post-release updates to netobserv docs

Author: skrthomas

modules/network-observability-dns-tracking.adoc

@@ -25,14 +25,15 @@ apiVersion: flows.netobserv.io/v1alpha1
 kind: FlowCollector
 metadata:
   name: cluster
-namespace: netobserv
+spec:
+  namespace: netobserv
   deploymentModel: DIRECT
   agent:
     type: EBPF
     ebpf:
       features:
-      - DNSTracking           <1>                       
-      privileged: true        <2>
+       - DNSTracking           <1>                       
+      privileged: true         <2>
 ----
 <1> You can set the `spec.agent.ebpf.features` parameter list to enable DNS tracking of each network flow in the web console.
 <2> Note that the `spec.agent.ebpf.privileged` specification value must be `true` for DNS tracking to be enabled.

modules/network-observability-flowcollector-kafka-config.adoc

@@ -5,14 +5,29 @@
 :_content-type: PROCEDURE
 [id="network-observability-flowcollector-kafka-config_{context}"]
 = Configuring the Flow Collector resource with Kafka
-You can configure the `FlowCollector` resource to use Kafka. A Kafka instance needs to be running, and a Kafka topic dedicated to {product-title} Network Observability must be created in that instance. For more information, refer to your Kafka documentation, such as link:https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/html/using_amq_streams_on_openshift/using-the-topic-operator-str[Kafka documentation with AMQ Streams].
+You can configure the `FlowCollector` resource to use Kafka for high-throughput and low-latency data feeds. A Kafka instance needs to be running, and a Kafka topic dedicated to {product-title} Network Observability must be created in that instance. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/html/using_amq_streams_on_openshift/using-the-topic-operator-str[Kafka documentation with AMQ Streams].
 
-The following example shows how to modify the `FlowCollector` resource for {product-title} Network Observability operator to use Kafka:
+.Prerequisites
+* Kafka is installed. Red Hat supports Kafka with AMQ Streams Operator.
+
+.Procedure
+. In the web console, navigate to *Operators* → *Installed Operators*.
+
+. Under the *Provided APIs* heading for the Network Observability Operator, select *Flow Collector*.
+
+. Select the cluster and then click the *YAML* tab.
+
+. Modify the `FlowCollector` resource for {product-title} Network Observability Operator to use Kafka, as shown in the following sample YAML:
 
 .Sample Kafka configuration in `FlowCollector` resource
 [id="network-observability-flowcollector-configuring-kafka-sample_{context}"]
 [source, yaml]
 ----
+apiVersion: flows.netobserv.io/v1beta1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
   deploymentModel: KAFKA                                    <1>
   kafka:
     address: "kafka-cluster-kafka-bootstrap.netobserv"      <2>

modules/network-observability-kafka-option.adoc

@@ -5,7 +5,7 @@
 :_content-type: CONCEPT
 [id="network-observability-kafka-option_{context}"]
 = Installing Kafka (optional)
-The Kafka Operator is supported for large scale environments. You can install the Kafka Operator as link:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2[Red Hat AMQ Streams] from the Operator Hub, just as the Loki Operator and Network Observability Operator were installed. 
+The Kafka Operator is supported for large scale environments. Kafka provides high-throughput and low-latency data feeds for forwarding network flow data in a more resilient, scalable way. You can install the Kafka Operator as link:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2[Red Hat AMQ Streams] from the Operator Hub, just as the Loki Operator and Network Observability Operator were installed. Refer to "Configuring the FlowCollector resource with Kafka" to configure Kafka as a storage option. 
 
 [NOTE]
 ====

modules/network-observability-operator-install.adoc

@@ -7,6 +7,11 @@
 = Installing the Network Observability Operator
 You can install the Network Observability Operator using the {product-title} web console Operator Hub. When you install the Operator,  it provides the `FlowCollector` custom resource definition (CRD). You can set specifications in the web console when you create the  `FlowCollector`.
 
+[IMPORTANT]
+====
+The actual memory consumption of the Operator depends on your cluster size and the number of resources deployed. Memory consumption might need to be adjusted accordingly. For more information refer to "Network Observability controller manager pod runs out of memory" in the "Important Flow Collector configuration considerations" section. 
+====
+
 .Prerequisites
 
