netobserv · openshift-merge-robot · Jul 17, 2023 · Apr 28, 2023 · May 9, 2023 · Jun 4, 2023
diff --git a/api/v1alpha1/flowcollector_webhook.go b/api/v1alpha1/flowcollector_webhook.go
@@ -63,6 +63,14 @@ func (r *FlowCollector) ConvertTo(dstRaw conversion.Hub) error {
 	}
 
 	dst.Spec.Loki.Enable = restored.Spec.Loki.Enable
+	if restored.Spec.Agent.EBPF.EnableTCPDrop != nil {
+		*dst.Spec.Agent.EBPF.EnableTCPDrop = *restored.Spec.Agent.EBPF.EnableTCPDrop
+	}
+
+	if restored.Spec.Agent.EBPF.EnableDNSTracking != nil {
+		*dst.Spec.Agent.EBPF.EnableDNSTracking = *restored.Spec.Agent.EBPF.EnableDNSTracking
+	}
+
 	dst.Spec.Loki.StatusTLS = restored.Spec.Loki.StatusTLS
 	dst.Spec.Kafka.SASL = restored.Spec.Kafka.SASL
 
@@ -147,3 +155,10 @@ func Convert_v1beta1_FlowCollectorConsolePlugin_To_v1alpha1_FlowCollectorConsole
 func Convert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in *v1beta1.FlowCollectorExporter, out *FlowCollectorExporter, s apiconversion.Scope) error {
 	return autoConvert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in, out, s)
 }
+
+// This function need to be manually created because conversion-gen not able to create it intentionally because
+// we have new defined fields in v1beta1 not in v1alpha1
+// nolint:golint,stylecheck,revive
+func Convert_v1beta1_FlowCollectorEBPF_To_v1alpha1_FlowCollectorEBPF(in *v1beta1.FlowCollectorEBPF, out *FlowCollectorEBPF, s apiconversion.Scope) error {
+	return autoConvert_v1beta1_FlowCollectorEBPF_To_v1alpha1_FlowCollectorEBPF(in, out, s)
+}
diff --git a/api/v1alpha1/zz_generated.conversion.go b/api/v1alpha1/zz_generated.conversion.go
diff --git a/api/v1beta1/flowcollector_types.go b/api/v1beta1/flowcollector_types.go
@@ -221,6 +221,20 @@ type FlowCollectorEBPF struct {
 	// such as GOGC and GOMAXPROCS env vars. Users setting its values do it at their own risk.
 	// +optional
 	Debug DebugConfig `json:"debug,omitempty"`
+
+	// Enable the TCP drop flows logging feature. This feature requires mounting
+	// the kernel debug filesystem, so the eBPF pod has to run as privileged.
+	// If the spec.agent.eBPF.privileged parameter is not set, an error is reported.
+	//+kubebuilder:default:=false
+	//+optional
+	EnableTCPDrop *bool `json:"enableTCPDrop,omitempty"`
+
+	// Enable the DNS tracking feature. This feature requires mounting
+	// the kernel debug filesystem hence the eBPF pod has to run as privileged.
+	// If the spec.agent.eBPF.privileged parameter is not set, an error is reported.
+	//+kubebuilder:default:=false
+	//+optional
+	EnableDNSTracking *bool `json:"enableDNSTracking,omitempty"`
 }
 
 // `FlowCollectorKafka` defines the desired Kafka config of FlowCollector

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -2302,6 +2302,20 @@ spec:
                               they are only useful in edge debug or support scenarios.'
                             type: object
                         type: object
+                      enableDNSTracking:
+                        default: false
+                        description: Enable the DNS tracking feature. This feature
+                          requires mounting the kernel debug filesystem hence the
+                          eBPF pod has to run as privileged. If the spec.agent.eBPF.privileged
+                          parameter is not set, an error is reported.
+                        type: boolean
+                      enableTCPDrop:
+                        default: false
+                        description: Enable the TCP drop flows logging feature. This
+                          feature requires mounting the kernel debug filesystem, so
+                          the eBPF pod has to run as privileged. If the spec.agent.eBPF.privileged
+                          parameter is not set, an error is reported.
+                        type: boolean
                       excludeInterfaces:
                         default:
                         - lo

diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml
@@ -175,13 +175,16 @@ metadata:
               "ebpf": {
                 "cacheActiveTimeout": "5s",
                 "cacheMaxFlows": 100000,
+                "enableDNSTracking": false,
+                "enableTCPDrop": false,
                 "excludeInterfaces": [
                   "lo"
                 ],
                 "imagePullPolicy": "IfNotPresent",
                 "interfaces": [],
                 "kafkaBatchSize": 10485760,
                 "logLevel": "info",
+                "privileged": false,
                 "resources": {
                   "limits": {
                     "memory": "800Mi"

diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -2289,6 +2289,20 @@ spec:
                               they are only useful in edge debug or support scenarios.'
                             type: object
                         type: object
+                      enableDNSTracking:
+                        default: false
+                        description: Enable the DNS tracking feature. This feature
+                          requires mounting the kernel debug filesystem hence the
+                          eBPF pod has to run as privileged. If the spec.agent.eBPF.privileged
+                          parameter is not set, an error is reported.
+                        type: boolean
+                      enableTCPDrop:
+                        default: false
+                        description: Enable the TCP drop flows logging feature. This
+                          feature requires mounting the kernel debug filesystem, so
+                          the eBPF pod has to run as privileged. If the spec.agent.eBPF.privileged
+                          parameter is not set, an error is reported.
+                        type: boolean
                       excludeInterfaces:
                         default:
                         - lo

diff --git a/config/samples/flows_v1beta1_flowcollector.yaml b/config/samples/flows_v1beta1_flowcollector.yaml
@@ -12,6 +12,9 @@ spec:
       sampling: 50
       cacheActiveTimeout: 5s
       cacheMaxFlows: 100000
+      privileged: false
+      enableTCPDrop: false
+      enableDNSTracking: false
       interfaces: [ ]
       excludeInterfaces: [ "lo" ]
       logLevel: info

diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
@@ -348,12 +348,24 @@ func (b *builder) metricsService() *corev1.Service {
 func (b *builder) configMap() (*corev1.ConfigMap, string) {
 	outputRecordTypes := helper.GetRecordTypes(&b.desired.Processor)
 
+	var features []string
+	if b.desired.Agent.Type == flowslatest.AgentEBPF {
+		if helper.IsTCPDropEnabled(b.desired) {
+			features = append(features, "tcpDrop")
+		}
+
+		if helper.IsDNSTrackingEnabled(b.desired) {
+			features = append(features, "dnsTracking")
+		}
+	}
+
 	config := map[string]interface{}{
 		"recordTypes":     outputRecordTypes,
 		"portNaming":      b.desired.ConsolePlugin.PortNaming,
 		"quickFilters":    b.desired.ConsolePlugin.QuickFilters,
 		"alertNamespaces": []string{b.namespace},
 		"sampling":        helper.GetSampling(b.desired),
+		"features":        features,
 	}
 
 	configStr := "{}"