Este conteúdo não está disponível no idioma selecionado.
Chapter 10. Using metrics with dashboards and alerts
			The Network Observability Operator uses the flowlogs-pipeline to generate metrics from flow logs. You can utilize these metrics by setting custom alerts and viewing dashboards.
		
10.1. Viewing network observability metrics dashboards
On the Overview tab in the OpenShift Container Platform console, you can view the overall aggregated metrics of the network traffic flow on the cluster. You can choose to display the information by node, namespace, owner, pod, and service. You can also use filters and display options to further refine the metrics.
Procedure
- 
						In the web console Observe Dashboards, select the Netobserv dashboard. 
- View network traffic metrics in the following categories, with each having the subset per node, namespace, source, and destination: - Byte rates
- Packet drops
- DNS
- RTT
 
- Select the Netobserv/Health dashboard.
- View metrics about the health of the Operator in the following categories, with each having the subset per node, namespace, source, and destination. - Flows
- Flows Overhead
- Flow rates
- Agents
- Processor
- Operator
 
Infrastructure and Application metrics are shown in a split-view for namespace and workloads.
10.2. Predefined metrics
				Metrics generated by the flowlogs-pipeline are configurable in the spec.processor.metrics.includeList of the FlowCollector custom resource to add or remove metrics.
			
10.3. Network observability metrics
				You can also create alerts by using the includeList metrics in Prometheus rules, as shown in the example "Creating alerts".
			
				When looking for these metrics in Prometheus, such as in the Console through Observe netobserv_. For example, netobserv_namespace_flows_total. Available metrics names are as follows:
			
- includeList metrics names
- Names followed by an asterisk - *are enabled by default.- 
									namespace_egress_bytes_total
- 
									namespace_egress_packets_total
- 
									namespace_ingress_bytes_total
- 
									namespace_ingress_packets_total
- 
									namespace_flows_total*
- 
									node_egress_bytes_total
- 
									node_egress_packets_total
- 
									node_ingress_bytes_total*
- 
									node_ingress_packets_total
- 
									node_flows_total
- 
									workload_egress_bytes_total
- 
									workload_egress_packets_total
- 
									workload_ingress_bytes_total*
- 
									workload_ingress_packets_total
- 
									workload_flows_total
 
- 
									
- PacketDrop metrics names
- When the - PacketDropfeature is enabled in- spec.agent.ebpf.features(with- privilegedmode), the following additional metrics are available:- 
									namespace_drop_bytes_total
- 
									namespace_drop_packets_total*
- 
									node_drop_bytes_total
- 
									node_drop_packets_total
- 
									workload_drop_bytes_total
- 
									workload_drop_packets_total
 
- 
									
- DNS metrics names
- When the - DNSTrackingfeature is enabled in- spec.agent.ebpf.features, the following additional metrics are available:- 
									namespace_dns_latency_seconds*
- 
									node_dns_latency_seconds
- 
									workload_dns_latency_seconds
 
- 
									
- FlowRTT metrics names
- When the - FlowRTTfeature is enabled in- spec.agent.ebpf.features, the following additional metrics are available:- 
									namespace_rtt_seconds*
- 
									node_rtt_seconds
- 
									workload_rtt_seconds
 
- 
									
10.4. Creating alerts
You can create custom alerting rules for the Netobserv dashboard metrics to trigger alerts when some defined conditions are met.
Prerequisites
- You have access to the cluster as a user with the cluster-admin role or with view permissions for all projects.
- You have the Network Observability Operator installed.
Procedure
- Create a YAML file by clicking the import icon, +.
- Add an alerting rule configuration to the YAML file. In the YAML sample that follows, an alert is created for when the cluster ingress traffic reaches a given threshold of 10 MBps per destination workload. - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Thenetobserv_workload_ingress_bytes_totalmetric is enabled by default inspec.processor.metrics.includeList.
 
- Click Create to apply the configuration file to the cluster.
10.5. Custom metrics
				You can create custom metrics out of the flowlogs data using the FlowMetric API. In every flowlogs data that is collected, there are several fields labeled per log, such as source name and destination name. These fields can be leveraged as Prometheus labels to enable the customization of cluster information on your dashboard.
			
10.6. Configuring custom metrics by using FlowMetric API
				You can configure the FlowMetric API to create custom metrics by using flowlogs data fields as Prometheus labels. You can add multiple FlowMetric resources to a project to see multiple dashboard views.
			
Procedure
- 
						In the web console, navigate to Operators Installed Operators. 
- In the Provided APIs heading for the NetObserv Operator, select FlowMetric.
- In the Project: dropdown list, select the project of the Network Observability Operator instance.
- Click Create FlowMetric.
- Configure the - FlowMetricresource, similar to the following sample configurations:- Example 10.1. Generate a metric that tracks ingress bytes received from cluster external sources - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- TheFlowMetricresources need to be created in the namespace defined in theFlowCollectorspec.namespace, which isnetobservby default.
- 2
- The name of the Prometheus metric, which in the web console appears with the prefixnetobserv-<metricName>.
- 3
- Thetypespecifies the type of metric. TheCountertypeis useful for counting bytes or packets.
- 4
- The direction of traffic to capture. If not specified, both ingress and egress are captured, which can lead to duplicated counts.
- 5
- Labels define what the metrics look like and the relationship between the different entities and also define the metrics cardinality. For example,SrcK8S_Nameis a high cardinality metric.
- 6
- Refines results based on the listed criteria. In this example, selecting only the cluster external traffic is done by matching only flows whereSrcSubnetLabelis absent. This assumes the subnet labels feature is enabled (viaspec.processor.subnetLabels), which is done by default.
 - Verification - 
									Once the pods refresh, navigate to Observe Metrics. 
- 
									In the Expression field, type the metric name to view the corresponding result. You can also enter an expression, such as topk(5, sum(rate(netobserv_cluster_external_ingress_bytes_total{DstK8S_Namespace="my-namespace"}[2m])) by (DstK8S_HostName, DstK8S_OwnerName, DstK8S_OwnerType))
 - Example 10.2. Show RTT latency for cluster external ingress traffic - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- TheFlowMetricresources need to be created in the namespace defined in theFlowCollectorspec.namespace, which isnetobservby default.
- 2
- Thetypespecifies the type of metric. TheHistogramtypeis useful for a latency value (TimeFlowRttNs).
- 3
- Since the Round-trip time (RTT) is provided as nanos in flows, use a divider of 1 billion to convert into seconds, which is standard in Prometheus guidelines.
- 4
- The custom buckets specify precision on RTT, with optimal precision ranging between 5ms and 250ms.
 - Verification - 
									Once the pods refresh, navigate to Observe Metrics. 
- In the Expression field, you can type the metric name to view the corresponding result.
 
High cardinality can affect the memory usage of Prometheus. You can check whether specific labels have high cardinality in the Network Flows format reference.
10.7. Configuring custom charts using FlowMetric API
				You can generate charts for dashboards in the OpenShift Container Platform web console, which you can view as an administrator in the Dashboard menu by defining the charts section of the FlowMetric resource.
			
Procedure
- 
						In the web console, navigate to Operators Installed Operators. 
- In the Provided APIs heading for the NetObserv Operator, select FlowMetric.
- In the Project: dropdown list, select the project of the Network Observability Operator instance.
- Click Create FlowMetric.
- 
						Configure the FlowMetricresource, similar to the following sample configurations:
Example 10.3. Chart for tracking ingress bytes received from cluster external sources
- 1
- TheFlowMetricresources need to be created in the namespace defined in theFlowCollectorspec.namespace, which isnetobservby default.
Verification
- 
							Once the pods refresh, navigate to Observe Dashboards. 
- Search for the NetObserv / Main dashboard. View two panels under the NetObserv / Main dashboard, or optionally a dashboard name that you create: - A textual single statistic showing the global external ingress rate summed across all dimensions
- A timeseries graph showing the same metric per destination workload
 
For more information about the query language, refer to the Prometheus documentation.
Example 10.4. Chart for RTT latency for cluster external ingress traffic
					This example uses the histogram_quantile function to show p50 and p99.
				
					You can show averages of histograms by dividing the metric, $METRIC_sum, by the metric, $METRIC_count, which are automatically generated when you create a histogram. With the preceding example, the Prometheus query to do this is as follows:
				
promQL: "(sum(rate($METRIC_sum{DstK8S_Namespace!=\"\"}[2m])) by (DstK8S_Namespace,DstK8S_OwnerName) / sum(rate($METRIC_count{DstK8S_Namespace!=\"\"}[2m])) by (DstK8S_Namespace,DstK8S_OwnerName))*1000"
promQL: "(sum(rate($METRIC_sum{DstK8S_Namespace!=\"\"}[2m])) by (DstK8S_Namespace,DstK8S_OwnerName) / sum(rate($METRIC_count{DstK8S_Namespace!=\"\"}[2m])) by (DstK8S_Namespace,DstK8S_OwnerName))*1000"Verification
- 
							Once the pods refresh, navigate to Observe Dashboards. 
- Search for the NetObserv / Main dashboard. View the new panel under the NetObserv / Main dashboard, or optionally a dashboard name that you create.
For more information about the query language, refer to the Prometheus documentation.
10.8. Detecting SYN flooding using the FlowMetric API and TCP flags
				You can create an AlertingRule resouce to alert for SYN flooding.
			
Procedure
- 
						In the web console, navigate to Operators Installed Operators. 
- In the Provided APIs heading for the NetObserv Operator, select FlowMetric.
- In the Project dropdown list, select the project of the Network Observability Operator instance.
- Click Create FlowMetric.
- Create - FlowMetricresources to add the following configurations:- Configuration counting flows per destination host and resource, with TCP flags - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Configuration counting flows per source host and resource, with TCP flags - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Deploy the following - AlertingRuleresource to alert for SYN flooding:- AlertingRulefor SYN flooding- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- In the web console, click Manage Columns in the Network Traffic table view and click TCP flags.
- In the Network Traffic table view, filter on TCP protocol SYN TCPFlag. A large number of flows with the same byteSize indicates a SYN flood.
- 
						Go to Observe Alerting and select the Alerting Rules tab. 
- Filter on netobserv-synflood-in alert. The alert should fire when SYN flooding occurs.