 * If you choose to use Loki, install the link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7+].
@@ -25,26 +30,19 @@ This documentation assumes that your `LokiStack` instance name is `loki`. Using
 . Choose  *Network Observability Operator* from the list of available Operators in the *OperatorHub*, and click *Install*.
 . Select the checkbox `Enable Operator recommended cluster monitoring on this Namespace`.
 . Navigate to *Operators* -> *Installed Operators*. Under Provided APIs for Network Observability, select the *Flow Collector* link.
-.. Navigate to the *Flow Collector* tab, and click *Create FlowCollector*. Make the following selections in the form view:
-+
-* *spec.agent.ebpf.Sampling* : Specify a sampling size for flows. Lower sampling sizes will have higher impact on resource utilization. For more information, see the `FlowCollector` API reference, under spec.agent.ebpf.
-* *spec.deploymentModel*: If you are using Kafka, verify Kafka is selected.
-* *spec.exporters*: If you are using Kafka, you can optionally send network flows to Kafka, so that they can be consumed by any processor or storage that supports Kafka input, such as Splunk, Elasticsearch, or Fluentd. To do this, set the following specifications:
-** Set the *type* to `KAFKA`.
-** Set the *address* as `kafka-cluster-kafka-bootstrap.netobserv`.
-** Set the *topic* as `netobserv-flows-export`. The Operator exports all flows to the configured Kafka topic.
-** Set the following *tls* specifications:
-*** *certFile*: `service-ca.crt`, *name*: `kafka-gateway-ca-bundle`, and *type*: `configmap`.
-+
-You can also configure this option at a later time by directly editing the YAML. For more information, see _Export enriched network flow data_.
-* *loki.enable*: Set to `true`.
-* *loki.url*: Since authentication is specified separately, this URL needs to be updated to `https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network`. The first part of the URL, "loki", should match the name of your LokiStack.
-* *loki.statusUrl*: Set this to `https://loki-query-frontend-http.netobserv.svc:3100/`. The first part of the URL, "loki", should match the name of your LokiStack.
-* *loki.authToken*: Select the `FORWARD` value.
-* *tls.enable*: Verify that the box is checked so it is enabled.
-* *statusTls*: The `enable` value is false by default.
+. Navigate to the *Flow Collector* tab, and click *Create FlowCollector*. Make the following selections in the form view:
+.. *spec.agent.ebpf.Sampling*: Specify a sampling size for flows. Lower sampling sizes will have higher impact on resource utilization. For more information, see the "FlowCollector API reference", `spec.agent.ebpf`.
+.. If you are using Loki, set the following specifications:
+... *spec.loki.enable*: Select the check box to enable storing flows in Loki.
+... *spec.loki.url*: Since authentication is specified separately, this URL needs to be updated to `https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network`. The first part of the URL, "loki", must match the name of your `LokiStack`.
+... *spec.loki.authToken*: Select the `FORWARD` value.
+... *spec.loki.statusUrl*: Set this to `https://loki-query-frontend-http.netobserv.svc:3100/`. The first part of the URL, "loki", must match the name of your `LokiStack`.
+... *spec.loki.tls.enable*: Select the checkbox to enable TLS.
+... *spec.loki.statusTls*: The `enable` value is false by default.
 +
-For the first part of the certificate reference names: `loki-gateway-ca-bundle`, `loki-ca-bundle`, and `loki-query-frontend-http`,`loki`, should match the name of your `LokiStack`.
+For the first part of the certificate reference names: `loki-gateway-ca-bundle`, `loki-ca-bundle`, and `loki-query-frontend-http`,`loki`, must match the name of your `LokiStack`.
+.. Optional: If you are in a large-scale environment, consider configuring the `FlowCollector` with Kafka for forwarding data in a more resilient, scalable way. See "Configuring the Flow Collector resource with Kafka storage" in the "Important Flow Collector configuration considerations" section. 
+.. Optional: Configure other optional settings before the next step of creating the `FlowCollector`. For example, if you choose not to use Loki, then you can configure exporting flows to Kafka or IPFIX. See "Export enriched network flow data to Kafka and IPFIX" and more in the "Important Flow Collector configuration considerations" section.
 .. Click *Create*.
 
 .Verification

modules/network-observability-packet-drops.adoc

@@ -12,10 +12,6 @@ Packet loss occurs when one or more packets of network flow data fail to reach t
 CPU and memory usage increases when this feature is enabled.
 ====
 
-.Prerequisites
-* Access to an {product-title} cluster with version 4.13. 
-* Kernel supported by Red Hat Enterprise Linux (RHEL) 9.2.
-
 .Procedure
 . In the web console, navigate to *Operators* -> *Installed Operators*.
 . Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 

modules/network-observability-quickfilter.adoc

@@ -27,12 +27,11 @@ The default values in *Quick filters* drop-down menu are defined in the `FlowCol
 Advanced filters::
 You can set the advanced filters, *Common*, *Source*, or *Destination*, by selecting the parameter to be filtered from the dropdown list. The flow data is filtered based on the selection. To enable or disable the applied filter, you can click on the applied filter listed below the filter options.
 
+You can toggle between image:arrow-up-long-solid.png[,10] *One way* and image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filtering. The image:arrow-up-long-solid.png[,10] *One way* filter shows only *Source* and *Destination* traffic according to your filter selections. You can use *Swap* to change the directional view of the *Source* and *Destination* traffic. The image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filter includes return traffic with the *Source* and *Destination* filters. The directional flow of network traffic is shown in the *Direction* column in the Traffic flows table as `Ingress`or `Egress` for inter-node traffic and `Inner`for traffic inside a single node.
+
+You can click *Reset defaults* to remove the existing filters, and apply the filter defined in `FlowCollector` configuration.
+
 [NOTE]
 ====
 To understand the rules of specifying the text value, click *Learn More*.
 ====
-
-You can toggle between image:arrow-up-long-solid.png[,10] *One way* and image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filtering. The image:arrow-up-long-solid.png[,10] *One way* filter shows only *Source* and *Destination* traffic according to your filter selections. You can use *Swap* to change the directional view of the *Source* and *Destination* traffic. The image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filter includes return traffic with the *Source* and *Destination* filters.
-
-You can click *Reset defaults* to remove the existing filters, and apply the filter defined in `FlowCollector` configuration.
-

