Merge pull request #62901 from skrthomas/OSDOCS-6035

OSDOCS-6035: Network Observability w/o Loki

Author: skrthomas

images/check-solid.png

@@ -4,7 +4,7 @@
 
 :_content-type: PROCEDURE
 [id="network-observability-auth-mutli-tenancy_{context}"]
-= Configure authorization and multi-tenancy
+= Configuring authorization and multi-tenancy
 Define `ClusterRole` and `ClusterRoleBinding`. The `netobserv-reader` `ClusterRole` enables multi-tenancy and allows individual user access, or group access, to the flows stored in Loki. You can create a YAML file to define these roles.  
 
 .Procedure

images/x-solid.png

@@ -5,54 +5,22 @@
 :_content-type: PROCEDURE
 [id="network-observability-loki-installation_{context}"]
 = Installing the Loki Operator
-It is recommended to install link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7], This version provides the ability to create a LokiStack instance using the `openshift-network` tenant configuration mode. It also provides fully automatic, in-cluster authentication and authorization support for Network Observability.
+The link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator versions 5.7+] are the supported Loki Operator versions for Network Observabilty; these versions provide the ability to create a `LokiStack` instance using the `openshift-network` tenant configuration mode and provide fully-automatic, in-cluster authentication and authorization support for Network Observability. There are several ways you can install Loki. One way is by using the {product-title} web console Operator Hub. 
 
 .Prerequisites
 
 * Supported Log Store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation)
-* {product-title} 4.10+.
-* Linux Kernel 4.18+.
-
-//* <Any Loki install prerequisites for using with Network Observability operator?>
-
-There are several ways you can install Loki. One way you can install the Loki Operator is by using the {product-title} web console Operator Hub.
-
+* {product-title} 4.10+
+* Linux Kernel 4.18+
 
 .Procedure
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+. Choose  *Loki Operator* from the list of available Operators, and click *Install*.
+. Under *Installation Mode*, select *All namespaces on the cluster*.
 
-. Install the `Loki Operator` Operator:
-
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-.. Choose  *Loki Operator* from the list of available Operators, and click *Install*.
-
-.. Under *Installation Mode*, select *All namespaces on the cluster*.
-
-.. Verify that you installed the Loki Operator. Visit the *Operators* → *Installed Operators* page and look for *Loki Operator*.
-
-.. Verify that *Loki Operator* is listed with *Status* as *Succeeded* in all the projects.
-+
-. Create a `Secret` YAML file. You can create this secret in the web console or CLI.
-.. Using the web console, navigate to the *Project* -> *All Projects* dropdown and select *Create Project*. Name the project `netobserv` and click *Create*.
-.. Navigate to the Import icon, *+*, in the top right corner. Drop your YAML file into the editor. It is important to create this YAML file in the `netobserv` namespace that uses the `access_key_id` and `access_key_secret` to specify your credentials. 
-
-.. Once you create the secret, you should see it listed under *Workloads* -> *Secrets* in the web console.
-+
-The following shows an example secret YAML file:
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: loki-s3
-  namespace: netobserv
-stringData:
-  access_key_id: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK
-  access_key_secret: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=
-  bucketnames: s3-bucket-name
-  endpoint: https://s3.eu-central-1.amazonaws.com
-  region: eu-central-1
-----
+.Verification
+. Verify that you installed the Loki Operator. Visit the *Operators* → *Installed Operators* page and look for *Loki Operator*.
+. Verify that *Loki Operator* is listed with *Status* as *Succeeded* in all the projects.
 
 [IMPORTANT]
 ====

modules/network-observability-auth-multi-tenancy.adoc

@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/installing-operators.adoc
+
+:_content-type: PROCEDURE
+[id="network-observability-loki-secret_{context}"]
+= Creating a secret for Loki storage
+The Loki Operator supports a few log storage options, such as AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation. The following example shows how to create a secret for AWS S3 storage. The secret created in this example, `loki-s3`, is referenced in "Creating a LokiStack resource". You can create this secret in the web console or CLI.
+
+. Using the web console, navigate to the *Project* -> *All Projects* dropdown and select *Create Project*. Name the project `netobserv` and click *Create*.
+. Navigate to the Import icon, *+*, in the top right corner. Paste your YAML file into the editor. It is important to create this YAML file in the `netobserv` namespace that uses the `access_key_id` and `access_key_secret` to specify your credentials. 
++
+The following shows an example secret YAML file for S3 storage:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loki-s3
+  namespace: netobserv   <1>
+stringData:
+  access_key_id: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK
+  access_key_secret: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=
+  bucketnames: s3-bucket-name
+  endpoint: https://s3.eu-central-1.amazonaws.com
+  region: eu-central-1
+----
+<1> The installation examples in this documentation use the same namespace, `netobserv`, across all components. You can optionally use a different namespace for the different components
+
+.Verification
+* Once you create the secret, you should see it listed under *Workloads* -> *Secrets* in the web console.

modules/network-observability-loki-install.adoc

@@ -4,8 +4,8 @@
 
 :_content-type: PROCEDURE
 [id="network-observability-lokistack-create_{context}"]
-= Create a LokiStack custom resource 
-It is recommended to deploy the LokiStack in the same namespace referenced by the FlowCollector specification, `spec.namespace`. You can use the web console or CLI to create a namespace, or new project. 
+= Creating a LokiStack custom resource 
+It is recommended to deploy the LokiStack in the same namespace referenced by the `FlowCollector` specification, `spec.namespace`. You can use the web console or CLI to create a namespace, or new project. 
 
 .Procedure
 

modules/network-observability-loki-secret.adoc

@@ -4,7 +4,7 @@
 
 :_content-type: PROCEDURE
 [id="network-observability-multi-tenancy{context}"]
-= Enable multi-tenancy in Network Observability
+= Enabling multi-tenancy in Network Observability
 Multi-tenancy in the Network Observability Operator allows and restricts individual user access, or group access, to the flows stored in Loki. Access is enabled for project admins. Project admins who have limited access to some namespaces can access flows for only those namespaces.
 
 .Prerequisite

modules/network-observability-lokistack-create.adoc

@@ -9,7 +9,7 @@ You can install the Network Observability Operator using the {product-title} web
 
 .Prerequisites
 
-* Installed Loki. It is recommended to install Loki using the link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7].
+* If you choose to use Loki, install the link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7+].
 * One of the following supported architectures is required: `amd64`, `ppc64le`, `arm64`, or `s390x`.
 * Any CPU supported by Red Hat Enterprise Linux (RHEL) 9
 
@@ -36,6 +36,7 @@ This documentation assumes that your `LokiStack` instance name is `loki`. Using
 *** *certFile*: `service-ca.crt`, *name*: `kafka-gateway-ca-bundle`, and *type*: `configmap`.
 +
 You can also configure this option at a later time by directly editing the YAML. For more information, see _Export enriched network flow data_.
+* *loki.enable*: Set to `true`.
 * *loki.url*: Since authentication is specified separately, this URL needs to be updated to `https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network`. The first part of the URL, "loki", should match the name of your LokiStack.
 * *loki.statusUrl*: Set this to `https://loki-query-frontend-http.netobserv.svc:3100/`. The first part of the URL, "loki", should match the name of your LokiStack.
 * *loki.authToken*: Select the `FORWARD` value.

modules/network-observability-multitenancy.adoc

@@ -0,0 +1,19 @@
+// module included in the following assemblies:
+// networking/network_observability/installing-operators.adoc
+
+:_content-type: REFERENCE
+[id="network-observability-without-loki_{context}"]
+= Network Observability without Loki
+You can use Network Observability without Loki by not performing the Loki installation steps in the following section and instead using exporters, such as Kafka or IPFIX. The following table compares available features with and without Loki:
+
+.Comparison of feature availability with and without Loki
+[options="header"]
+|===
+|                                     | *With Loki* | *Without Loki* 
+| *Exporters*                         | image:check-solid.png[,10]  | image:check-solid.png[,10]      
+| *Flow-based dashboards*             | image:check-solid.png[,10] | image:check-solid.png[,10]       
+| *Traffic Flow Overview, Table and Topology views* | image:check-solid.png[,10] | image:x-solid.png[,10]     
+| *Quick Filters*                     | image:check-solid.png[,10] | image:x-solid.png[,10]    
+| *{product-title} console Network Traffic tab integration* | image:check-solid.png[,10] | image:x-solid.png[,10]
+|===
+

modules/network-observability-operator-install.adoc

@@ -5,20 +5,28 @@ include::_attributes/common-attributes.adoc[]
 :context: network_observability
 
 toc::[]
-Installing Loki is a prerequisite for using the Network Observability Operator. It is recommended to install Loki using the Loki Operator; therefore, these steps are documented below prior to the Network Observability Operator installation.
+Installing Loki is a recommended prerequisite for using the Network Observability Operator. You can choose to use xref:../../networking/network_observability/installing-operators.adoc#network-observability-without-loki_network_observability[Network Observability without Loki], but there are some considerations for doing this, described in the previously linked section.
 
-The Loki Operator integrates a gateway that implements multi-tenancy & authentication with Loki for data flow storage. The *LokiStack* resource manages *Loki*, which is a scalable, highly-available, multi-tenant log aggregation system, and a web proxy with {product-title} authentication. The *LokiStack* proxy uses {product-title} authentication to enforce multi-tenancy and facilitate the saving and indexing of data in *Loki* log stores. 
+The Loki Operator integrates a gateway that implements multi-tenancy and authentication with Loki for data flow storage. The `LokiStack` resource manages Loki, which is a scalable, highly-available, multi-tenant log aggregation system, and a web proxy with {product-title} authentication. The `LokiStack` proxy uses {product-title} authentication to enforce multi-tenancy and facilitate the saving and indexing of data in Loki log stores. 
 
 [NOTE]
 ====
 The Loki Operator can also be used for xref:../../logging/cluster-logging-loki.adoc#cluster-logging-loki[Logging with the LokiStack]. The Network Observability Operator requires a dedicated LokiStack separate from Logging.
 ====
 
+include::modules/network-observability-without-loki.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
+
 include::modules/network-observability-loki-install.adoc[leveloffset=+1]
+include::modules/network-observability-loki-secret.adoc[leveloffset=+2]
 include::modules/network-observability-lokistack-create.adoc[leveloffset=+2]
 include::modules/network-observability-lokistack-ingestion-query.adoc[leveloffset=+2]
 include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+1]
 include::modules/network-observability-multitenancy.adoc[leveloffset=+1]
+
 include::modules/network-observability-kafka-option.adoc[leveloffset=+1]
 include::modules/network-observability-operator-install.adoc[leveloffset=+1]