diff --git a/api/flowcollector/v1beta2/flowcollector_types.go b/api/flowcollector/v1beta2/flowcollector_types.go index 4615da6cb3..1c7e6e83af 100644 --- a/api/flowcollector/v1beta2/flowcollector_types.go +++ b/api/flowcollector/v1beta2/flowcollector_types.go @@ -677,12 +677,12 @@ type FlowCollectorFLP struct { MultiClusterDeployment *bool `json:"multiClusterDeployment,omitempty"` //+optional - // `addZone` allows availability zone awareness by labelling flows with their source and destination zones. + // `addZone` allows availability zone awareness by labeling flows with their source and destination zones. // This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. AddZone *bool `json:"addZone,omitempty"` //+optional - // `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. + // `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. // When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. SubnetLabels SubnetLabels `json:"subnetLabels,omitempty"` @@ -1037,8 +1037,8 @@ type PrometheusQuerier struct { Enable *bool `json:"enable,omitempty"` // `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
- // - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- // - Use `Manual` for a manual setup
+ // - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.
+ // - Use `Manual` for a manual setup.
//+unionDiscriminator //+kubebuilder:validation:Enum=Manual;Auto //+kubebuilder:default:="Auto" @@ -1055,10 +1055,8 @@ type PrometheusQuerier struct { Timeout *metav1.Duration `json:"timeout,omitempty"` // Warning: keep as pointer, else default is ignored } -// FlowCollectorConsolePlugin defines the desired ConsolePlugin state of FlowCollector +// FlowCollectorConsolePlugin defines the desired ConsolePlugin state of FlowCollector. type FlowCollectorConsolePlugin struct { - // Important: Run "make generate" to regenerate code after modifying this file - //+kubebuilder:default:=true // Enables the console plugin deployment. Enable *bool `json:"enable,omitempty"` @@ -1074,18 +1072,18 @@ type FlowCollectorConsolePlugin struct { //+kubebuilder:validation:Enum=IfNotPresent;Always;Never //+kubebuilder:default:=IfNotPresent - // `imagePullPolicy` is the Kubernetes pull policy for the image defined above + // `imagePullPolicy` is the Kubernetes pull policy for the image defined above. ImagePullPolicy string `json:"imagePullPolicy,omitempty"` //+kubebuilder:default:={requests:{memory:"50Mi",cpu:"100m"},limits:{memory:"100Mi"}} // `resources`, in terms of compute resources, required by this container. - // For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. // +optional Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"` //+kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic //+kubebuilder:default:=info - // `logLevel` for the console plugin backend + // `logLevel` for the console plugin backend. LogLevel string `json:"logLevel,omitempty"` // `autoscaler` [deprecated (*)] spec of a horizontal pod autoscaler to set up for the plugin Deployment. @@ -1094,12 +1092,13 @@ type FlowCollectorConsolePlugin struct { Autoscaler FlowCollectorHPA `json:"autoscaler,omitempty"` //+kubebuilder:default:={enable:true} - // `portNaming` defines the configuration of the port-to-service name translation + // `portNaming` defines the configuration of the port-to-service name translation. PortNaming ConsolePluginPortConfig `json:"portNaming,omitempty"` - //+kubebuilder:default:={{name:"Applications",filter:{"flow_layer":"\"app\""},default:true},{name:"Infrastructure",filter:{"flow_layer":"\"infra\""}},{name:"Pods network",filter:{"src_kind":"\"Pod\"","dst_kind":"\"Pod\""},default:true},{name:"Services network",filter:{"dst_kind":"\"Service\""}}} + //+kubebuilder:default:={{name:"Applications",filter:{"flow_layer":"\"app\""},default:true},{name:"Infrastructure",filter:{"flow_layer":"\"infra\""}},{name:"Pods network",filter:{"src_kind":"\"Pod\"","dst_kind":"\"Pod\""},default:true},{name:"Services network",filter:{"dst_kind":"\"Service\""}},{name:"External ingress",filter:{"src_subnet_label":"\"\",EXT:"}},{name:"External egress",filter:{"dst_subnet_label":"\"\",EXT:"}}} // +optional - // `quickFilters` configures quick filter presets for the Console plugin + // `quickFilters` configures quick filter presets for the Console plugin. + // Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`). QuickFilters []QuickFilter `json:"quickFilters"` // `advanced` allows setting some aspects of the internal configuration of the console plugin. @@ -1447,7 +1446,7 @@ type AdvancedPluginConfig struct { Scheduling *SchedulingConfig `json:"scheduling,omitempty"` } -// `SubnetLabels` allows you to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift. +// `SubnetLabels` allows you to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift. type SubnetLabels struct { // `openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the // OpenShift install configuration and the Cluster Network Operator configuration. Indirectly, this is a way to accurately detect @@ -1455,8 +1454,10 @@ type SubnetLabels struct { //+optional OpenShiftAutoDetect *bool `json:"openShiftAutoDetect,omitempty"` - // `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. - // If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap. + // `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services. + // External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.
+ // If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.
+ // If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.
//+optional CustomLabels []SubnetLabel `json:"customLabels,omitempty"` } diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index f961afdca8..352097ed48 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -3057,7 +3057,7 @@ spec: imagePullPolicy: default: IfNotPresent description: '`imagePullPolicy` is the Kubernetes pull policy - for the image defined above' + for the image defined above.' enum: - IfNotPresent - Always @@ -3065,7 +3065,7 @@ spec: type: string logLevel: default: info - description: '`logLevel` for the console plugin backend' + description: '`logLevel` for the console plugin backend.' enum: - trace - debug @@ -3079,7 +3079,7 @@ spec: default: enable: true description: '`portNaming` defines the configuration of the port-to-service - name translation' + name translation.' properties: enable: default: true @@ -3111,8 +3111,15 @@ spec: - filter: dst_kind: '"Service"' name: Services network - description: '`quickFilters` configures quick filter presets for - the Console plugin' + - filter: + src_subnet_label: '"",EXT:' + name: External