Chapter 8. Visualizing external entities

Procedure

• Create a ConfigMap object called collector-config with the following content:

  apiVersion: v1
  kind: ConfigMap
  metadata:
    name: collector-config
    namespace: stackrox
  data:
    runtime_config.yaml: | 

  1

  
      networking:
        externalIps:
          enabled: ENABLED 

  2

  Copy to Clipboard Toggle word wrap

  1

  RHACS mounts this file at /etc/stackrox/runtime_config.yaml.

  2

  networking.externalIps.enable was changed to networking.externalIps.enabled in RHACS 4.7. It is an enum and can be set to ENABLED or DISABLED.

• /v1/networkgraph/cluster/{clusterId}/externalentities: This endpoint returns a list of external entities for a given cluster ID. Each entity includes the following information:

  • Name: The name of the external entity.
  • CIDR block: The CIDR block associated with the entity.
  • Default entity: Indicates that the entity is a CIDR-block definition provided by the system.
  • Discovered: If true, indicates that the external IP address does not match any specified CIDR block.
• /v1/networkgraph/cluster/{clusterId}/externalentities/{entityId}/flows: This endpoint reports the flows to and from an external entity for a given cluster ID and entity ID. Use this endpoint to analyze network traffic patterns and gain insights into the interactions between your cluster and external entities.
• /v1/networkgraph/cluster/{clusterId}/externalentities/metadata: This endpoint reports statistics about the external flows for a given cluster ID. It reports details about each entity, as well as the number of flows associated with it.

• You cannot see external IP addresses if they are part of CIDR blocks.

• When you enable external IP collection for a cluster, the Collector in those clusters reports more information to Sensor and Central. Enabling external IP collection might create scalability issues if the workload in the cluster communicates with a large number of distinct external peers. Red Hat recommends that you turn off this feature on clusters with communication patterns involving more than 10,000 distinct external entities. However, if the pattern is mostly ingress or egress, you can overcome the scaling issue by enabling external IPs only in the opposite direction. For more information, see "Using Collector runtime configuration" in the Additional resources section.

  Note

  During a test, Red Hat generated 20 flows per second with external entities, leading to a daily increase of 450 MB in Central memory usage. This memory persisted even after deleting the deployments. Turning off external IPs at the Collector level stops further memory growth in Central caused by external IPs. To clear most of the memory used by external IPs, turn off external IPs at the Central level by setting the ROX_EXTERNAL_IPS environment variable to false and the ROX_EXTERNAL_IPS_PRUNING environment variable to true.