they get the configuration change. (link:https://issues.redhat.com/browse/NETOBSERV-772[*NETOBSERV-772*]) - -* Previously, network flows between pods running on different nodes were sometimes not correctly identified as being duplicates because they are captured by different network interfaces. This resulted in over-estimated metrics displayed in the console plug-in. Now, flows are correctly identified as duplicates, and the console plug-in displays accurate metrics. (link:https://issues.redhat.com/browse/NETOBSERV-755[*NETOBSERV-755*]) - -* The "reporter" option in the console plug-in is used to filter flows based on the observation point of either source node or destination node. Previously, this option mixed the flows regardless of the node observation point. This was due to network flows being incorrectly reported as Ingress or Egress at the node level. Now, the network flow direction reporting is correct. The "reporter" option filters for source observation point, or destination observation point, as expected. (link:https://issues.redhat.com/browse/NETOBSERV-696[*NETOBSERV-696*]) - -* Previously, for agents configured to send flows directly to the processor as gRPC+protobuf requests, the submitted payload could be too large and is rejected by the processors' GRPC server. This occurred under very-high-load scenarios and with only some configurations of the agent. The agent logged an error message, such as: _grpc: received message larger than max_. As a consequence, there was information loss about those flows. Now, the gRPC payload is split into several messages when the size exceeds a threshold. As a result, the server maintains connectivity. (link:https://issues.redhat.com/browse/NETOBSERV-617[*NETOBSERV-617*]) - -[id="network-observability-operator-1.2.0-known-issues"] -=== Known issue -* In the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate transition periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate transition. (link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*]) - -[id="network-observability-operator-1.2.0-notable-technical-changes"] -=== Notable technical changes -* Previously, you could install the Network Observability Operator using a custom namespace. This release introduces the `conversion webhook` which changes the `ClusterServiceVersion`. Because of this change, all the available namespaces are no longer listed. Additionally, to enable Operator metrics collection, namespaces that are shared with other Operators, like the `openshift-operators` namespace, cannot be used. Now, the Operator must be installed in the `openshift-netobserv-operator` namespace. You cannot automatically upgrade to the new Operator version if you previously installed the Network Observability Operator using a custom namespace. If you previously installed the Operator using a custom namespace, you must delete the instance of the Operator that was installed and re-install your operator in the `openshift-netobserv-operator` namespace. It is important to note that custom namespaces, such as the commonly used `netobserv` namespace, are still possible for the `FlowCollector`, Loki, Kafka, and other plug-ins. (link:https://issues.redhat.com/browse/NETOBSERV-907[*NETOBSERV-907*])(link:https://https://issues.redhat.com/browse/NETOBSERV-956[*NETOBSERV-956*]) - -[id="network-observability-operatpr-1-1"] -== Network Observability Operator 1.1 -include::modules/network-observability-release-notes-1-1-0-enhancements.adoc[leveloffset=+1] - -include::modules/network-observability-release-notes-1-1-0-bug-fixes.adoc[leveloffset=+1] \ No newline at end of file +* When you install the Operator, a warning kernel taint can appear. The reason for this error is that the network observability eBPF agent has memory constraints that prevent preallocating the entire hashmap table. The Operator eBPF agent sets the `BPF_F_NO_PREALLOC` flag so that pre-allocation is disabled when the hashmap is too memory expansive. \ No newline at end of file diff --git a/observability/network_observability/release_notes/_attributes b/observability/network_observability/release_notes/_attributes new file mode 120000 index 0000000000..bf7c2529fd --- /dev/null +++ b/observability/network_observability/release_notes/_attributes @@ -0,0 +1 @@ +../../../_attributes/ \ No newline at end of file diff --git a/observability/network_observability/release_notes/images b/observability/network_observability/release_notes/images new file mode 120000 index 0000000000..4399cbb3c0 --- /dev/null +++ b/observability/network_observability/release_notes/images @@ -0,0 +1 @@ +../../../images/ \ No newline at end of file diff --git a/observability/network_observability/release_notes/modules b/observability/network_observability/release_notes/modules new file mode 120000 index 0000000000..7e8b50bee7 --- /dev/null +++ b/observability/network_observability/release_notes/modules @@ -0,0 +1 @@ +../../../modules/ \ No newline at end of file diff --git a/observability/network_observability/release_notes/network-observability-operator-release-notes.adoc b/observability/network_observability/release_notes/network-observability-operator-release-notes.adoc new file mode 100644 index 0000000000..6ec3b0b274 --- /dev/null +++ b/observability/network_observability/release_notes/network-observability-operator-release-notes.adoc @@ -0,0 +1,17 @@ +//Network Observability Operator Release Notes +:_mod-docs-content-type: ASSEMBLY +[id="network-observability-operator-release-notes"] += Network Observability Operator release notes + +:context: network-observability-operator-release-notes +include::_attributes/common-attributes.adoc[] + +toc::[] + +With the Network Observability Operator, administrators can observe and analyze network traffic flows for {product-title} clusters. + +These release notes track the development of the Network Observability Operator in the {product-title}. + +For an overview of the Network Observability Operator, see xref:../../../observability/network_observability/network-observability-overview.adoc#network-observability-operator_network-observability-overview[Network Observability Operator]. + +include::modules/network-observability-operator-release-notes-1-9-3-advisory.adoc[leveloffset=+1] \ No newline at end of file diff --git a/observability/network_observability/release_notes/snippets b/observability/network_observability/release_notes/snippets new file mode 120000 index 0000000000..ce62fd7c41 --- /dev/null +++ b/observability/network_observability/release_notes/snippets @@ -0,0 +1 @@ +../../../snippets/ \ No newline at end of file diff --git a/observability/network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc b/observability/network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc index 6fec4d7ad4..8cd96ce9ad 100644 --- a/observability/network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc +++ b/observability/network_observability/release_notes_archive/network-observability-operator-release-notes-archive.adoc @@ -20,10 +20,34 @@ include::modules/network-observability-operator-release-notes-1-9-2-advisory.ado include::modules/network-observability-release-notes-1-9-2-bug-fixes.adoc[leveloffset=+1] +//netobserv 1.9.1 +//netobserv 1.9.0 +//netobserv 1.8.1 +//netobserv 1.8.0 +//netobserv 1.7.0 +//netobserv 1.6.2 +//netobserv 1.6.1 +//netobserv 1.6.0 +//netobserv 1.5.0 +//netobserv 1.4.2 +//netobserv 1.4.1 +//netobserv 1.3.0 + +//It might make sense to have each release version start with some kind of overview at [leveloffset=+1] and then each module be [leveloffset=+2]. Also wonder if that is worth the effort if release-notes-archive is not migrated since the versions don't apply because the Network Observability Operator is a follows a rolling stream release. +//Something to ponder while working through modularizing the rest of the release notes. + +include::modules/network-observability-release-notes-1-2-0-preparing-for-next-update.adoc[leveloffset=+1] + +include::modules/network-observability-release-notes-1-2-0-advisory.adoc[leveloffset=+1] + include::modules/network-observability-release-notes-1-2-0-new-features-enhancements.adoc[leveloffset=+1] include::modules/network-observability-release-notes-1-2-0-bug-fixes.adoc[leveloffset=+1] +include::modules/network-observability-release-notes-1-2-0-known-issues.adoc[leveloffset=+1] + +include::modules/network-observability-release-notes-1-2-0-notable-technical-changes.adoc[leveloffset=+1] + include::modules/network-observability-release-notes-1-1-0-enhancements.adoc[leveloffset=+1] include::modules/network-observability-release-notes-1-1-0-bug-fixes.adoc[leveloffset=+1]