Regenerate docs (#2020)

Author: jotak

api/flowcollector/v1beta2/flowcollector_types.go

@@ -363,10 +363,8 @@ type FlowCollectorEBPF struct {
 	// `logLevel` defines the log level for the NetObserv eBPF Agent
 	LogLevel string `json:"logLevel,omitempty"`
 
-	// Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
-	// granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
-	// If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
-	// is in use, then you can turn on this mode for more global privileges.
+	// Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces.
+	// When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
 	// Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.
 	// +optional
 	Privileged bool `json:"privileged,omitempty"`

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -1556,10 +1556,8 @@ spec:
                         type: object
                       privileged:
                         description: |-
-                          Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
-                          granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
-                          If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
-                          is in use, then you can turn on this mode for more global privileges.
+                          Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces.
+                          When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
                           Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.
                         type: boolean
                       resources:

config/crd/bases/flows.netobserv.io_flowcollectors.yaml

@@ -1434,10 +1434,8 @@ spec:
                           type: object
                         privileged:
                           description: |-
-                            Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
-                            granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
-                            If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
-                            is in use, then you can turn on this mode for more global privileges.
+                            Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces.
+                            When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
                             Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.
                           type: boolean
                         resources:

docs/FlowCollector.md

@@ -363,10 +363,8 @@ Otherwise it is matched as a case-sensitive string.<br/>
         <td><b>privileged</b></td>
         <td>boolean</td>
         <td>
-          Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
-granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
-If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
-is in use, then you can turn on this mode for more global privileges.
+          Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces.
+When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
 Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.<br/>
         </td>
         <td>false</td>

docs/flowcollector-flows-netobserv-io-v1beta2.adoc

@@ -118,7 +118,7 @@ Kafka can provide better scalability, resiliency, and high availability (for mor
 
 | `networkPolicy`
 | `object`
-| `networkPolicy` defines ingress network policy settings for Network Observability components isolation.
+| `networkPolicy` defines network policy settings for Network Observability components isolation.
 
 | `processor`
 | `object`
@@ -206,15 +206,14 @@ Otherwise it is matched as a case-sensitive string.
 | List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are: +
 
 - `PacketDrop`: Enable the packets drop flows logging feature. This feature requires mounting
-the kernel debug filesystem, so the eBPF agent pods must run as privileged.
-If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported. +
+the kernel debug filesystem, so the eBPF agent pods must run as privileged via `spec.agent.ebpf.privileged`. +
 
 - `DNSTracking`: Enable the DNS tracking feature. +
 
 - `FlowRTT`: Enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic. +
 
 - `NetworkEvents`: Enable the network events monitoring feature, such as correlating flows and network policies.
-This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
+This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged via `spec.agent.ebpf.privileged`.
 It requires using the OVN-Kubernetes network plugin with the Observability feature.
 IMPORTANT: This feature is available as a Technology Preview. +
 
@@ -224,7 +223,7 @@ IMPORTANT: This feature is available as a Technology Preview. +
 
 - `UDNMapping`: Enable interfaces mapping to User Defined Networks (UDN).  +
 
-This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
+This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged via `spec.agent.ebpf.privileged`.
 It requires using the OVN-Kubernetes network plugin with the Observability feature.  +
 
 - `IPSec`, to track flows between nodes with IPsec encryption.  +
@@ -259,10 +258,8 @@ Otherwise it is matched as a case-sensitive string.
 
 | `privileged`
 | `boolean`
-| Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets
-granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
-If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF
-is in use, then you can turn on this mode for more global privileges.
+| Privileged mode for the eBPF Agent container. When set to `true`, the agent is able to capture more traffic, including from secondary interfaces.
+When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN) to the container.
 Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support.
 
 | `resources`
@@ -272,7 +269,7 @@ For more information, see https://kubernetes.io/docs/concepts/configuration/mana
 
 | `sampling`
 | `integer`
-| Sampling ratio of the eBPF probe. 100 means one packet on 100 is sent. 0 or 1 means all packets are sampled.
+| Sampling interval of the eBPF probe. 100 means one packet on 100 is sent. 0 or 1 means all packets are sampled.
 
 |===
 == .spec.agent.ebpf.advanced
@@ -457,7 +454,7 @@ To change the default, you can define a rule that accepts everything: `{ action:
 
 | `sampling`
 | `integer`
-| `sampling` is the sampling ratio for the matched packets, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
+| `sampling` is the sampling interval for the matched packets, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
 
 | `sourcePorts`
 | `integer-or-string`
@@ -559,7 +556,7 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
 
 | `sampling`
 | `integer`
-| `sampling` is the sampling ratio for the matched packets, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
+| `sampling` is the sampling interval for the matched packets, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
 
 | `sourcePorts`
 | `integer-or-string`
@@ -2015,6 +2012,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `excludeLabels`
+| `array (string)`
+| `excludeLabels` is a list of fields to be excluded from the list of Loki labels. [Unsupported (*)].
+
 | `staticLabels`
 | `object (string)`
 | `staticLabels` is a map of common labels to set on each flow in Loki storage.
@@ -2650,7 +2651,7 @@ If the namespace is different, the config map or the secret is copied so that it
 Description::
 +
 --
-`networkPolicy` defines ingress network policy settings for Network Observability components isolation.
+`networkPolicy` defines network policy settings for Network Observability components isolation.
 --
 
