openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-10882 [NETOBSERV] bpfman Support TP

Browse Source
This commit is contained in:
Gwynne Monahan
2025-05-02 14:14:40 -05:00
committed by openshift-cherrypick-robot
parent 3a74eda9af
commit e624800083
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
modules/network-observability-ebpf-manager-operator.adoc Normal file
View File

@@ -0,0 +1,38 @@
// Module included in the following assemblies:
//
// * network_observability/observing-network-traffic.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-ebpf-manager-operator_{context}"]
= Working with the eBPF Manager Operator
The eBPF Manager Operator reduces the attack surface and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability can use the eBPF Manager Operator to load hooks. As a result, you no longer need to provide the eBPF Agent with privileged mode or additional Linux capabilities such as `CAP_BPF` and `CAP_PERFMON`. The eBPF Manager Operator with network observability is only supported on 64-bit AMD architecture.
:FeatureName: eBPF Manager Operator with network observability
include::snippets/technology-preview.adoc[]
.Procedure
. In the web console, navigate to *Operators* -> *Operator Hub*.
. Install *eBPF Manager*.
. Check *Workloads* -> *Pods* in the `bpfman` namespace to make sure they are all up and running.
. Configure the `FlowCollector` custom resource to use the eBPF Manager Operator:
+
.Example `FlowCollector` configuration
[source,yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
agent:
ebpf:
features:
- EbpfManager
----
.Verification
. In the web console, navigate to *Operators* -> *Installed Operators*.
. Click *eBPF Manager Operator* -> *All instances* tab.
+
For each node, verify that a `BpfApplication` named `netobserv` and a pair of `BpfProgram` objects, one for Traffic Control (TCx) ingress and another for TCx egress, exist. If you enable other eBPF Agent features, you might have more objects.

8
observability/network_observability/observing-network-traffic.adoc
View File

@@ -69,6 +69,14 @@ include::modules/network-observability-working-with-conversations.adoc[leveloffs
include::modules/network-observability-packet-drops.adoc[leveloffset=+2]
include::modules/network-observability-dns-tracking.adoc[leveloffset=+2]
include::modules/network-observability-RTT.adoc[leveloffset=+2]
include::modules/network-observability-ebpf-manager-operator.adoc[leveloffset=+2]
//eBPF Manager Operator in OCP > Networking
[role="_additional-resources"]
.Additional resources
* xref:../../networking/networking_operators/ebpf_manager/ebpf-manager-operator-install.adoc[Installing the eBPF Manager Operator]
//Traffic flows continued
include::modules/network-observability-histogram-trafficflow.adoc[leveloffset=+2]
include::modules/network-observability-working-with-zones.adoc[leveloffset=+2]
include::modules/network-observability-filtering-ebpf-rule.adoc[leveloffset=+2]