doc updates alongwith minor helm chart changes

Author: paliwalparitosh

CHANGELOG.md

@@ -1,25 +1,16 @@
 # Change Log
 
-# 2025-06-09
-
+# 2025-06-17
 ### Added
-- Introduced a new DaemonSet that uses eBPF (Extended Berkeley Packet Filter) to capture TCP connection logs, enabling visualization of application-level communication within the Kubernetes cluster.
+- Introduced a new DaemonSet that uses eBPF (Extended Berkeley Packet Filter) to capture TCP connection logs and builds application/network topology representing workload to workload relationships within the Kubernetes cluster.
+- New helm variable to control the resource limits at individual logan workloads.
+- Enables OKE infra discovery and service logs collection (default)
 - OCI Console integration supporting new features:
-  - **Network View:** Dynamically discover and visualize workload-to-workload communication within the cluster.
-  - **Infrastructure View:** Visualize OKE infrastructure components such as Subnets, Load Balancers, Nodes, and their interactions.
-  - **Kubernetes Spec Change Detection (View Insights):** Monitor changes/diffs of 50+ key properties across primary Kubernetes workload types:
-    - DaemonSet
-    - Deployment
-    - ReplicaSet
-    - StatefulSet
-    - CronJob & Job
-    - Exclusion: Managed workloads (ex - A Job created via a CronJob) are not tracked
-
-  **Note:** Additional enhancements and features are available in the OCI Console beyond those listed here. Please refer to the OCI Log Analytics Release Notes for more details.
+  - Topology : New Views (Infra and Network) along with Platform.
+  - View Insights for Workloads including capabilities to view the detailed spec of a workload, monitor the changes to the spec of a workload, create in-line labels for issues etc.
 
 ### Changed
 - `kubernetesClusterID` (in the Helm chart) is now a mandatory field. *(This is not backward compatible.)*
-- Updated resource limits for Log Analytics pods and workloads.
 
 ## 2025-03-19
 ### Added

README.md

@@ -36,7 +36,7 @@ It does extensive enrichment of logs, metrics and object information to enable c
 
 ## Get Started :rocket:
 
-:stop_sign: Upgrading to a major version (like 2.x to 3.x)? See [upgrade](#upgrading-to-a-major-version) section below for details. :warning:
+:stop_sign: Upgrading to a major version (like 3.x to 4.x)? See [upgrade](#upgrading-to-a-major-version) section below for details. :warning:
 
 ### Pre-requisites
 
@@ -366,6 +366,27 @@ Refer [here](#3c-import-dashboards).
 
 ### Upgrading to a major version
 
+#### v3.6.0 → v4.0.0
+
+For changes in this release, refer to [CHANGELOG.md](CHANGELOG.md)
+
+1. Update IAM Policies:
+   * This version requires additional policy statements for infrastructure discovery.
+   * See the pre-requisites section in the [README](../README.md#0-pre-requisites) for details.
+
+2. Upgrade the Helm chart:
+
+      ```sh
+      # fetch latest (4.x) helm repo for oci
+      helm repo update oci-onm
+
+      # fetch the current release configuration
+      helm get values <release-name> -n <namespace> > override_values.yaml
+
+      # Upgrade the helm chart
+      helm upgrade <release-name> oci/oci-onm -f override_values.yaml
+      ```
+
 #### 2.x to 3.x
 
 One of the major changes introduced in 3.0.0 is refactoring of helm chart where major features of the solution got split into separate sub-charts. 2.x has only support for logs and objects collection using Fluentd and OCI Logging Analytics and this is now moved into a separate chart oci-onm-logan and included as a sub-chart to the main chart oci-onm. This is a breaking change w.r.t the values.yaml and any customisations that you might have done on top of it. There is no breaking change w.r.t functionality offered in 2.x. For full list of changes in 3.x, refer to [changelog](CHANGELOG.md). 

charts/logan/templates/tcpconnect-daemonset.yaml

@@ -44,7 +44,7 @@ spec:
         - --
         args:
         - /usr/bin/tcpconnect -e
-        - -i {{ .Values.fluentd.kubernetesSystem.logs.tcpconnect.interval }}
+        - -i 30
         env:
         - name: K8S_NODE_NAME
           valueFrom:

charts/logan/values.yaml

@@ -84,7 +84,7 @@ privileged: false
 
 # -- Enables the collection of TCP connect logs.
 # Default: true
-# Warning: Disabling this will prevent automatic discovery of workload-to-workload communication within the cluster.
+# Note: Disabling this will prevent automatic discovery of workload-to-workload communication within the cluster.
 enableTCPConnectLogs: true
 
