Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 9. Visualizing external entities

Understanding the interactions between your cluster and external entities is essential for incident response and network policy management. With the Visualizing external entities feature, you can view the external IP addresses that interact with your cluster.

You can view external entities in the Network Graph by selecting the External Entities graph node or by checking the deployment flows tab.

You can also query external entities using the API.

Note

Visualizing external entities is an opt-in feature that is disabled by default. To enable this feature, you must enable external IP collection in secured clusters, as described in the following section.

9.1. Enabling external IP collection in secured clusters
Copiar enlace

To enable external IP collection in secured clusters, you must individually configure each secured cluster’s runtime configuration.

You can have some clusters with the functionality enabled while others remain disabled. In this case, external IP information is only available for the clusters where you have enabled the feature.

You can use a ConfigMap object to enable the external IP collection in secured clusters.

Procedure

  • Create a ConfigMap object called collector-config with the following content: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: collector-config
  namespace: stackrox
data:
  runtime_config.yaml: |
    1 
    
    networking:
      externalIps:
        enabled: ENABLED
    2
    Copy to Clipboard Toggle word wrap
    1
    RHACS mounts this file at /etc/stackrox/runtime_config.yaml.
    2
    networking.externalIps.enable was changed to networking.externalIps.enabled in RHACS 4.7. It is an enum and can be set to ENABLED or DISABLED.

When you create or update the ConfigMap object, the collector refreshes the runtime configuration. When you delete the ConfigMap object, the settings revert to the default runtime configuration values. For more information, see Using Collector runtime configuration.

9.2. Querying external IP addresses by using the API
Copiar enlace

You can get information about the external IP addresses associated with a specific cluster by using the following endpoints:

  • /v1/networkgraph/cluster/{clusterId}/externalentities: This endpoint returns a list of external entities for a given cluster ID. Each entity includes the following information:

    • Name: The name of the external entity.
    • CIDR block: The CIDR block associated with the entity.
    • Default entity: Indicates that the entity is a CIDR-block definition provided by the system.
    • Discovered: If true, indicates that the external IP address does not match any specified CIDR block.
  • /v1/networkgraph/cluster/{clusterId}/externalentities/{entityId}/flows: This endpoint reports the flows to and from an external entity for a given cluster ID and entity ID. Use this endpoint to analyze network traffic patterns and gain insights into the interactions between your cluster and external entities.
  • /v1/networkgraph/cluster/{clusterId}/externalentities/metadata: This endpoint reports statistics about the external flows for a given cluster ID. It reports details about each entity, as well as the number of flows associated with it.

9.3. Known limitations
Copiar enlace

The following are some known limitations of the Visualizing external entities feature:

  • You cannot see external IP addresses if they are part of CIDR blocks.
  • When you enable external IP collection for a cluster, the Collector in those clusters reports more information to Sensor and Central. Enabling external IP collection might create scalability issues if the workload in the cluster communicates with a large number of distinct external peers. Red Hat recommends that you turn off this feature on clusters with communication patterns involving more than 10,000 distinct external entities. However, if the pattern is mostly ingress or egress, you can overcome the scaling issue by enabling external IPs only in the opposite direction. For more information, see "Using Collector runtime configuration" in the Additional resources section.
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat