This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.Este conteúdo não está disponível no idioma selecionado.
Chapter 9. FlowCollector configuration parameters
FlowCollector is the Schema for the network flows collection API, which pilots and configures the underlying deployments.
9.1. FlowCollector API specifications Copiar o linkLink copiado para a área de transferência!
- Description
-
FlowCollector
is the schema for the network flows collection API, which pilots and configures the underlying deployments. - Type
-
object
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and might reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers might infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
Defines the desired state of the FlowCollector resource. |
9.1.1. .metadata Copiar o linkLink copiado para a área de transferência!
- Description
- Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- Type
-
object
9.1.2. .spec Copiar o linkLink copiado para a área de transferência!
- Description
-
Defines the desired state of the FlowCollector resource.
*: the mention of "unsupported", or "deprecated" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only. - Type
-
object
Property | Type | Description |
---|---|---|
|
| Agent configuration for flows extraction. |
|
|
|
|
|
|
|
|
|
|
|
Kafka configuration, allowing to use Kafka as a broker as part of the flow collection pipeline. Available when the |
|
| Loki, the flow store, client settings. |
|
| Namespace where Network Observability pods are deployed. |
|
|
|
9.1.3. .spec.agent Copiar o linkLink copiado para a área de transferência!
- Description
- Agent configuration for flows extraction.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
9.1.4. .spec.agent.ebpf Copiar o linkLink copiado para a área de transferência!
- Description
-
ebpf
describes the settings related to the eBPF-based flow reporter whenspec.agent.type
is set toEBPF
. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are: |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Privileged mode for the eBPF Agent container. In general this setting can be ignored or set to false: in that case, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, to enable its correct operation. If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF is in use, then you can turn on this mode for more global privileges. |
|
|
|
|
| Sampling rate of the flow reporter. 100 means one flow on 100 is sent. 0 or 1 means all flows are sampled. |
9.1.5. .spec.agent.ebpf.debug Copiar o linkLink copiado para a área de transferência!
- Description
-
debug
allows setting some aspects of the internal configuration of the eBPF agent. This section is aimed exclusively for debugging and fine-grained performance optimizations, such as GOGC and GOMAXPROCS env vars. Users setting its values do it at their own risk. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
9.1.6. .spec.agent.ebpf.resources Copiar o linkLink copiado para a área de transferência!
- Description
-
resources
are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - Type
-
object
Property | Type | Description |
---|---|---|
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
9.1.7. .spec.agent.ipfix Copiar o linkLink copiado para a área de transferência!
- Description
-
ipfix
[deprecated (*)] - describes the settings related to the IPFIX-based flow reporter whenspec.agent.type
is set toIPFIX
. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9.1.8. .spec.agent.ipfix.clusterNetworkOperator Copiar o linkLink copiado para a área de transferência!
- Description
-
clusterNetworkOperator
defines the settings related to the OpenShift Container Platform Cluster Network Operator, when available. - Type
-
object
Property | Type | Description |
---|---|---|
|
| Namespace where the config map is going to be deployed. |
9.1.9. .spec.agent.ipfix.ovnKubernetes Copiar o linkLink copiado para a área de transferência!
- Description
-
ovnKubernetes
defines the settings of the OVN-Kubernetes CNI, when available. This configuration is used when using OVN’s IPFIX exports, without OpenShift Container Platform. When using OpenShift Container Platform, refer to theclusterNetworkOperator
property instead. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Namespace where OVN-Kubernetes pods are deployed. |
9.1.10. .spec.consolePlugin Copiar o linkLink copiado para a área de transferência!
- Description
-
consolePlugin
defines the settings related to the OpenShift Container Platform Console plugin, when available. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
| enable the console plugin deployment. spec.Loki.enable must also be true |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9.1.11. .spec.consolePlugin.autoscaler Copiar o linkLink copiado para a área de transferência!
- Description
-
autoscaler
spec of a horizontal pod autoscaler to set up for the plugin Deployment. Refer to HorizontalPodAutoscaler documentation (autoscaling/v2). - Type
-
object
9.1.12. .spec.consolePlugin.portNaming Copiar o linkLink copiado para a área de transferência!
- Description
-
portNaming
defines the configuration of the port-to-service name translation - Type
-
object
Property | Type | Description |
---|---|---|
|
| Enable the console plugin port-to-service name translation |
|
|
|
9.1.13. .spec.consolePlugin.quickFilters Copiar o linkLink copiado para a área de transferência!
- Description
-
quickFilters
configures quick filter presets for the Console plugin - Type
-
array
9.1.14. .spec.consolePlugin.quickFilters[] Copiar o linkLink copiado para a área de transferência!
- Description
-
QuickFilter
defines preset configuration for Console’s quick filters - Type
-
object
- Required
-
filter
-
name
-
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the filter, that is displayed in the Console |
9.1.15. .spec.consolePlugin.resources Copiar o linkLink copiado para a área de transferência!
- Description
-
resources
, in terms of compute resources, required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - Type
-
object
Property | Type | Description |
---|---|---|
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
9.1.16. .spec.exporters Copiar o linkLink copiado para a área de transferência!
- Description
-
exporters
define additional optional exporters for custom consumption or storage. - Type
-
array
9.1.17. .spec.exporters[] Copiar o linkLink copiado para a área de transferência!
- Description
-
FlowCollectorExporter
defines an additional exporter to send enriched flows to. - Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to. |
|
| Kafka configuration, such as the address and topic, to send enriched flows to. |
|
|
|
9.1.18. .spec.exporters[].ipfix Copiar o linkLink copiado para a área de transferência!
- Description
- IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to.
- Type
-
object
- Required
-
targetHost
-
targetPort
-
Property | Type | Description |
---|---|---|
|
| Address of the IPFIX external receiver |
|
| Port for the IPFIX external receiver |
|
|
Transport protocol ( |
9.1.19. .spec.exporters[].kafka Copiar o linkLink copiado para a área de transferência!
- Description
- Kafka configuration, such as the address and topic, to send enriched flows to.
- Type
-
object
- Required
-
address
-
topic
-
Property | Type | Description |
---|---|---|
|
| Address of the Kafka server |
|
| SASL authentication configuration. [Unsupported (*)]. |
|
| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. |
|
| Kafka topic to use. It must exist. Network Observability does not create it. |
9.1.20. .spec.exporters[].kafka.sasl Copiar o linkLink copiado para a área de transferência!
- Description
- SASL authentication configuration. [Unsupported (*)].
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Reference to the secret or config map containing the client ID |
|
| Reference to the secret or config map containing the client secret |
|
|
Type of SASL authentication to use, or |
9.1.21. .spec.exporters[].kafka.sasl.clientIDReference Copiar o linkLink copiado para a área de transferência!
- Description
- Reference to the secret or config map containing the client ID
- Type
-
object
Property | Type | Description |
---|---|---|
|
| File name within the config map or secret |
|
| Name of the config map or secret containing the file |
|
| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
| Type for the file reference: "configmap" or "secret" |
9.1.22. .spec.exporters[].kafka.sasl.clientSecretReference Copiar o linkLink copiado para a área de transferência!
- Description
- Reference to the secret or config map containing the client secret
- Type
-
object
Property | Type | Description |
---|---|---|
|
| File name within the config map or secret |
|
| Name of the config map or secret containing the file |
|
| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
| Type for the file reference: "configmap" or "secret" |
9.1.23. .spec.exporters[].kafka.tls Copiar o linkLink copiado para a área de transferência!
- Description
- TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
| Enable TLS |
|
|
|
|
|
|
9.1.24. .spec.exporters[].kafka.tls.caCert Copiar o linkLink copiado para a área de transferência!
- Description
-
caCert
defines the reference of the certificate for the Certificate Authority - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.25. .spec.exporters[].kafka.tls.userCert Copiar o linkLink copiado para a área de transferência!
- Description
-
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS) - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.26. .spec.kafka Copiar o linkLink copiado para a área de transferência!
- Description
-
Kafka configuration, allowing to use Kafka as a broker as part of the flow collection pipeline. Available when the
spec.deploymentModel
isKAFKA
. - Type
-
object
- Required
-
address
-
topic
-
Property | Type | Description |
---|---|---|
|
| Address of the Kafka server |
|
| SASL authentication configuration. [Unsupported (*)]. |
|
| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. |
|
| Kafka topic to use. It must exist, Network Observability does not create it. |
9.1.27. .spec.kafka.sasl Copiar o linkLink copiado para a área de transferência!
- Description
- SASL authentication configuration. [Unsupported (*)].
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Reference to the secret or config map containing the client ID |
|
| Reference to the secret or config map containing the client secret |
|
|
Type of SASL authentication to use, or |
9.1.28. .spec.kafka.sasl.clientIDReference Copiar o linkLink copiado para a área de transferência!
- Description
- Reference to the secret or config map containing the client ID
- Type
-
object
Property | Type | Description |
---|---|---|
|
| File name within the config map or secret |
|
| Name of the config map or secret containing the file |
|
| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
| Type for the file reference: "configmap" or "secret" |
9.1.29. .spec.kafka.sasl.clientSecretReference Copiar o linkLink copiado para a área de transferência!
