diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf index 31adec219fc..dc0a7faea3c 100644 --- a/build/charts/antrea/conf/antrea-agent.conf +++ b/build/charts/antrea/conf/antrea-agent.conf @@ -195,42 +195,43 @@ enablePrometheusMetrics: {{ .Values.agent.enablePrometheusMetrics }} flowExporter: - {{- with .Values.flowExporter }} - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: {{ .enable }} - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: {{ .collectorAddr | quote }} - - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: {{ .flowPollInterval | quote }} - - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: {{ .activeFlowExportTimeout | quote }} - - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: {{ .idleFlowExportTimeout | quote }} + {{- with .Values.flowExporter }} + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: {{ .enable }} + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: {{ .flowCollectorAddr | quote }} + + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: {{ .flowPollInterval | quote }} + + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: {{ .activeFlowExportTimeout | quote }} + + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: {{ .idleFlowExportTimeout | quote }} {{- end }} nodePortLocal: diff --git a/build/charts/antrea/values.yaml b/build/charts/antrea/values.yaml index 0329fb757eb..76d01ec2568 100644 --- a/build/charts/antrea/values.yaml +++ b/build/charts/antrea/values.yaml @@ -304,7 +304,7 @@ flowExporter: # -- IPFIX collector address as a string with format :[][:]. # If the collector is running in-cluster as a Service, set to # /. - collectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" # -- Determines how often the flow exporter polls for new connections. flowPollInterval: "5s" # -- timeout after which a flow record is sent to the collector for active diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 94e39c6f92b..e8b2d22073e 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -3161,41 +3161,42 @@ data: flowExporter: - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: false - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: false + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: "5s" + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: "5s" + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: "15s" + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To @@ -4370,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: a448b6d172f99933df9532bca27017c1e04d3db4a35170987ef4b0a8ca5987ed + checksum/config: abf7cb1c21b730664510e8a762d967df5c620467f12bf3e0bae41df73489de65 labels: app: antrea component: antrea-agent @@ -4611,7 +4612,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: a448b6d172f99933df9532bca27017c1e04d3db4a35170987ef4b0a8ca5987ed + checksum/config: abf7cb1c21b730664510e8a762d967df5c620467f12bf3e0bae41df73489de65 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index f9532232b17..116ebf97b44 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -3161,41 +3161,42 @@ data: flowExporter: - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: false - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: false + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: "5s" + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: "5s" + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: "15s" + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To @@ -4370,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: a448b6d172f99933df9532bca27017c1e04d3db4a35170987ef4b0a8ca5987ed + checksum/config: abf7cb1c21b730664510e8a762d967df5c620467f12bf3e0bae41df73489de65 labels: app: antrea component: antrea-agent @@ -4612,7 +4613,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: a448b6d172f99933df9532bca27017c1e04d3db4a35170987ef4b0a8ca5987ed + checksum/config: abf7cb1c21b730664510e8a762d967df5c620467f12bf3e0bae41df73489de65 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 27d40db39b0..68470ecebeb 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -3161,41 +3161,42 @@ data: flowExporter: - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: false - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: false + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: "5s" + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: "5s" + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: "15s" + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To @@ -4370,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b77d432f6df7be7c7de8aa05913a00d35b1ecef0e7102adb755065a158b4b9f1 + checksum/config: e119a0592b2cef130a915258e9f23a8e4ed0aa28685841dc6f0d4b72a6983beb labels: app: antrea component: antrea-agent @@ -4609,7 +4610,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b77d432f6df7be7c7de8aa05913a00d35b1ecef0e7102adb755065a158b4b9f1 + checksum/config: e119a0592b2cef130a915258e9f23a8e4ed0aa28685841dc6f0d4b72a6983beb labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 1b19d9739de..72b5ae5ba17 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -3174,41 +3174,42 @@ data: flowExporter: - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: false - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: false + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: "5s" + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: "5s" + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: "15s" + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To @@ -4383,7 +4384,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f96d5c0388e998da590fef16b2238a2723d2ada6cabe1886e26aba456b123eb6 + checksum/config: 373bbb8d6a42a8f3e546ea446fd078c04e947093e68e0c1c973f4c696bf8d607 checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4 labels: app: antrea @@ -4668,7 +4669,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: f96d5c0388e998da590fef16b2238a2723d2ada6cabe1886e26aba456b123eb6 + checksum/config: 373bbb8d6a42a8f3e546ea446fd078c04e947093e68e0c1c973f4c696bf8d607 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 7d4fbb51dfc..f3f18f3a3a3 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -3161,41 +3161,42 @@ data: flowExporter: - # Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - # to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - # FlowExporter feature gate is also enabled. - enable: false - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: false + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - flowPollInterval: "5s" + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - activeFlowExportTimeout: "5s" + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - idleFlowExportTimeout: "15s" + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To @@ -4370,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d45a312b855d02ab4273dd36cfaa94425eb85155ab1eeb7db0a0cfc8fed42bdb + checksum/config: 7e1d1a60a99fdbe25ff10b92e85ff234a5769c02bd9ae0ead56a3fe0a8ad118d labels: app: antrea component: antrea-agent @@ -4609,7 +4610,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d45a312b855d02ab4273dd36cfaa94425eb85155ab1eeb7db0a0cfc8fed42bdb + checksum/config: 7e1d1a60a99fdbe25ff10b92e85ff234a5769c02bd9ae0ead56a3fe0a8ad118d labels: app: antrea component: antrea-controller diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go index dc726ad3047..5dce409deb3 100644 --- a/cmd/antrea-agent/options.go +++ b/cmd/antrea-agent/options.go @@ -399,28 +399,28 @@ func (o *Options) setK8sNodeDefaultOptions() { if o.config.FlowExporter.FlowCollectorAddr == "" { o.config.FlowExporter.FlowCollectorAddr = defaultFlowCollectorAddress if o.config.FlowCollectorAddr != "" { - klog.InfoS("The FlowCollectorAddr option is deprecated, please use flowExporter.FlowCollectorAddr instead") + klog.InfoS("The flowCollectorAddr option is deprecated, please use flowExporter.flowCollectorAddr instead") o.config.FlowExporter.FlowCollectorAddr = o.config.FlowCollectorAddr } } if o.config.FlowExporter.FlowPollInterval == "" { o.config.FlowExporter.FlowPollInterval = defaultFlowPollInterval if o.config.FlowPollInterval != "" { - klog.InfoS("The FlowPollInterval option is deprecated, please use flowExporter.FlowPollInterval instead") + klog.InfoS("The flowPollInterval option is deprecated, please use flowExporter.flowPollInterval instead") o.config.FlowExporter.FlowPollInterval = o.config.FlowPollInterval } } if o.config.FlowExporter.ActiveFlowExportTimeout == "" { o.config.FlowExporter.ActiveFlowExportTimeout = defaultActiveFlowExportTimeout if o.config.ActiveFlowExportTimeout != "" { - klog.InfoS("The ActiveFlowExportTimeout option is deprecated, please use flowExporter.ActiveFlowExportTimeout instead") + klog.InfoS("The activeFlowExportTimeout option is deprecated, please use flowExporter.activeFlowExportTimeout instead") o.config.FlowExporter.ActiveFlowExportTimeout = o.config.ActiveFlowExportTimeout } } if o.config.FlowExporter.IdleFlowExportTimeout == "" { o.config.FlowExporter.IdleFlowExportTimeout = defaultIdleFlowExportTimeout if o.config.IdleFlowExportTimeout != "" { - klog.InfoS("The IdleFlowExportTimeout option is deprecated, please use flowExporter.IdleFlowExportTimeout instead") + klog.InfoS("The idleFlowExportTimeout option is deprecated, please use flowExporter.idleFlowExportTimeout instead") o.config.FlowExporter.IdleFlowExportTimeout = o.config.IdleFlowExportTimeout } } diff --git a/docs/network-flow-visibility.md b/docs/network-flow-visibility.md index c7960d58b2b..21ccbd623a9 100644 --- a/docs/network-flow-visibility.md +++ b/docs/network-flow-visibility.md @@ -6,6 +6,7 @@ - [Overview](#overview) - [Flow Exporter](#flow-exporter) - [Configuration](#configuration) + - [Configuration pre Antrea v1.12.0](#configuration-pre-antrea-v1120) - [IPFIX Information Elements (IEs) in a Flow Record](#ipfix-information-elements-ies-in-a-flow-record) - [IEs from IANA-assigned IE Registry](#ies-from-iana-assigned-ie-registry) - [IEs from Reverse IANA-assigned IE Registry](#ies-from-reverse-iana-assigned-ie-registry) @@ -61,8 +62,11 @@ library. ### Configuration -To enable the Flow Exporter feature at the Antrea Agent, the following config -parameters have to be set in the Antrea Agent ConfigMap: +In addition to enabling the Flow Exporter feature gate (if needed), you need to +ensure that the `flowExporter.enable` flag is set to true in the Antrea Agent +configuration. + +your `antrea-agent` ConfigMap should look like this: ```yaml antrea-agent.conf: | @@ -71,49 +75,66 @@ parameters have to be set in the Antrea Agent ConfigMap: # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. FlowExporter: true - # Provide the IPFIX collector address as a string with format :[][:]. - # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If - # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be - # wrapped with []. When the collector is running in-cluster as a Service, set - # to /. For example, - # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea - # Flow Aggregator Service. - # If PORT is empty, we default to 4739, the standard IPFIX port. - # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and - # "udp" protocols. "tls" is used for securing communication between flow exporter and - # flow aggregator. - #flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - - # Provide flow poll interval as a duration string. This determines how often the - # flow exporter dumps connections from the conntrack module. Flow poll interval - # should be greater than or equal to 1s (one second). - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - #flowPollInterval: "5s" - - # Provide the active flow export timeout, which is the timeout after which a flow - # record is sent to the collector for active flows. Thus, for flows with a continuous - # stream of packets, a flow record will be exported to the collector once the elapsed - # time since the last export event is equal to the value of this timeout. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - #activeFlowExportTimeout: "60s" - - # Provide the idle flow export timeout, which is the timeout after which a flow - # record is sent to the collector for idle flows. A flow is considered idle if no - # packet matching this flow has been observed since the last export event. - # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - #idleFlowExportTimeout: "15s" + flowExporter: + # Enable FlowExporter, a feature used to export polled conntrack connections as + # IPFIX flow records from each agent to a configured collector. To enable this + # feature, you need to set "enable" to true, and ensure that the FlowExporter + # feature gate is also enabled. + enable: true + # Provide the IPFIX collector address as a string with format :[][:]. + # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If + # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be + # wrapped with []. When the collector is running in-cluster as a Service, set + # to /. For example, + # "flow-aggregator/flow-aggregator" can be provided to connect to the Antrea + # Flow Aggregator Service. + # If PORT is empty, we default to 4739, the standard IPFIX port. + # If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and + # "udp" protocols. "tls" is used for securing communication between flow exporter and + # flow aggregator. + flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" + + # Provide flow poll interval as a duration string. This determines how often the + # flow exporter dumps connections from the conntrack module. Flow poll interval + # should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + flowPollInterval: "5s" + + # Provide the active flow export timeout, which is the timeout after which a flow + # record is sent to the collector for active flows. Thus, for flows with a continuous + # stream of packets, a flow record will be exported to the collector once the elapsed + # time since the last export event is equal to the value of this timeout. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + activeFlowExportTimeout: "5s" + + # Provide the idle flow export timeout, which is the timeout after which a flow + # record is sent to the collector for idle flows. A flow is considered idle if no + # packet matching this flow has been observed since the last export event. + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + idleFlowExportTimeout: "15s" ``` -Please note that the default value for `flowCollectorAddr` is `"flow-aggregator/flow-aggregator:4739:tls"`, -which enables the Flow Exporter to connect the Flow Aggregator Service, assuming it is running in -the same K8 cluster with the Name and Namespace set to `flow-aggregator`. If you deploy the Flow -Aggregator Service with a different Name and Namespace, then set `flowCollectorAddr` appropriately. +Please note that the default value for `flowExporter.flowCollectorAddr` is +`"flow-aggregator/flow-aggregator:4739:tls"`, which enables the Flow Exporter to connect +the Flow Aggregator Service, assuming it is running in the same K8 cluster with the Name +and Namespace set to `flow-aggregator`. If you deploy the Flow Aggregator Service with +a different Name and Namespace, then set `flowExporter.flowCollectorAddr` appropriately. Please note that the default values for -`flowPollInterval`, `activeFlowExportTimeout`, and `idleFlowExportTimeout` parameters are set to 5s, 60s, and 15s, respectively. +`flowExporter.flowPollInterval`, `flowExporter.activeFlowExportTimeout`, and +`flowExporter.idleFlowExportTimeout` parameters are set to 5s, 5s, and 15s, respectively. TLS communication between the Flow Exporter and the Flow Aggregator is enabled by default. Please modify them as per your requirements. +#### Configuration pre Antrea v1.12.0 + +Prior to the Antrea v1.12.0 release, the `flowExporter` option group in the +Antrea Agent configuration did not exist. To enable the Flow Exporter feature, +one simply needed to enable the feature gate, and the Flow Exporter related +configuration could be configured using (now deprecated) `flowCollectorAddr`, +`flowPollInterval`, `activeFlowExportTimeout`, `idleFlowExportTimeout` +parameters. + ### IPFIX Information Elements (IEs) in a Flow Record There are 34 IPFIX IEs in each exported flow record, which are defined in the diff --git a/pkg/config/agent/config.go b/pkg/config/agent/config.go index e01582e90b4..2ad10cf47b3 100644 --- a/pkg/config/agent/config.go +++ b/pkg/config/agent/config.go @@ -238,9 +238,10 @@ type NodePortLocalConfig struct { } type FlowExporterConfig struct { - // Enable FlowExporter, a feature used to export polled conntrack connections as IPFIX flow records from each agent - // to a configured collector. To enable this feature, you need to set "enable" to true, and ensure that the - // FlowExporter feature gate is also enabled. + // Enable FlowExporter, a feature used to export polled conntrack connections as + // IPFIX flow records from each agent to a configured collector. To enable this + // feature, you need to set "enable" to true, and ensure that the FlowExporter + // feature gate is also enabled. Enable bool `yaml:"enable,omitempty"` // Provide the IPFIX collector address as a string with format :[][:]. // HOST can either be the DNS name, IP, or Service name of the Flow Collector. If