 Type::
@@ -2673,7 +2674,7 @@ configuration, you can disable it and install your own instead.
 | `boolean`
 | Set `enable` to `true` to deploy network policies on the namespaces used by Network Observability (main and privileged). It is disabled by default.
 These network policies better isolate the Network Observability components to prevent undesired connections to them.
-To increase the security of connections, enable this option or create your own network policy.
+This option is enabled by default, disable it to manually manage network policies
 
 |===
 == .spec.processor
@@ -2989,7 +2990,7 @@ Type::
 
 | `sampling`
 | `integer`
-| `sampling` is the sampling ratio when deduper `mode` is `Sample`. For example, a value of `50` means that 1 flow in 50 is sampled.
+| `sampling` is the sampling interval when deduper `mode` is `Sample`. For example, a value of `50` means that 1 flow in 50 is sampled.
 
 |===
 == .spec.processor.filters
@@ -3034,7 +3035,7 @@ Type::
 
 | `sampling`
 | `integer`
-| `sampling` is an optional sampling ratio to apply to this filter. For example, a value of `50` means that 1 matching flow in 50 is sampled.
+| `sampling` is an optional sampling interval to apply to this filter. For example, a value of `50` means that 1 matching flow in 50 is sampled.
 
 |===
 == .spec.processor.kafkaConsumerAutoscaler
@@ -3068,15 +3069,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `alerts`
+| `array`
+| `alerts` is a list of alerts to be created for Prometheus AlertManager, organized by templates and variants [Unsupported (*)].
+This is currently an experimental feature behind a feature gate. To enable, edit `spec.processor.advanced.env` by adding `EXPERIMENTAL_ALERTS_HEALTH` set to `true`.
+More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
+
 | `disableAlerts`
 | `array (string)`
-| `disableAlerts` is a list of alerts that should be disabled.
-Possible values are: +
-
-`NetObservNoFlows`, which is triggered when no flows are being observed for a certain period. +
-
-`NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors. +
-
+| `disableAlerts` is a list of alert groups that should be disabled from the default set of alerts.
+Possible values are: `NetObservNoFlows`, `NetObservLokiError`, `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
+`LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
 
 | `includeList`
 | `array (string)`
@@ -3095,6 +3099,140 @@ More information, with full list of available metrics: https://github.com/netobs
 | `object`
 | Metrics server endpoint configuration for Prometheus scraper
 
+|===
+== .spec.processor.metrics.alerts
+Description::
++
+--
+`alerts` is a list of alerts to be created for Prometheus AlertManager, organized by templates and variants [Unsupported (*)].
+This is currently an experimental feature behind a feature gate. To enable, edit `spec.processor.advanced.env` by adding `EXPERIMENTAL_ALERTS_HEALTH` set to `true`.
+More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
+--
+
+Type::
+  `array`
+
+
+
+
+== .spec.processor.metrics.alerts[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `template`
+  - `variants`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `template`
+| `string`
+| Alert template name.
+Possible values are: `PacketDropsByKernel`, `PacketDropsByDevice`, `IPsecErrors`, `NetpolDenied`,
+`LatencyHighTrend`, `DNSErrors`, `ExternalEgressHighTrend`, `ExternalIngressHighTrend`, `CrossAZ`.
+More information on alerts: https://github.com/netobserv/network-observability-operator/blob/main/docs/Alerts.md
+
+| `variants`
+| `array`
+| A list of variants for this template
+
+|===
+== .spec.processor.metrics.alerts[].variants
+Description::
++
+--
+A list of variants for this template
+--
+
+Type::
+  `array`
+
+
+
+
+== .spec.processor.metrics.alerts[].variants[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `thresholds`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `groupBy`
+| `string`
+| Optional grouping criteria, possible values are: `Node`, `Namespace`, `Workload`.
+
+| `lowVolumeThreshold`
+| `string`
+| The low volume threshold allows to ignore metrics with a too low volume of traffic, in order to improve signal-to-noise.
+It is provided as an absolute rate (bytes per second or packets per second, depending on the context).
+When provided, it must be parsable as a float.
+
+| `thresholds`
+| `object`
+| Thresholds of the alert per severity.
+They are expressed as a percentage of errors above which the alert is triggered. They must be parsable as floats.
+
+| `trendDuration`
+| `string`
+| For trending alerts, the duration interval for baseline comparison. For example, "2h" means comparing against a 2-hours average. Defaults to 2h.
+
+| `trendOffset`
+| `string`
+| For trending alerts, the time offset for baseline comparison. For example, "1d" means comparing against yesterday. Defaults to 1d.
+
+|===
+== .spec.processor.metrics.alerts[].variants[].thresholds
+Description::
++
+--
+Thresholds of the alert per severity.
+They are expressed as a percentage of errors above which the alert is triggered. They must be parsable as floats.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `critical`
+| `string`
+| Threshold for severity `critical`. Leave empty to not generate a Critical alert.
+
+| `info`
+| `string`
+| Threshold for severity `info`. Leave empty to not generate an Info alert.
+
+| `warning`
+| `string`
+| Threshold for severity `warning`. Leave empty to not generate a Warning alert.
+
 |===
 == .spec.processor.metrics.server
 Description::