FlowCollector
is the schema for the network flows collection API, which pilots and configures the underlying deployments.
FlowCollector is the Schema for the network flows collection API, which pilots and configures the underlying deployments.
FlowCollector
is the schema for the network flows collection API, which pilots and configures the underlying deployments.
object
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and might reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers might infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
Defines the desired state of the FlowCollector resource.
*: the mention of "unsupported" or "deprecated" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only. |
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
object
Defines the desired state of the FlowCollector resource.
*: the mention of "unsupported" or "deprecated" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only.
object
Property | Type | Description |
---|---|---|
|
|
Agent configuration for flows extraction. |
|
|
|
|
|
- - Kafka can provide better scalability, resiliency, and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka). |
|
|
|
|
|
Kafka configuration, allowing to use Kafka as a broker as part of the flow collection pipeline. Available when the |
|
|
|
|
|
Namespace where Network Observability pods are deployed. |
|
|
|
|
|
|
|
|
|
Agent configuration for flows extraction.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
ebpf
describes the settings related to the eBPF-based flow reporter when spec.agent.type
is set to eBPF
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. A possible value is - - - - |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Privileged mode for the eBPF Agent container. When ignored or set to |
|
|
|
|
|
Sampling rate of the flow reporter. 100 means one flow on 100 is sent. 0 or 1 means all flows are sampled. |
advanced
allows setting some aspects of the internal configuration of the eBPF agent.
This section is aimed mostly for debugging and fine-grained performance optimizations,
such as GOGC
and GOMAXPROCS
env vars. Set these values at your own risk.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
scheduling controls how the pods are scheduled on nodes. |
scheduling controls how the pods are scheduled on nodes.
object
Property | Type | Description |
---|---|---|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. |
|
|
|
|
|
If specified, indicates the pod’s priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. If not specified, default priority is used, or zero if there is no default. |
|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
object
tolerations
is a list of tolerations that allow the pod to schedule onto nodes with matching taints.
For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
array
flowFilter
defines the eBPF agent configuration regarding flow filtering.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Set |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
metrics
defines the eBPF agent configuration regarding metrics.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Set |
|
|
Metrics server endpoint configuration for the Prometheus scraper. |
Metrics server endpoint configuration for the Prometheus scraper.
object
Property | Type | Description |
---|---|---|
|
|
The metrics server HTTP port. |
|
|
TLS configuration. |
TLS configuration.
object
type
Property | Type | Description |
---|---|---|
|
|
|
|
|
TLS configuration when |
|
|
Reference to the CA file when |
|
|
Select the type of TLS configuration: - |
TLS configuration when type
is set to Provided
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
Reference to the CA file when type
is set to Provided
.
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
resources
are the compute resources required by this container.
For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
consolePlugin
defines the settings related to the OpenShift Container Platform Console plugin, when available.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Enables the console plugin deployment. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
advanced
allows setting some aspects of the internal configuration of the console plugin.
This section is aimed mostly for debugging and fine-grained performance optimizations,
such as GOGC
and GOMAXPROCS
env vars. Set these values at your own risk.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
scheduling
controls how the pods are scheduled on nodes.
object
Property | Type | Description |
---|---|---|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. |
|
|
|
|
|
If specified, indicates the pod’s priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. If not specified, default priority is used, or zero if there is no default. |
|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
object
tolerations
is a list of tolerations that allow the pod to schedule onto nodes with matching taints.
For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
array
autoscaler
spec of a horizontal pod autoscaler to set up for the plugin Deployment. Refer to HorizontalPodAutoscaler documentation (autoscaling/v2).
object
portNaming
defines the configuration of the port-to-service name translation
object
Property | Type | Description |
---|---|---|
|
|
Enable the console plugin port-to-service name translation |
|
|
|
quickFilters
configures quick filter presets for the Console plugin
array
QuickFilter
defines preset configuration for Console’s quick filters
object
filter
name
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the filter, that is displayed in the Console |
resources
, in terms of compute resources, required by this container.
For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
exporters
define additional optional exporters for custom consumption or storage.
array
FlowCollectorExporter
defines an additional exporter to send enriched flows to.
object
type
Property | Type | Description |
---|---|---|
|
|
IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to. |
|
|
Kafka configuration, such as the address and topic, to send enriched flows to. |
|
|
OpenTelemetry configuration, such as the IP address and port to send enriched logs or metrics to. |
|
|
|
IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to.
object
targetHost
targetPort
Property | Type | Description |
---|---|---|
|
|
Address of the IPFIX external receiver |
|
|
Port for the IPFIX external receiver |
|
|
Transport protocol ( |
Kafka configuration, such as the address and topic, to send enriched flows to.
object
address
topic
Property | Type | Description |
---|---|---|
|
|
Address of the Kafka server |
|
|
SASL authentication configuration. [Unsupported (*)]. |
|
|
TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. |
|
|
Kafka topic to use. It must exist. Network Observability does not create it. |
SASL authentication configuration. [Unsupported (*)].
object
Property | Type | Description |
---|---|---|
|
|
Reference to the secret or config map containing the client ID |
|
|
Reference to the secret or config map containing the client secret |
|
|
Type of SASL authentication to use, or |
Reference to the secret or config map containing the client ID
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
Reference to the secret or config map containing the client secret
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
OpenTelemetry configuration, such as the IP address and port to send enriched logs or metrics to.
object
targetHost
targetPort
Property | Type | Description |
---|---|---|
|
|
Custom fields mapping to an OpenTelemetry conformant format. By default, Network Observability format proposal is used: https://github.com/rhobs/observability-data-model/blob/main/network-observability.md#format-proposal . As there is currently no accepted standard for L3 or L4 enriched network logs, you can freely override it with your own. |
|
|
Headers to add to messages (optional) |
|
|
OpenTelemetry configuration for logs. |
|
|
OpenTelemetry configuration for metrics. |
|
|
Protocol of the OpenTelemetry connection. The available options are |
|
|
Address of the OpenTelemetry receiver. |
|
|
Port for the OpenTelemetry receiver. |
|
|
TLS client configuration. |
Custom fields mapping to an OpenTelemetry conformant format. By default, Network Observability format proposal is used: https://github.com/rhobs/observability-data-model/blob/main/network-observability.md#format-proposal . As there is currently no accepted standard for L3 or L4 enriched network logs, you can freely override it with your own.
array
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
OpenTelemetry configuration for logs.
object
Property | Type | Description |
---|---|---|
|
|
Set |
OpenTelemetry configuration for metrics.
object
Property | Type | Description |
---|---|---|
|
|
Set |
|
|
Specify how often metrics are sent to a collector. |
TLS client configuration.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
Kafka configuration, allowing to use Kafka as a broker as part of the flow collection pipeline. Available when the spec.deploymentModel
is Kafka
.
object
address
topic
Property | Type | Description |
---|---|---|
|
|
Address of the Kafka server |
|
|
SASL authentication configuration. [Unsupported (*)]. |
|
|
TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. |
|
|
Kafka topic to use. It must exist. Network Observability does not create it. |
SASL authentication configuration. [Unsupported (*)].
object
Property | Type | Description |
---|---|---|
|
|
Reference to the secret or config map containing the client ID |
|
|
Reference to the secret or config map containing the client secret |
|
|
Type of SASL authentication to use, or |
Reference to the secret or config map containing the client ID
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
Reference to the secret or config map containing the client secret
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
loki
, the flow store, client settings.
object
mode
Property | Type | Description |
---|---|---|
|
|
|
|
|
Set |
|
|
Loki configuration for |
|
|
Loki configuration for |
|
|
Loki configuration for |
|
|
- Use - Use - Use - Use |
|
|
Loki configuration for |
|
|
|
|
|
|
|
|
|
|
|
|
advanced
allows setting some aspects of the internal configuration of the Loki clients.
This section is aimed mostly for debugging and fine-grained performance optimizations.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
Loki configuration for LokiStack
mode. This is useful for an easy Loki Operator configuration.
It is ignored for other modes.
object
name
Property | Type | Description |
---|---|---|
|
|
Name of an existing LokiStack resource to use. |
|
|
Namespace where this |
Loki configuration for Manual
mode. This is the most flexible configuration.
It is ignored for other modes.
object
Property | Type | Description |
---|---|---|
|
|
- - - When using the Loki Operator, this must be set to |
|
|
|
|
|
|
|
|
TLS client configuration for Loki status URL. |
|
|
|
|
|
|
|
|
TLS client configuration for Loki URL. |
TLS client configuration for Loki status URL.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
TLS client configuration for Loki URL.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
Loki configuration for Microservices
mode.
Use this option when Loki is installed using the microservices deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#microservices-mode).
It is ignored for other modes.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
TLS client configuration for Loki URL. |
TLS client configuration for Loki URL.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
Loki configuration for Monolithic
mode.
Use this option when Loki is installed using the monolithic deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#monolithic-mode).
It is ignored for other modes.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
TLS client configuration for Loki URL. |
|
|
|
TLS client configuration for Loki URL.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
networkPolicy
defines ingress network policy settings for Network Observability components isolation.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Set |
processor
defines the settings of the component that receives the flows from the agent,
enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- - - - |
|
|
|
|
|
Set |
|
|
|
|
|
|
advanced
allows setting some aspects of the internal configuration of the flow processor.
This section is aimed mostly for debugging and fine-grained performance optimizations,
such as GOGC
and GOMAXPROCS
env vars. Set these values at your own risk.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Port of the flow collector (host port). By convention, some values are forbidden. It must be greater than 1024 and different from 4500, 4789 and 6081. |
|
|
|
|
|
scheduling controls how the pods are scheduled on nodes. |
|
|
Define secondary networks to be checked for resources identification. To guarantee a correct identification, indexed values must form an unique identifier across the cluster. If the same index is used by several resources, those resources might be incorrectly labeled. |
scheduling controls how the pods are scheduled on nodes.
object
Property | Type | Description |
---|---|---|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling. |
|
|
|
|
|
If specified, indicates the pod’s priority. For documentation, refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#how-to-use-priority-and-preemption. If not specified, default priority is used, or zero if there is no default. |
|
|
|
If specified, the pod’s scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
object
tolerations
is a list of tolerations that allow the pod to schedule onto nodes with matching taints.
For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling.
array
Define secondary networks to be checked for resources identification. To guarantee a correct identification, the indexed values must form an unique identifier across the cluster. If the same index is used by several resources, those resources might be wrongly labeled.
array
object
index
name
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
kafkaConsumerAutoscaler
is the spec of a horizontal pod autoscaler to set up for flowlogs-pipeline-transformer
, which consumes Kafka messages.
This setting is ignored when Kafka is disabled. Refer to HorizontalPodAutoscaler documentation (autoscaling/v2).
object
Metrics
define the processor configuration regarding metrics
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Metrics server endpoint configuration for Prometheus scraper |
Metrics server endpoint configuration for Prometheus scraper
object
Property | Type | Description |
---|---|---|
|
|
The metrics server HTTP port. |
|
|
TLS configuration. |
TLS configuration.
object
type
Property | Type | Description |
---|---|---|
|
|
|
|
|
TLS configuration when |
|
|
Reference to the CA file when |
|
|
Select the type of TLS configuration: - |
TLS configuration when type
is set to Provided
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
Reference to the CA file when type
is set to Provided
.
object
Property | Type | Description |
---|---|---|
|
|
File name within the config map or secret. |
|
|
Name of the config map or secret containing the file. |
|
|
Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the file reference: "configmap" or "secret". |
resources
are the compute resources required by this container.
For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
object
Property | Type | Description |
---|---|---|
|
|
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
|
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
subnetLabels
allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift Container Platform, which is used to identify cluster external traffic.
When a subnet matches the source or destination IP of a flow, a corresponding field is added: SrcSubnetLabel
or DstSubnetLabel
.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
customLabels
allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.
If you enable openShiftAutoDetect
, customLabels
can override the detected subnets in case they overlap.
array
SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services.
object
cidrs
name
Property | Type | Description |
---|---|---|
|
|
List of CIDRs, such as |
|
|
Label name, used to flag matching flows. |
prometheus
defines Prometheus settings, such as querier configuration used to fetch metrics from the Console plugin.
object
Property | Type | Description |
---|---|---|
|
|
Prometheus querying configuration, such as client settings, used in the Console plugin. |
Prometheus querying configuration, such as client settings, used in the Console plugin.
object
mode
Property | Type | Description |
---|---|---|
|
|
When |
|
|
Prometheus configuration for |
|
|
- Use - Use |
|
|
|
Prometheus configuration for Manual
mode.
object
Property | Type | Description |
---|---|---|
|
|
Set |
|
|
TLS client configuration for Prometheus URL. |
|
|
|
TLS client configuration for Prometheus URL.
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
Enable TLS |
|
|
|
|
|
|
caCert
defines the reference of the certificate for the certificate Authority
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
Name of the config map or secret containing certificates. |
|
|
Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |