OSDOCS-10882 [NETOBSERV] bpfman Support TP #92963

gwynnemonahan · 2025-05-02T19:16:39Z

https://issues.redhat.com/browse/OSDOCS-10882 [NETOBSERV] bpfman Support TP

Version(s):
Merge to only the no-1.9 branch - no cherrypicks are required.
I will open one PR against main to incorporate all of the NetObserv content just before its GA.

Issue:
https://issues.redhat.com/browse/OSDOCS-10882

Link to docs preview:
https://92963--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/observing-network-traffic.html#network-observability-ebpf-manager_nw-observe-network-traffic

QE review:

QE has approved this change.

Additional information:
05/02/2025: Initial PR creation resulted in automagically adding 171 commits from main that no-1.9 wasn't aware of which resulted in a flurry of ocpdocs-vale-bot-related comments for a flurry of errors. Those comments have been resolved as a proper rebase of no-1.9 resolved all the things.

ocpdocs-previewbot · 2025-05-02T19:29:44Z

🤖 Tue Jun 03 17:05:18 - Prow CI generated the docs preview:

https://92963--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/observing-network-traffic.html

...erts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin-rights.adoc

cloud_experts_tutorials/rosa-mobb-cli-quickstart.adoc

hardware_accelerators/amd-about-amd-gpu-operator.adoc

modules/compliance-supported-profiles.adoc

modules/distr-tracing-tempo-config-default.adoc

modules/installation-special-config-chrony.adoc

modules/machineset-capacity-reservation.adoc

modules/nw-metallb-configure-vrf-bgppeer.adoc

modules/relocation-of-openshift-jenkins-images.adoc

… other tweaks (Squash)

modules/network-observability-ebpf-manager.adoc

…nce it is in Networking and not Observbaility (Squash)

Amoghrd · 2025-05-12T18:29:12Z

modules/network-observability-ebpf-manager.adoc

+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-ebpf-manager_{context}"]
+= Working with eBPF manager
+The eBPF manager is a separate operator that reduces the attack surface, and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability uses eBPF manager to load hooks. This eliminates the need to provide the eBPF Agent with privileged mode or additional Linux capabilities like `CAP_BPF` and `CAP_PERFMON`. The eBPF manager with network observability is only supported on 64-bit AMD architecture.


The eBPF manager with network observability is only supported on 64-bit AMD architecture. @frobware Is this still true?

According to the blog post https://netobserv.io/posts/what-s-new-in-network-observability-1-8/ .... but ... that was for Developer Preview ...

Since privileged mode is no longer required for NetObserv 1.9, maybe it is supported on other architectures... Will wait for a response, and update accordingly.

Yeah its in the blog, but for 1.8. So just want to confirm with the dev if it still holds true😅

Hey @frobware ,

For NetObserv 1.9, is this statement still true: "The eBPF manager with network observability is only supported on 64-bit AMD architecture."

Per Slack, keeping as is until further notice.

Amoghrd · 2025-05-12T18:31:17Z

/assign @frobware

jpinsonneau · 2025-06-03T15:27:42Z

modules/network-observability-ebpf-manager.adoc

+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-ebpf-manager_{context}"]
+= Working with eBPF Manager Operator
+The eBPF Manager is a separate operator that reduces the attack surface, and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability uses eBPF Manager to load hooks. This eliminates the need to provide the eBPF Agent with privileged mode or additional Linux capabilities like `CAP_BPF` and `CAP_PERFMON`. The eBPF Manager with network observability is only supported on 64-bit AMD architecture.


Suggested change

The eBPF Manager is a separate operator that reduces the attack surface, and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability uses eBPF Manager to load hooks. This eliminates the need to provide the eBPF Agent with privileged mode or additional Linux capabilities like `CAP_BPF` and `CAP_PERFMON`. The eBPF Manager with network observability is only supported on 64-bit AMD architecture.

The eBPF Manager is a separate operator that reduces the attack surface, and ensures compliance, security, and conflict prevention by managing all eBPF programs. Network observability can use eBPF Manager to load hooks. This eliminates the need to provide the eBPF Agent with privileged mode or additional Linux capabilities like `CAP_BPF` and `CAP_PERFMON`. The eBPF Manager with network observability is only supported on 64-bit AMD architecture.

openshift-ci · 2025-06-03T17:06:53Z

@gwynnemonahan: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label May 2, 2025