netobserv · jotak · Mar 5, 2026
diff --git a/api/flowcollector/v1beta2/flowcollector_types.go b/api/flowcollector/v1beta2/flowcollector_types.go
@@ -1392,6 +1392,7 @@ type AdvancedProcessorConfig struct {
 	// Defines secondary networks to be checked for resources identification.
 	// To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
 	// If the same index is used by several resources, those resources might be incorrectly labeled.
+	// If not provided and `spec.agent.ebpf.privileged` is `true`, secondary networks are detected automatically.
 	// +optional
 	SecondaryNetworks []SecondaryNetwork `json:"secondaryNetworks,omitempty"`
 }
@@ -1407,8 +1408,8 @@ const (
 )
 
 type SecondaryNetwork struct {
-	// `name` should match the network name as visible in the pods annotation 'k8s.v1.cni.cncf.io/network-status'.
-	// +kubebuilder:validation:Required
+	// Deprecated: `name` is unused.
+	// +optional
 	Name string `json:"name,omitempty"`
 
 	// `index` is a list of fields to use for indexing the pods. They should form a unique Pod identifier across the cluster.

diff --git a/api/flowcollector/v1beta2/helper.go b/api/flowcollector/v1beta2/helper.go
@@ -149,8 +149,18 @@ func (spec *FlowCollectorFLP) IsSubnetLabelsEnabled() bool {
 	return spec.HasAutoDetectOpenShiftNetworks() || len(spec.SubnetLabels.CustomLabels) > 0
 }
 
-func (spec *FlowCollectorFLP) HasSecondaryIndexes() bool {
-	return spec.Advanced != nil && len(spec.Advanced.SecondaryNetworks) > 0
+func (spec *FlowCollectorSpec) GetSecondaryIndexes() []SecondaryNetwork {
+	if spec.Processor.Advanced != nil && len(spec.Processor.Advanced.SecondaryNetworks) > 0 {
+		return spec.Processor.Advanced.SecondaryNetworks
+	}
+	if spec.Agent.EBPF.Privileged {
+		// Turn-on auto-detection in FLP by interface+MAC or interface+IP
+		return []SecondaryNetwork{
+			{Index: []SecondaryNetworkIndex{SecondaryNetworkIndexByInterface, SecondaryNetworkIndexByIP}},
+			{Index: []SecondaryNetworkIndex{SecondaryNetworkIndexByInterface, SecondaryNetworkIndexByMAC}},
+		}
+	}
+	return nil
 }
 
 func (spec *FlowCollectorFLP) HasAutoDetectOpenShiftNetworks() bool {

diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -5374,6 +5374,7 @@ spec:
                           Defines secondary networks to be checked for resources identification.
                           To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
                           If the same index is used by several resources, those resources might be incorrectly labeled.
+                          If not provided and `spec.agent.ebpf.privileged` is `true`, secondary networks are detected automatically.
                         items:
                           properties:
                             index:
@@ -5392,12 +5393,10 @@ spec:
                                 type: string
                               type: array
                             name:
-                              description: '`name` should match the network name as
-                                visible in the pods annotation ''k8s.v1.cni.cncf.io/network-status''.'
+                              description: 'Deprecated: `name` is unused.'
                               type: string
                           required:
                           - index
-                          - name
                           type: object
                         type: array
                     type: object

diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -4959,6 +4959,7 @@ spec:
                             Defines secondary networks to be checked for resources identification.
                             To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
                             If the same index is used by several resources, those resources might be incorrectly labeled.
+                            If not provided and `spec.agent.ebpf.privileged` is `true`, secondary networks are detected automatically.
                           items:
                             properties:
                               index:
@@ -4975,11 +4976,10 @@ spec:
                                   type: string
                                 type: array
                               name:
-                                description: '`name` should match the network name as visible in the pods annotation ''k8s.v1.cni.cncf.io/network-status''.'
+                                description: 'Deprecated: `name` is unused.'
                                 type: string
                             required:
                               - index
-                              - name
                             type: object
                           type: array
                       type: object

diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md
@@ -8724,7 +8724,8 @@ By convention, some values are forbidden. It must be greater than 1024 and diffe
         <td>
           Defines secondary networks to be checked for resources identification.
 To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
-If the same index is used by several resources, those resources might be incorrectly labeled.<br/>
+If the same index is used by several resources, those resources might be incorrectly labeled.
+If not provided and `spec.agent.ebpf.privileged` is `true`, secondary networks are detected automatically.<br/>
         </td>
         <td>false</td>
       </tr></tbody>
@@ -10500,9 +10501,9 @@ Fields absent from the 'k8s.v1.cni.cncf.io/network-status' annotation must not b
         <td><b>name</b></td>
         <td>string</td>
         <td>
-          `name` should match the network name as visible in the pods annotation 'k8s.v1.cni.cncf.io/network-status'.<br/>
+          Deprecated: `name` is unused.<br/>
         </td>
-        <td>true</td>
+        <td>false</td>
       </tr></tbody>
 </table>
 

diff --git a/helm/crds/flows.netobserv.io_flowcollectors.yaml b/helm/crds/flows.netobserv.io_flowcollectors.yaml
@@ -4963,6 +4963,7 @@ spec:
                             Defines secondary networks to be checked for resources identification.
                             To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
                             If the same index is used by several resources, those resources might be incorrectly labeled.
+                            If not provided and `spec.agent.ebpf.privileged` is `true`, secondary networks are detected automatically.
                           items:
                             properties:
                               index:
@@ -4979,11 +4980,10 @@ spec:
                                   type: string
                                 type: array
                               name:
-                                description: '`name` should match the network name as visible in the pods annotation ''k8s.v1.cni.cncf.io/network-status''.'
+                                description: 'Deprecated: `name` is unused.'
                                 type: string
                             required:
                               - index
-                              - name
                             type: object
                           type: array
                       type: object

diff --git a/internal/controller/consoleplugin/consoleplugin_objects.go b/internal/controller/consoleplugin/consoleplugin_objects.go
@@ -478,7 +478,7 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
 		fconf.Features = append(fconf.Features, "udnMapping")
 	}
 
-	if b.desired.Agent.EBPF.IsUDNMappingEnabled() || b.desired.Processor.HasSecondaryIndexes() {
+	if b.desired.Agent.EBPF.IsUDNMappingEnabled() || len(b.desired.GetSecondaryIndexes()) > 0 {
 		fconf.Features = append(fconf.Features, "multiNetworks")
 	}
 

diff --git a/internal/controller/flp/flp_pipeline_builder.go b/internal/controller/flp/flp_pipeline_builder.go
@@ -177,17 +177,12 @@ func (b *PipelineBuilder) addEnrichStage(previous config.PipelineBuilderStage) c
 
 	// Propagate 2dary networks config
 	var secondaryNetworks []api.SecondaryNetwork
-	if b.desired.Processor.Advanced != nil && len(b.desired.Processor.Advanced.SecondaryNetworks) > 0 {
-		for _, sn := range b.desired.Processor.Advanced.SecondaryNetworks {
-			flpSN := api.SecondaryNetwork{
-				Name:  sn.Name,
-				Index: map[string]any{},
-			}
-			for _, index := range sn.Index {
-				flpSN.Index[strings.ToLower(string(index))] = nil
-			}
-			secondaryNetworks = append(secondaryNetworks, flpSN)
+	for _, sn := range b.desired.GetSecondaryIndexes() {
+		flpSN := api.SecondaryNetwork{Index: map[string]any{}}
+		for _, index := range sn.Index {
+			flpSN.Index[strings.ToLower(string(index))] = nil
 		}
+		secondaryNetworks = append(secondaryNetworks, flpSN)
 	}
 	if b.desired.Agent.EBPF.IsUDNMappingEnabled() {
 		secondaryNetworks = append(secondaryNetworks, api.SecondaryNetwork{