openshift-docs/modules/network-observability-ebpf-manager-operator.adoc

// Module included in the following assemblies:
//
// * network_observability/observing-network-traffic.adoc

:_mod-docs-content-type: PROCEDURE
[id="network-observability-ebpf-manager-operator_{context}"]
= Working with the eBPF Manager Operator

[role="_abstract"]
Integrate the eBPF Manager Operator with Network Observability to manage eBPF programs and reduce the need for privileged agent permissions.

The eBPF Manager Operator reduces the attack surface and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability can use the eBPF Manager Operator to load hooks. As a result, you no longer need to provide the eBPF Agent with privileged mode or additional Linux capabilities such as `CAP_BPF` and `CAP_PERFMON`. The eBPF Manager Operator with network observability is only supported on 64-bit AMD architecture.

:FeatureName: eBPF Manager Operator with network observability
include::snippets/technology-preview.adoc[]

.Procedure
. In the web console, navigate to *Ecosystem* -> *Operator Hub*.
. Install *eBPF Manager*.
. Check *Workloads* -> *Pods* in the `bpfman` namespace to make sure they are all up and running.
. Configure the `FlowCollector` custom resource to use the eBPF Manager Operator:
+
.Example `FlowCollector` configuration
[source,yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
  name: cluster
spec:
  agent:
    ebpf:
      features:
        - EbpfManager
----

.Verification
. In the web console, navigate to *Ecosystem* -> *Installed Operators*.
. Click *eBPF Manager Operator* -> *All instances* tab.
+
For each node, verify that a `BpfApplication` named `netobserv` and a pair of `BpfProgram` objects, one for Traffic Control (TCx) ingress and another for TCx egress, exist. If you enable other eBPF Agent features, you might have more objects.