modules/network-observability-without-loki.adoc

@@ -4,14 +4,14 @@
 :_content-type: REFERENCE
 [id="network-observability-without-loki_{context}"]
 = Network Observability without Loki
-You can use Network Observability without Loki by not performing the Loki installation steps in the following section and instead using exporters, such as Kafka or IPFIX. The following table compares available features with and without Loki:
+You can use Network Observability without Loki by not performing the Loki installation steps and skipping directly to "Installing the Network Observability Operator". If you only want to export flows to a Kafka consumer or IPFIX collector, or you only need dashboard metrics, then you do not need to install Loki or provide storage for Loki.  Without Loki, there won't be a Network Traffic panel under Observe, which means there is no overview charts, flow table, or topology. The following table compares available features with and without Loki:
 
 .Comparison of feature availability with and without Loki
 [options="header"]
 |===
 |                                     | *With Loki* | *Without Loki* 
 | *Exporters*                         | image:check-solid.png[,10]  | image:check-solid.png[,10]      
-| *Flow-based dashboards*             | image:check-solid.png[,10] | image:check-solid.png[,10]       
+| *Flow-based metrics and dashboards*             | image:check-solid.png[,10] | image:check-solid.png[,10]       
 | *Traffic Flow Overview, Table and Topology views* | image:check-solid.png[,10] | image:x-solid.png[,10]     
 | *Quick Filters*                     | image:check-solid.png[,10] | image:x-solid.png[,10]    
 | *{product-title} console Network Traffic tab integration* | image:check-solid.png[,10] | image:x-solid.png[,10]

networking/network_observability/installing-operators.adoc

@@ -18,27 +18,48 @@ include::modules/network-observability-without-loki.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
+* xref:../network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
 
 include::modules/network-observability-loki-install.adoc[leveloffset=+1]
 include::modules/network-observability-loki-secret.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
-* For more information about the option to use different namespaces for the separate components, see the `spec.loki.tls.caCert.namespace` specification in the xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference] and callout number 5 in the xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
+* For more information about the option to use different namespaces for the separate components, see the `spec.loki.tls.caCert.namespace` specification in the xref:../../networking/network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference] and callout number 5 in the xref:../../networking/network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
 
 include::modules/network-observability-lokistack-create.adoc[leveloffset=+2]
 include::modules/network-observability-lokistack-ingestion-query.adoc[leveloffset=+2]
-include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+1]
-include::modules/network-observability-multitenancy.adoc[leveloffset=+1]
-
-include::modules/network-observability-kafka-option.adoc[leveloffset=+1]
+include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+2]
+include::modules/network-observability-multitenancy.adoc[leveloffset=+2]
 include::modules/network-observability-operator-install.adoc[leveloffset=+1]
 
+
+[role="_additional-resources"]
+[id="additional-resources_configuring-flow-collector-considerations"]
+== Important Flow Collector configuration considerations
+Once you create the `FlowCollector` instance, you can reconfigure it, but the pods are terminated and recreated again, which can be disruptive. Therefore, you can consider configuring the following options when creating the `FlowCollector` for the first time:
+
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-flowcollector-kafka-config_network_observability[Configuring the Flow Collector resource with Kafka]
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data to Kafka or IPFIX]
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[Configuring monitoring for SR-IOV interface traffic]
+* xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversation tracking]
+* xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-dns-tracking_nw-observe-network-traffic[Working with DNS tracking]
+* xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-packet-drops_nw-observe-network-traffic[Working with packet drops]
+
 [role="_additional-resources"]
 .Additional resources
-* For more information about Flow Collector specifications, see the xref:../../networking/network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference] and the xref:../../networking/network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
+For more general information about Flow Collector specifications and the Network Observability Operator architecture and resource use, see the following resources: 
 
-* For more information about exporting flow data to Kafka or IPFIX for third party processing consumption, see xref:../../networking/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
+* xref:../../networking/network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference]
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource]
+* xref:../../networking/network_observability/configuring-operator.adoc#network-observability-resources-table_network_observability[Resource considerations]
+* xref:../../networking/network_observability/troubleshooting-network-observability.adoc#controller-manager-pod-runs-out-of-memory_network-observability-troubleshooting[Troubleshooting Network Observability controller manager pod runs out of memory] 
+* xref:../../networking/network_observability/understanding-network-observability-operator.adoc#network-observability-architecture_nw-network-observability-operator[Network Observability architecture]
+
+
+include::modules/network-observability-kafka-option.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+xref:../../networking/network_observability/configuring-operator.adoc#network-observability-flowcollector-kafka-config_network_observability[Configuring the FlowCollector resource with Kafka].
 
 include::modules/network-observability-operator-uninstall.adoc[leveloffset=+1]