From 65e70a7d864607946f4b9dc86eabe7df321847d7 Mon Sep 17 00:00:00 2001 From: Evyatar Meged Date: Sun, 21 May 2023 17:46:37 +0300 Subject: [PATCH 1/6] Adding tolerations & priority classname to sniffer docs (#85) --- .../configuration/network-mapper/helm-chart.mdx | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/reference/configuration/network-mapper/helm-chart.mdx b/docs/reference/configuration/network-mapper/helm-chart.mdx index 4fd6d9f1c..600b2c528 100644 --- a/docs/reference/configuration/network-mapper/helm-chart.mdx +++ b/docs/reference/configuration/network-mapper/helm-chart.mdx @@ -23,13 +23,15 @@ Checkout the network mapper [tutorial](/quick-tutorials/k8s-network-mapper) to s | `mapper.uploadIntervalSeconds` | Interval for uploading data to cloud | `60` | ## Sniffer parameters -| Key | Description | Default | -|----------------------------|---------------------------|--------------------------| -| `sniffer.image.repository` | Sniffer image repository. | `otterize` | -| `sniffer.image.image` | Sniffer image. | `network-mapper-sniffer` | -| `sniffer.image.tag` | Sniffer image tag. | `latest` | -| `sniffer.pullPolicy` | Sniffer pull policy. | `(none)` | -| `sniffer.resources` | Resources override. | `(none)` | +| Key | Description | Default | +|-----------------------------|---------------------------|--------------------------| +| `sniffer.image.repository` | Sniffer image repository. | `otterize` | +| `sniffer.image.image` | Sniffer image. | `network-mapper-sniffer` | +| `sniffer.image.tag` | Sniffer image tag. | `latest` | +| `sniffer.pullPolicy` | Sniffer pull policy. | `(none)` | +| `sniffer.resources` | Resources override. | `(none)` | +| `sniffer.tolerations` | Tolerations override. | `(none)` | +| `sniffer.priorityClassName` | Set priorityClassName. | `(none)` | ## Kafka watcher parameters From 82626b170d8bcbc4ab6c41abfbcd02787c531125 Mon Sep 17 00:00:00 2001 From: Netanel Bollag <54136032+NetanelBollag@users.noreply.github.com> Date: Mon, 22 May 2023 11:24:18 +0300 Subject: [PATCH 2/6] Update minikube requirements to handle demo-app (#81) --- docs/_common/cluster-setup.md | 3 ++- docs/quick-visual-tutorials/visual-ibac-network-policies.mdx | 2 +- static/code-examples/network-mapper/istio.yaml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/_common/cluster-setup.md b/docs/_common/cluster-setup.md index 02a9fb5da..a3e8310b4 100644 --- a/docs/_common/cluster-setup.md +++ b/docs/_common/cluster-setup.md @@ -9,8 +9,9 @@ If you don't have the Minikube CLI, first [install it](https://minikube.sigs.k8s Then start your Minikube cluster with Calico, in order to enforce network policies. ```bash -minikube start --network-plugin=cni --cni=calico +minikube start --cpus=4 --memory 8192 --disk-size 32g --cni=calico ``` +The increased CPU, memory and disk resource allocations are required to be able to deploy the ecommerce app used in the visual tutorials successfully. diff --git a/docs/quick-visual-tutorials/visual-ibac-network-policies.mdx b/docs/quick-visual-tutorials/visual-ibac-network-policies.mdx index e2d6f4b0d..94de0ac5f 100644 --- a/docs/quick-visual-tutorials/visual-ibac-network-policies.mdx +++ b/docs/quick-visual-tutorials/visual-ibac-network-policies.mdx @@ -297,7 +297,7 @@ Otterize automatically generated network policies according to your declared int To list all generated network policies run: ```bash -get netpol -n otterize-ecom-demo +kubectl get netpol -n otterize-ecom-demo ``` Let's inspect one of these network policies with: diff --git a/static/code-examples/network-mapper/istio.yaml b/static/code-examples/network-mapper/istio.yaml index 0984b85d8..662f4e8de 100644 --- a/static/code-examples/network-mapper/istio.yaml +++ b/static/code-examples/network-mapper/istio.yaml @@ -67,7 +67,7 @@ spec: selector: matchLabels: app: nginx - replicas: 1 # tells deployment to run 2 pods matching the template + replicas: 1 template: metadata: labels: From 0471848acd2c3fa385321a196a2ccdee626469b3 Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Mon, 22 May 2023 13:09:23 +0300 Subject: [PATCH 3/6] Document pre-created Kubernetes secret for specifying the client secret (#86) --- .../credentials-operator/helm-chart.mdx | 16 +++++++++------- .../intents-operator/helm-chart.mdx | 14 ++++++++------ .../configuration/network-mapper/helm-chart.mdx | 14 ++++++++------ .../configuration/otterize-chart/README.mdx | 16 +++++++++------- 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/docs/reference/configuration/credentials-operator/helm-chart.mdx b/docs/reference/configuration/credentials-operator/helm-chart.mdx index 890c7b19c..7bc98593f 100644 --- a/docs/reference/configuration/credentials-operator/helm-chart.mdx +++ b/docs/reference/configuration/credentials-operator/helm-chart.mdx @@ -38,13 +38,15 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor | `operator.pullPolicy` | Operator pull policy. | `(none)` | ## Cloud parameters -| Key | Description | Default | -|-------------------------------------------------|-------------------------------------------------|----------| -| `global.otterizeCloud.useCloudToGenerateTLSCredentials` | Use Otterize Cloud for certificate management instead of SPIRE | `false` | -| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | -| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | +| Key | Description | Default | +|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| `global.otterizeCloud.useCloudToGenerateTLSCredentials` | Use Otterize Cloud for certificate management instead of SPIRE | `false` | +| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretName` | If specified, the name of a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretKey` | If specified, the key for the clientSecret in a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | +| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | ## Common parameters | Key | Description | Default | diff --git a/docs/reference/configuration/intents-operator/helm-chart.mdx b/docs/reference/configuration/intents-operator/helm-chart.mdx index e1f16f5d8..17e264b09 100644 --- a/docs/reference/configuration/intents-operator/helm-chart.mdx +++ b/docs/reference/configuration/intents-operator/helm-chart.mdx @@ -47,12 +47,14 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor | `watcher.resources` | Watcher Resources. | | ## Cloud parameters -| Key | Description | Default | -|:------------------------------------------------|:------------------------------------------------|:---------| -| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | -| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | +| Key | Description | Default | +|:-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------| +| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretName` | If specified, the name of a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretKey` | If specified, the key for the clientSecret in a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | +| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | ## Common parameters | Key | Description | Default | diff --git a/docs/reference/configuration/network-mapper/helm-chart.mdx b/docs/reference/configuration/network-mapper/helm-chart.mdx index 600b2c528..94d9807d3 100644 --- a/docs/reference/configuration/network-mapper/helm-chart.mdx +++ b/docs/reference/configuration/network-mapper/helm-chart.mdx @@ -58,12 +58,14 @@ Checkout the network mapper [tutorial](/quick-tutorials/k8s-network-mapper) to s | `istiowatcher.resources` | Resources override. | `(none)` | ## Cloud parameters -| Key | Description | Default | -|-------------------------------------------------|-------------------------------------------------|----------| -| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | -| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | +| Key | Description | Default | +|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretName` | If specified, the name of a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretKey` | If specified, the key for the clientSecret in a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | +| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | ## Global parameters | Key | Description | Default | diff --git a/docs/reference/configuration/otterize-chart/README.mdx b/docs/reference/configuration/otterize-chart/README.mdx index 4a22a26e1..9402e159b 100644 --- a/docs/reference/configuration/otterize-chart/README.mdx +++ b/docs/reference/configuration/otterize-chart/README.mdx @@ -31,13 +31,15 @@ These parameters are used by multiple charts, and must be kept the same for the | `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | ## Cloud parameters -| Key | Description | Default | -|-------------------------------------------------|-------------------------------------------------------------------------------------------|----------| -| `global.otterizeCloud.useCloudToGenerateTLSCredentials` | Use Otterize Cloud for certificate management instead of SPIRE | `false` | -| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | -| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | -| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | +| Key | Description | Default | +|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| `global.otterizeCloud.useCloudToGenerateTLSCredentials` | Use Otterize Cloud for certificate management instead of SPIRE | `false` | +| `global.otterizeCloud.credentials.clientId` | Client ID for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.clientSecret` | Client secret for connecting to Otterize Cloud. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretName` | If specified, the name of a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.credentials.secretKeyRef.secretKey` | If specified, the key for the clientSecret in a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | +| `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | +| `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | ## Intents operator parameters All configurable parameters of intents-operator can be configured under the alias `intentsOperator`. From f59bc6aab15a95b31d840c3ed0b2764e6d3eca99 Mon Sep 17 00:00:00 2001 From: omris94 <46892443+omris94@users.noreply.github.com> Date: Wed, 24 May 2023 11:54:24 +0300 Subject: [PATCH 4/6] CLI telemetry docs (#88) Co-authored-by: Uri Sarid --- docs/otterize-oss/usage-telemetry.mdx | 14 +++++++++++++- docs/reference/cli/README.mdx | 16 ++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/docs/otterize-oss/usage-telemetry.mdx b/docs/otterize-oss/usage-telemetry.mdx index 657c50177..d3e9a8c77 100644 --- a/docs/otterize-oss/usage-telemetry.mdx +++ b/docs/otterize-oss/usage-telemetry.mdx @@ -2,7 +2,7 @@ title: Usage telemetry --- -Operators in Otterize OSS report anonymous usage information back to the Otterize team, to help the team understand how the software is used in the community and what aspects users find useful. No personal or organizational identifying information is transmitted in these metrics: they only reflect patterns of usage. You may opt out at any time through a single configuration flag. +Otterize OSS components report anonymous usage information back to the Otterize team, to help the team understand how the software is used in the community and what aspects users find useful. No personal or organizational identifying information is transmitted in these metrics: they only reflect patterns of usage. You may opt out at any time through a single configuration flag. ## What information is collected? @@ -41,6 +41,18 @@ The information reported by Otterize OSS is defined in the [GraphQL schema of th | `ISTIO_POLICIES_DELETED` | How many Istio authorization policies were deleted by the intents operator. | | `STARTED` | The operator was started. | +### CLI Commands + +For the CLI, the reported events correspond simply to the commands invoked. + +Most CLI commands are of the form `otterize ` where the `` is the type of object (e.g. `intents`, `clusters`) and the `` is the operation being performed. Otterize OSS telemetry for CLI commands only reports what `` and `` were used, never what specific identifier was used in the command, nor what was the response. For example, `otterize clusters get ` would report that `clusters` and `get` were used, without reporting `` nor the response about that cluster. In some cases, modifiers are also reported, to clarify which specific action was taken. + +| Field | Meaning | +|:----------------------------------|:-----------------------------------------------------------------------------------------------------| +| `` | The type of object on which the operation (``) is being performed. | +| `` | The operation performed on ``. | +| `MODIFIERS` | If applicable, a list of modifiers to clarify the specific operation. For example, `otterize env update add-labels` would report `add-labels` as the modifier. | + ## Configuring whether to report usage information To configure whether to report usage information to the Otterize team, use the `telemetry` flag in the installation/configuration of Otterize OSS. By default, telemetry is enabled. diff --git a/docs/reference/cli/README.mdx b/docs/reference/cli/README.mdx index 89b57ddda..9c2661bf1 100644 --- a/docs/reference/cli/README.mdx +++ b/docs/reference/cli/README.mdx @@ -27,6 +27,20 @@ easy to access on the fly. `otterize completion` offers instruction for generating command completions in various shells. + +## Usage Telemetry + +The CLI reports anonymous usage information back to the Otterize team, to help the team understand how the software is used in the community and what aspects users find useful. No personal or organizational identifying information is transmitted in these metrics: they only reflect patterns of usage. You may opt out at any time through a single configuration flag. + +To **disable** sending usage information: +- Using a flag: `--telemetry-enabled=false`. +- Via an environment variable: `OTTERIZE_TELEMETRY_ENABLED=false`. + +If the `telemetry` flag is omitted or set to `true`, telemetry will be enabled: usage information will be reported. + +For more information see the [Usage telemetry Documentation](https://docs.otterize.com/otterize-oss/usage-telemetry) + + ## Global options The following options apply to all CLI commands. @@ -44,6 +58,8 @@ The following options apply to all CLI commands. | `--output` | text | Output the results of the command as text (`text`) or JSON (`json`). | | `-q` or `--quiet` | | Suppress printing the results of the command. | | `--token` | | The token to use in authenticating API calls. | +| `--telemetry-enabled` | true | Whether to enable sending of anonymous usage telemetry to Otterize or not. | + ## Network mapper From 3350cfb4425f438eebfe1dad7f613feb5359abcf Mon Sep 17 00:00:00 2001 From: Uri Sarid Date: Wed, 24 May 2023 01:58:26 -0700 Subject: [PATCH 5/6] Update README.mdx (#87) --- docs/reference/cli/README.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/cli/README.mdx b/docs/reference/cli/README.mdx index 9c2661bf1..1a9117bde 100644 --- a/docs/reference/cli/README.mdx +++ b/docs/reference/cli/README.mdx @@ -17,13 +17,13 @@ The following are the commands offered by the Otterize CLI. ## Command structure -Most CLI commands are of the form `otterize OBJECT ACTION`. Because there are multiple objects -which each have multiple operations, this order makes the auto-completion and documentation built into the CLI -easy to access on the fly. +Most CLI commands are of the form `otterize NOUN VERB` where the `NOUN` is the type of object (e.g. `intents`, `clusters`) and the `VERB` is the operation being performed. +Putting the `NOUN` first makes the auto-completion and documentation built into the CLI easier to consume: you first choose the type of object you are interested in, +then the built-in auto-completion or documentation shows you the options on that type of object. -- `otterize -h` or `otterize --help` offers help on the various objects -- `otterize OBJECT -h` or `otterize OBJECT --help` offers help on the specified object -- `otterize OBJECT OPERATION -h` or `otterize OBJECT OPERATION --help` offers help on the specified operation +- `otterize -h` or `otterize --help` lists the various object types. +- `otterize NOUN -h` or `otterize NOUN --help` offers help on the specified object type. +- `otterize NOUN VERB -h` or `otterize NOUN VERB --help` offers help on the specified operation. `otterize completion` offers instruction for generating command completions in various shells. From da7f5996bfb9e9c40907f3a299c37f88b5aa081f Mon Sep 17 00:00:00 2001 From: omris94 <46892443+omris94@users.noreply.github.com> Date: Wed, 24 May 2023 12:14:59 +0300 Subject: [PATCH 6/6] Update the release version of the CLI to v0.1.24 (#89) --- docs/_common/install-otterize-cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/_common/install-otterize-cli.md b/docs/_common/install-otterize-cli.md index ac175b531..de8479d1d 100644 --- a/docs/_common/install-otterize-cli.md +++ b/docs/_common/install-otterize-cli.md @@ -13,7 +13,7 @@ brew install otterize/otterize/otterize-cli ```bash -curl -LJO https://get.otterize.com/otterize-cli/v0.1.22/otterize_macOS_arm64_notarized.zip +curl -LJO https://get.otterize.com/otterize-cli/v0.1.24/otterize_macOS_arm64_notarized.zip tar xf otterize_macOS_arm64_notarized.zip sudo cp otterize /usr/local/bin # optionally move to PATH ``` @@ -21,7 +21,7 @@ sudo cp otterize /usr/local/bin # optionally move to PATH ```bash -curl -LJO https://get.otterize.com/otterize-cli/v0.1.22/otterize_macOS_x86_64_notarized.zip +curl -LJO https://get.otterize.com/otterize-cli/v0.1.24/otterize_macOS_x86_64_notarized.zip tar xf otterize_macOS_x86_64_notarized.zip sudo cp otterize /usr/local/bin # optionally move to PATH ``` @@ -42,7 +42,7 @@ scoop install otterize-cli ```PowerShell -Invoke-WebRequest -Uri https://get.otterize.com/otterize-cli/v0.1.22/otterize_Windows_x86_64.zip -OutFile otterize_Windows_x86_64.zip +Invoke-WebRequest -Uri https://get.otterize.com/otterize-cli/v0.1.24/otterize_Windows_x86_64.zip -OutFile otterize_Windows_x86_64.zip Expand-Archive otterize_Windows_x86_64.zip -DestinationPath . # optionally move to PATH ``` @@ -54,7 +54,7 @@ Expand-Archive otterize_Windows_x86_64.zip -DestinationPath . ```bash -wget https://get.otterize.com/otterize-cli/v0.1.22/otterize_Linux_x86_64.tar.gz +wget https://get.otterize.com/otterize-cli/v0.1.24/otterize_Linux_x86_64.tar.gz tar xf otterize_Linux_x86_64.tar.gz sudo cp otterize /usr/local/bin # optionally move to PATH ```