Merge pull request #53713 from xenolinux/troubleshooting-no

OSDOCS#4604: Document troubleshooting Network Observability

Author: snarayan-redhat

_topic_maps/_topic_map.yml

@@ -1329,6 +1329,8 @@ Topics:
     File: observing-network-traffic
   - Name: API reference
     File: flowcollector-api
+  - Name: Troubleshooting Network Observability
+    File: troubleshooting-network-observability
 ---
 Name: Storage
 Dir: storage

modules/troubleshooting-network-observability-after-installation.adoc

@@ -0,0 +1,110 @@
+// Module included in the following assemblies:
+//
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_content-type: PROCEDURE
+[id="configure-network-traffic-console_{context}"]
+= Configuring network traffic menu entry in the {product-title} console
+
+Manually configure the network traffic menu entry in the {product-title} console when the network traffic menu entry is not listed in *Observe* menu in the {product-title} console.
+
+.Prerequisites
+
+* You have installed {product-title} version 4.10 or newer.
+
+.Procedure
+
+. Check if the `spec.consolePlugin.register` field is set to `true` by running the following command:
++
+[source,terminal]
+----
+$ oc -n netobserv get flowcollector cluster -o yaml
+----
++
+.Example output
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  consolePlugin:
+    register: false
+----
+
+. Optional: Add the `netobserv-plugin` plugin by manually editing the Console Operator config:
++
+[source,terminal]
+----
+$ oc edit console.operator.openshift.io cluster
+----
++
+.Example output
+----
+...
+spec:
+  plugins:
+  - netobserv-plugin
+...
+----
+
+. Optional: Set the `spec.consolePlugin.register` field to `true` by running the following command:
++
+[source,terminal]
+----
+$ oc -n netobserv edit flowcollector cluster -o yaml
+----
++
+.Example output
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  consolePlugin:
+    register: true
+----
+
+. Ensure the status of console pods is `running` by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-console -l app=console
+----
+
+. Restart the console pods by running the following command:
++
+[source,terminal]
+----
+$ oc delete pods -n openshift-console -l app=console
+----
+
+. Clear your browser cache and history.
+
+. Check the status of Network Observability plugin pods by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n netobserv -l app=netobserv-plugin
+----
++
+.Example output
+----
+NAME                                READY   STATUS    RESTARTS   AGE
+netobserv-plugin-68c7bbb9bb-b69q6   1/1     Running   0          21s
+----
+
+. Check the logs of the Network Observability plugin pods by running the following command:
++
+[source,terminal]
+----
+$ oc logs -n netobserv -l app=netobserv-plugin
+----
++
+.Example output
+[source,terminal]
+----
+time="2022-12-13T12:06:49Z" level=info msg="Starting netobserv-console-plugin [build version: , build date: 2022-10-21 15:15] at log level info" module=main
+time="2022-12-13T12:06:49Z" level=info msg="listening on https://:9001" module=server
+----

modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc

@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_content-type: PROCEDURE
+[id="controller-manager-pod-runs-out-of-memory_{context}"]
+= Network Observability controller manager pod runs out of memory
+
+You can increase memory limits for the Network Observability operator by patching the Cluster Service Version (CSV), where Network Observability controller manager pod runs out of memory.
+
+.Procedure
+
+. Run the following command to patch the CSV:
++
+[source,terminal]
+----
+$ oc -n netobserv patch csv network-observability-operator.v1.0.0 --type='json' -p='[{"op": "replace", "path":"/spec/install/spec/deployments/0/spec/template/spec/containers/0/resources/limits/memory", value: "1Gi"}]'
+----
++
+.Example output
+----
+clusterserviceversion.operators.coreos.com/network-observability-operator.v1.0.0 patched
+----
+
+. Run the following command to view the updated CSV:
++
+[source,terminal]
+----
+$ oc -n netobserv get csv network-observability-operator.v1.0.0 -o jsonpath='{.spec.install.spec.deployments[0].spec.template.spec.containers[0].resources.limits.memory}'
+1Gi
+----

modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc

@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_content-type: PROCEDURE
+[id="configure-network-traffic-flowlogs-pipeline-kafka_{context}"]
+= Flowlogs-Pipeline does not consume network flows after installing Kafka
+
+If you deployed the flow collector first with `deploymentModel: KAFKA` and then deployed Kafka, the flow collector might not connect correctly to Kafka. Manually restart the flow-pipeline pods where Flowlogs-pipeline does not consume network flows from Kafka.
+
+.Procedure
+
+. Delete the flow-pipeline pods to restart them by running the following command:
++
+[source,terminal]
+----
+$ oc delete pods -n netobserv -l app=flowlogs-pipeline-transformer
+----

modules/troubleshooting-network-observability-network-flow.adoc

@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_content-type: PROCEDURE
+[id="configure-network-traffic-interfaces_{context}"]
+= Failing to see network flows from both `br-int` and `br-ex` interfaces
+
+br-ex` and `br-int` are virtual bridge devices operated at OSI layer 2. The eBPF agent works at the IP and TCP levels, layers 3 and 4 respectively. You can expect that the eBPF agent captures the network traffic passing through `br-ex` and `br-int`, when the network traffic is processed by other interfaces such as physical host or virtual pod interfaces. If you restrict the eBPF agent network interfaces to attach only to `br-ex` and `br-int`, you do not see any network flow.
+
+Manually remove the part in the `interfaces` or `excludeInterfaces` that restricts the network interfaces to `br-int` and `br-ex`.
+
+.Procedure
+
+. Remove the `interfaces: [ 'br-int', 'br-ex' ]` field. This allows the agent to fetch information from all the interfaces. Alternatively, you can specify the Layer-3 interface for example, `eth0`. Run the following command:
++
+[source,terminal]
+----
+$ oc edit -n netobserv flowcollector.yaml -o yaml
+----
++
+.Example output
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  agent:
+    type: EBPF
+    ebpf:
+      interfaces: [ 'br-int', 'br-ex' ] <1>
+----
+<1> Specifies the network interfaces.

networking/network_observability/troubleshooting-network-observability.adoc

@@ -0,0 +1,17 @@
+:_content-type: ASSEMBLY
+[id="installing-troubleshooting"]
+= Troubleshooting Network Observability
+include::_attributes/common-attributes.adoc[]
+:context: network-observability-troubleshooting
+
+toc::[]
+
+To assist in troubleshooting Network Observability issues, you can perform some troubleshooting actions.
+
+include::modules/troubleshooting-network-observability-after-installation.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-network-flow.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc[leveloffset=+1]