ingress + - filter: + dst_subnet_label: '"",EXT:' + name: External egress + description: |- + `quickFilters` configures quick filter presets for the Console plugin. + Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`). items: description: '`QuickFilter` defines preset configuration for Console''s quick filters' @@ -3153,7 +3160,7 @@ spec: memory: 50Mi description: |- `resources`, in terms of compute resources, required by this container. - For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. properties: claims: description: |- @@ -4278,7 +4285,7 @@ spec: properties: addZone: description: |- - `addZone` allows availability zone awareness by labelling flows with their source and destination zones. + `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. type: boolean advanced: @@ -6140,13 +6147,15 @@ spec: type: object subnetLabels: description: |- - `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. + `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. properties: customLabels: description: |- - `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. - If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap. + `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services. + External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.
+ If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.
+ If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.
items: description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web @@ -6295,8 +6304,8 @@ spec: default: Auto description: |- `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
- - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- - Use `Manual` for a manual setup
+ - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.
+ - Use `Manual` for a manual setup.
enum: - Manual - Auto diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index aa476e0080..574e7c79b4 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -121,6 +121,18 @@ metadata: "dst_kind": "\"Service\"" }, "name": "Services network" + }, + { + "filter": { + "src_subnet_label": "\"\",EXT:" + }, + "name": "External ingress" + }, + { + "filter": { + "dst_subnet_label": "\"\",EXT:" + }, + "name": "External egress" } ], "replicas": 1, @@ -227,7 +239,7 @@ metadata: categories: Monitoring, Networking, Observability console.openshift.io/plugins: '["netobserv-plugin"]' containerImage: quay.io/netobserv/network-observability-operator:1.10.0-community - createdAt: "2025-12-15T14:07:54Z" + createdAt: "2026-01-08T08:41:48Z" description: Network flows collector and monitoring solution operatorframework.io/initialization-resource: '{"apiVersion":"flows.netobserv.io/v1beta2", "kind":"FlowCollector","metadata":{"name":"cluster"},"spec": {}}' diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 31997a3eb5..bd99532b48 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -2859,7 +2859,7 @@ spec: type: boolean imagePullPolicy: default: IfNotPresent - description: '`imagePullPolicy` is the Kubernetes pull policy for the image defined above' + description: '`imagePullPolicy` is the Kubernetes pull policy for the image defined above.' enum: - IfNotPresent - Always @@ -2867,7 +2867,7 @@ spec: type: string logLevel: default: info - description: '`logLevel` for the console plugin backend' + description: '`logLevel` for the console plugin backend.' enum: - trace - debug @@ -2880,7 +2880,7 @@ spec: portNaming: default: enable: true - description: '`portNaming` defines the configuration of the port-to-service name translation' + description: '`portNaming` defines the configuration of the port-to-service name translation.' properties: enable: default: true @@ -2911,7 +2911,15 @@ spec: - filter: dst_kind: '"Service"' name: Services network - description: '`quickFilters` configures quick filter presets for the Console plugin' + - filter: + src_subnet_label: '"",EXT:' + name: External ingress + - filter: + dst_subnet_label: '"",EXT:' + name: External egress + description: |- + `quickFilters` configures quick filter presets for the Console plugin. + Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`). items: description: '`QuickFilter` defines preset configuration for Console''s quick filters' properties: @@ -2948,7 +2956,7 @@ spec: memory: 50Mi description: |- `resources`, in terms of compute resources, required by this container. - For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. properties: claims: description: |- @@ -3926,7 +3934,7 @@ spec: properties: addZone: description: |- - `addZone` allows availability zone awareness by labelling flows with their source and destination zones. + `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. type: boolean advanced: @@ -5674,13 +5682,15 @@ spec: type: object subnetLabels: description: |- - `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. + `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. properties: customLabels: description: |- - `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. - If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap. + `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services. + External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.
+ If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.
+ If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.
items: description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. properties: @@ -5804,8 +5814,8 @@ spec: default: Auto description: |- `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
- - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- - Use `Manual` for a manual setup
+ - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.
+ - Use `Manual` for a manual setup.
enum: - Manual - Auto diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml index 9a7a9ebb83..2301b41837 100644 --- a/config/samples/flows_v1beta2_flowcollector.yaml +++ b/config/samples/flows_v1beta2_flowcollector.yaml @@ -219,6 +219,12 @@ spec: - name: Services network filter: dst_kind: '"Service"' + - name: External ingress + filter: + src_subnet_label: '"",EXT:' + - name: External egress + filter: + dst_subnet_label: '"",EXT:' # Custom optionnal resources configuration resources: requests: diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md index f32410c15c..29343dc1e7 100644 --- a/docs/FlowCollector.md +++ b/docs/FlowCollector.md @@ -3023,7 +3023,7 @@ Deprecation notice: managed autoscaler will be removed in a future version. You imagePullPolicy enum - `imagePullPolicy` is the Kubernetes pull policy for the image defined above
+ `imagePullPolicy` is the Kubernetes pull policy for the image defined above.

Enum: IfNotPresent, Always, Never
Default: IfNotPresent
@@ -3033,7 +3033,7 @@ Deprecation notice: managed autoscaler will be removed in a future version. You logLevel enum - `logLevel` for the console plugin backend
+ `logLevel` for the console plugin backend.

Enum: trace, debug, info, warn, error, fatal, panic
Default: info
@@ -3043,7 +3043,7 @@ Deprecation notice: managed autoscaler will be removed in a future version. You portNaming object - `portNaming` defines the configuration of the port-to-service name translation
+ `portNaming` defines the configuration of the port-to-service name translation.

Default: map[enable:true]
@@ -3052,9 +3052,10 @@ Deprecation notice: managed autoscaler will be removed in a future version. You quickFilters []object - `quickFilters` configures quick filter presets for the Console plugin
+ `quickFilters` configures quick filter presets for the Console plugin. +Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`).

- Default: [map[default:true filter:map[flow_layer:"app"] name:Applications] map[filter:map[flow_layer:"infra"] name:Infrastructure] map[default:true filter:map[dst_kind:"Pod" src_kind:"Pod"] name:Pods network] map[filter:map[dst_kind:"Service"] name:Services network]]
+ Default: [map[default:true filter:map[flow_layer:"app"] name:Applications] map[filter:map[flow_layer:"infra"] name:Infrastructure] map[default:true filter:map[dst_kind:"Pod" src_kind:"Pod"] name:Pods network] map[filter:map[dst_kind:"Service"] name:Services network] map[filter:map[src_subnet_label:"",EXT:] name:External ingress] map[filter:map[dst_subnet_label:"",EXT:] name:External egress]]
false @@ -3073,7 +3074,7 @@ Deprecation notice: managed autoscaler will be removed in a future version. You object `resources`, in terms of compute resources, required by this container. -For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.

Default: map[limits:map[memory:100Mi] requests:map[cpu:100m memory:50Mi]]
@@ -5832,7 +5833,7 @@ available.
-`portNaming` defines the configuration of the port-to-service name translation +`portNaming` defines the configuration of the port-to-service name translation. @@ -5912,7 +5913,7 @@ for example, `filter: {"src_namespace": "namespace1,namespace2"}`.
`resources`, in terms of compute resources, required by this container. -For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/.
@@ -8389,7 +8390,7 @@ enriches them, generates metrics, and forwards them to the Loki persistence laye @@ -8549,7 +8550,7 @@ For more information, see https://kubernetes.io/docs/concepts/configuration/mana @@ -12043,7 +12044,7 @@ This setting is ignored if `collectionMode` is different from `AllowList`.
-`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. +`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`.
addZone boolean - `addZone` allows availability zone awareness by labelling flows with their source and destination zones. + `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes.
 falsesubnetLabels object - `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. + `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`.
 false
@@ -12059,8 +12060,10 @@ When a subnet matches the source or destination IP of a flow, a corresponding fi @@ -12158,8 +12161,8 @@ Prometheus querying configuration, such as client settings, used in the Console
customLabels []object - `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. -If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap.
+ `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services. +External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.
+If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.
+If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.

 false
enum `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
-- Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
-- Use `Manual` for a manual setup

+- Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.
+- Use `Manual` for a manual setup.


Enum: Manual, Auto
Default: Auto
diff --git a/helm/crds/flows.netobserv.io_flowcollectors.yaml b/helm/crds/flows.netobserv.io_flowcollectors.yaml index 98b7482dce..fd94ebb66d 100644 --- a/helm/crds/flows.netobserv.io_flowcollectors.yaml +++ b/helm/crds/flows.netobserv.io_flowcollectors.yaml @@ -2863,7 +2863,7 @@ spec: type: boolean imagePullPolicy: default: IfNotPresent - description: '`imagePullPolicy` is the Kubernetes pull policy for the image defined above' + description: '`imagePullPolicy` is the Kubernetes pull policy for the image defined above.' enum: - IfNotPresent - Always @@ -2871,7 +2871,7 @@ spec: type: string logLevel: default: info - description: '`logLevel` for the console plugin backend' + description: '`logLevel` for the console plugin backend.' enum: - trace - debug @@ -2884,7 +2884,7 @@ spec: portNaming: default: enable: true - description: '`portNaming` defines the configuration of the port-to-service name translation' + description: '`portNaming` defines the configuration of the port-to-service name translation.' properties: enable: default: true @@ -2915,7 +2915,15 @@ spec: - filter: dst_kind: '"Service"' name: Services network - description: '`quickFilters` configures quick filter presets for the Console plugin' + - filter: + src_subnet_label: '"",EXT:' + name: External ingress + - filter: + dst_subnet_label: '"",EXT:' + name: External egress + description: |- + `quickFilters` configures quick filter presets for the Console plugin. + Filters for external traffic assume the subnet labels are configured to distinguish internal and external traffic (see `spec.processor.subnetLabels`). items: description: '`QuickFilter` defines preset configuration for Console''s quick filters' properties: @@ -2952,7 +2960,7 @@ spec: memory: 50Mi description: |- `resources`, in terms of compute resources, required by this container. - For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + For more information, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. properties: claims: description: |- @@ -3930,7 +3938,7 @@ spec: properties: addZone: description: |- - `addZone` allows availability zone awareness by labelling flows with their source and destination zones. + `addZone` allows availability zone awareness by labeling flows with their source and destination zones. This feature requires the "topology.kubernetes.io/zone" label to be set on nodes. type: boolean advanced: @@ -5678,13 +5686,15 @@ spec: type: object subnetLabels: description: |- - `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift, which is used to identify cluster external traffic. + `subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labeling of recognized subnets in OpenShift, which is used to identify cluster external traffic. When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`. properties: customLabels: description: |- - `customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. - If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap. + `customLabels` allows you to customize subnets and IPs labeling, such as to identify cluster external workloads or web services. + External subnets must be labeled with the prefix `EXT:`, or not labeled at all, in order to work with default quick filters and some metrics examples provided.
+ If `openShiftAutoDetect` is disabled or you are not using OpenShift, it is recommended to manually configure labels for the cluster subnets, to distinguish internal traffic from external traffic.
+ If `openShiftAutoDetect` is enabled, `customLabels` overrides the detected subnets when they overlap.
items: description: SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services. properties: @@ -5808,8 +5818,8 @@ spec: default: Auto description: |- `mode` must be set according to the type of Prometheus installation that stores NetObserv metrics:
- - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring
- - Use `Manual` for a manual setup
+ - Use `Auto` to try configuring automatically. In OpenShift, it uses the Thanos querier from OpenShift Cluster Monitoring.
+ - Use `Manual` for a manual setup.
enum: - Manual - Auto