Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 9. Visualizing external entities
Understanding the interactions between your cluster and external entities is essential for incident response and network policy management. With the Visualizing external entities feature, you can view the external IP addresses that interact with your cluster.
You can view external entities in the Network Graph by selecting the External Entities graph node or by checking the deployment flows tab.
You can also query external entities using the API.
Visualizing external entities is an opt-in feature that is disabled by default. To enable this feature, you must enable external IP collection in secured clusters, as described in the following section.
9.1. Enabling external IP collection in secured clusters
To enable external IP collection in secured clusters, you must individually configure each secured cluster’s runtime configuration.
You can have some clusters with the functionality enabled while others remain disabled. In this case, external IP information is only available for the clusters where you have enabled the feature.
You can use a ConfigMap object to enable the external IP collection in secured clusters.
Procedure
Create a
ConfigMapobject calledcollector-configwith the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
When you create or update the ConfigMap object, the collector refreshes the runtime configuration. When you delete the ConfigMap object, the settings revert to the default runtime configuration values. For more information, see Using Collector runtime configuration.
9.2. Querying external IP addresses by using the API
You can get information about the external IP addresses associated with a specific cluster by using the following endpoints:
/v1/networkgraph/cluster/{clusterId}/externalentities: This endpoint returns a list of external entities for a given cluster ID. Each entity includes the following information:- Name: The name of the external entity.
- CIDR block: The CIDR block associated with the entity.
- Default entity: Indicates that the entity is a CIDR-block definition provided by the system.
-
Discovered: If
true, indicates that the external IP address does not match any specified CIDR block.
-
/v1/networkgraph/cluster/{clusterId}/externalentities/{entityId}/flows: This endpoint reports the flows to and from an external entity for a given cluster ID and entity ID. Use this endpoint to analyze network traffic patterns and gain insights into the interactions between your cluster and external entities. -
/v1/networkgraph/cluster/{clusterId}/externalentities/metadata: This endpoint reports statistics about the external flows for a given cluster ID. It reports details about each entity, as well as the number of flows associated with it.
9.3. Known limitations
The following are some known limitations of the Visualizing external entities feature:
- You cannot see external IP addresses if they are part of CIDR blocks.
- When you enable external IP collection for a cluster, the Collector in those clusters reports more information to Sensor and Central. Enabling external IP collection might create scalability issues if the workload in the cluster communicates with a large number of distinct external peers. Red Hat recommends that you turn off this feature on clusters with communication patterns involving more than 10,000 distinct external entities. However, if the pattern is mostly ingress or egress, you can overcome the scaling issue by enabling external IPs only in the opposite direction. For more information, see "Using Collector runtime configuration" in the Additional resources section.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}