 # -- Enables collection of AWS EKS Control Plane logs through CloudWatch or S3 Fluentd plugin
@@ -114,13 +114,13 @@ resources:
 
 # Requests and limits for Memory and CPU [Overrides]
 resourceOverrides:
-   # Responsible for TCP connection events collection.
+   # Responsible for TCP connect logs collection aiding discovery of workload to workload relationships.
    tcpconnectDaemonset:
       # -- Resource requests
       requests:
          cpu: 10m
          memory: 50Mi
-   # Responsible for log collection.
+   # Responsible for various logs collection.
    fluentdDaemonset:
       # -- Limits
       limits:
@@ -402,8 +402,6 @@ fluentd:
             path: /var/log/containers/*-logan-tcpconnect*.log
             # Logging Analytics log source to use for parsing and processing the logs: TCP CONNECT Logs
             ociLALogSourceName: "Kubernetes TCP Connect Logs"
-            # Network logs Polling frequency in seconds
-            interval: 30
 
          # Config specific to Kubernetes Audit Logs Collection
          kube-audit:
@@ -727,7 +725,7 @@ k8sDiscovery:
    infra:
       # Enable Logs collection for OKE's OCI infra components - LB, OKE Cluster control plane, Subnet logs etc
       # Not supported for Non OKE clusters
-      enable_service_log: false
+      enable_service_log: true
       # Discovers OKE Node Pools in all compartments of tenant
       # when false, Node Pools present in OKE's compartment are discovered
       probe_all_compartments: false

docs/FAQ.md

@@ -18,7 +18,7 @@ Refer [here](../README.md#installation-instructions).
 | :----: | :----: | :----: | :----: | :----: | 
 | Namespace |	All |	oci-onm	| Namespace in which all the resources would be installed. | There is a provision to choose pre-created namespace or to create a different namespace and then use it. |
 | DaemonSet	| Logs | oci-onm-logan | Responsible for log collection. | |
-| DaemonSet	| Logs | oci-onm-logan-tcpconnect | Responsible for TCP connection events collection. | The pods in this DaemonSet run in privileged mode, but with only the CAP_BPF capability enabled. This allows them to execute the required BPF programs while maintaining a minimal security footprint. |
+| DaemonSet	| Logs | oci-onm-logan-tcpconnect | Responsible for TCP connect logs collection aiding discovery of workload to workload relationships. | The pods in this DaemonSet run in privileged mode, but with only the CAP_BPF capability enabled which enables the pods to run the required eBPF program. |
 | CronJob	| Discovery, Kubernetes Objects State |	oci-onm-discovery |	Responsible for Kubernetes discovery and objects state collection. | |	
 | StatefulSet |	Metrics	| oci-onm-mgmt-agent | Responsible for metrics collection. | |
 | ConfigMap |	Logs | oci-onm-logs |	Contains Fluentd configuration aiding the log collection. | |	
@@ -625,11 +625,13 @@ Allow service loganalytics to {VCN_READ,SUBNET_READ,VNIC_READ} in tenancy
 
 ### Why does the TcpConnect DaemonSet use privileged mode? Can it be disabled?
 
-The tcpconnect DaemonSet runs an eBPF program to collect TCP connection events, which are essential for dynamically mapping communication between workloads in the cluster. These relationships are visualized in the network topology view.
+TcpConnect DaemonSet is responsible for TCP connect logs collection aiding discovery of workload to workload relationships.
 
-To enable the eBPF program, the DaemonSet requires privileged mode with the CAP_BPF capability.
+To be able to run the required eBPF program, the pods needs to run in privileged mode but restricting to CAP_BPF capability only.
 
-You can disable this feature by setting the following property to false:
+If you need to disable this feature, set the following property to false:
+
+> Note: Disabling this will prevent automatic discovery of workload-to-workload communication within the cluster, resulting in an empty network topology view in the OCI Console.
 
 ```yaml
 ...
@@ -642,8 +644,6 @@ oci-onm-logan:
   ..
 ```
 
-**Warning:** Warning: Disabling this will prevent automatic discovery of workload-to-workload communication within the cluster, resulting in an empty network topology view in the OCI Console.
-
 ### Control plane log collection for AWS EKS (Amazon Elastic Kubernetes Service)
 
 AWS EKS control plane logs are available in CloudWatch.