- Description
- Reference to the secret or config map containing the client secret
- Type
-
object
Property | Type | Description |
---|---|---|
|
| File name within the config map or secret |
|
| Name of the config map or secret containing the file |
|
| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
| Type for the file reference: "configmap" or "secret" |
9.1.30. .spec.kafka.tls Copiar o linkLink copiado para a área de transferência!
- Description
- TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
| Enable TLS |
|
|
|
|
|
|
9.1.31. .spec.kafka.tls.caCert Copiar o linkLink copiado para a área de transferência!
- Description
-
caCert
defines the reference of the certificate for the Certificate Authority - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.32. .spec.kafka.tls.userCert Copiar o linkLink copiado para a área de transferência!
- Description
-
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS) - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.33. .spec.loki Copiar o linkLink copiado para a área de transferência!
- Description
- Loki, the flow store, client settings.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
Set to |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| TLS client configuration for Loki status URL. |
|
|
|
|
|
|
|
|
|
|
| TLS client configuration for Loki URL. |
|
|
|
9.1.34. .spec.loki.statusTls Copiar o linkLink copiado para a área de transferência!
- Description
- TLS client configuration for Loki status URL.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
| Enable TLS |
|
|
|
|
|
|
9.1.35. .spec.loki.statusTls.caCert Copiar o linkLink copiado para a área de transferência!
- Description
-
caCert
defines the reference of the certificate for the Certificate Authority - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.36. .spec.loki.statusTls.userCert Copiar o linkLink copiado para a área de transferência!
- Description
-
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS) - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.37. .spec.loki.tls Copiar o linkLink copiado para a área de transferência!
- Description
- TLS client configuration for Loki URL.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
| Enable TLS |
|
|
|
|
|
|
9.1.38. .spec.loki.tls.caCert Copiar o linkLink copiado para a área de transferência!
- Description
-
caCert
defines the reference of the certificate for the Certificate Authority - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.39. .spec.loki.tls.userCert Copiar o linkLink copiado para a área de transferência!
- Description
-
userCert
defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS) - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.40. .spec.processor Copiar o linkLink copiado para a área de transferência!
- Description
-
processor
defines the settings of the component that receives the flows from the agent, enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Port of the flow collector (host port). By convention, some values are forbidden. It must be greater than 1024 and different from 4500, 4789 and 6081. |
|
|
|
|
|
|
9.1.41. .spec.processor.debug Copiar o linkLink copiado para a área de transferência!
- Description
-
debug
allows setting some aspects of the internal configuration of the flow processor. This section is aimed exclusively for debugging and fine-grained performance optimizations, such as GOGC and GOMAXPROCS env vars. Users setting its values do it at their own risk. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
9.1.42. .spec.processor.kafkaConsumerAutoscaler Copiar o linkLink copiado para a área de transferência!
- Description
-
kafkaConsumerAutoscaler
is the spec of a horizontal pod autoscaler to set up forflowlogs-pipeline-transformer
, which consumes Kafka messages. This setting is ignored when Kafka is disabled. Refer to HorizontalPodAutoscaler documentation (autoscaling/v2). - Type
-
object
9.1.43. .spec.processor.metrics Copiar o linkLink copiado para a área de transferência!
- Description
-
Metrics
define the processor configuration regarding metrics - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Metrics server endpoint configuration for Prometheus scraper |
9.1.44. .spec.processor.metrics.server Copiar o linkLink copiado para a área de transferência!
- Description
- Metrics server endpoint configuration for Prometheus scraper
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The prometheus HTTP port |
|
| TLS configuration. |
9.1.45. .spec.processor.metrics.server.tls Copiar o linkLink copiado para a área de transferência!
- Description
- TLS configuration.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
TLS configuration when |
|
|
Reference to the CA file when |
|
|
Select the type of TLS configuration: |
9.1.46. .spec.processor.metrics.server.tls.provided Copiar o linkLink copiado para a área de transferência!
- Description
-
TLS configuration when
type
is set toPROVIDED
. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
|
|
|
|
|
| Name of the config map or secret containing certificates |
|
| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
|
Type for the certificate reference: |
9.1.47. .spec.processor.metrics.server.tls.providedCaFile Copiar o linkLink copiado para a área de transferência!
- Description
-
Reference to the CA file when
type
is set toPROVIDED
. - Type
-
object
Property | Type | Description |
---|---|---|
|
| File name within the config map or secret |
|
| Name of the config map or secret containing the file |
|
| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required. |
|
| Type for the file reference: "configmap" or "secret" |
9.1.48. .spec.processor.resources Copiar o linkLink copiado para a área de transferência!
- Description
-
resources
are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - Type
-
object
Property | Type | Description |
---|---|---|
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |