Add network flows export support to OpenShift

openshift · Mar 5, 2021 · d2c0846 · d2c0846
1 parent 1ac7415
commit d2c0846
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 0 deletions.
diff --git a/bindata/network/ovn-kubernetes/006-ovs-node.yaml b/bindata/network/ovn-kubernetes/006-ovs-node.yaml
@@ -79,6 +79,17 @@ spec:
             trap quit SIGTERM
             # Don't need to worry about restoring flows; this can only change if we've rebooted
             tail --pid=$BASHPID -F /host/var/log/openvswitch/ovs-vswitchd.log /host/var/log/openvswitch/ovsdb-server.log &
+            {{ if .EnableExportNetworkFlows }}
+            {{ if .EnableNetFlow }}
+            ovs-vsctl -- --id=@netflow create netflow targets={{ .NetFlowCollectors }} -- set bridge br-int netflow=@netflow
+            {{ end }}
+            {{ if .EnableSFlow }}
+            ovs-vsctl -- --id=@sflow create sflow agent=ovn-k8s-mp0 targets={{ .SFlowCollectors }} header=128 sampling=64 polling=10 -- set bridge br-int sflow=@sflow
+            {{ end }}
+            {{ if .EnableIPFIX }}
+            ovs-vsctl -- --id=@ipfix create ipfix targets={{ .IPFIXCollectors }} obs_domain_id=123 obs_point=456 sampling=1 -- set bridge br-int ipfix=@ipfix
+            {{ end }}
+            {{ end }}
             wait
         env:
         - name: OVS_LOG_LEVEL

diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go
@@ -118,6 +118,45 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo
 		data.Data["EnableIPsec"] = false
 	}
 
+	if conf.ExportNetworkFlows != nil {
+		data.Data["EnableExportNetworkFlows"] = true
+		if conf.ExportNetworkFlows.NetFlow != nil {
+			data.Data["EnableNetFlow"] = true
+			collectors := "\\["
+			for _, v := range conf.ExportNetworkFlows.NetFlow {
+				collectors += "\\\"" + v + "\\\"" + ","
+			}
+			collectors = strings.TrimSuffix(collectors, ",") + "\\]"
+			data.Data["NetFlowCollectors"] = collectors
+		} else {
+			data.Data["EnableNetFlow"] = false
+		}
+		if conf.ExportNetworkFlows.SFlow != nil {
+			data.Data["EnableSFlow"] = true
+			collectors := "\\["
+			for _, v := range conf.ExportNetworkFlows.SFlow {
+				collectors += "\\\"" + v + "\\\"" + ","
+			}
+			collectors = strings.TrimSuffix(collectors, ",") + "\\]"
+			data.Data["SFlowCollectors"] = collectors
+		} else {
+			data.Data["EnableSFlow"] = false
+		}
+		if conf.ExportNetworkFlows.IPFIX != nil {
+			data.Data["EnableIPFIX"] = true
+			collectors := "\\["
+			for _, v := range conf.ExportNetworkFlows.IPFIX {
+				collectors += "\\\"" + v + "\\\"" + ","
+			}
+			collectors = strings.TrimSuffix(collectors, ",") + "\\]"
+			data.Data["IPFIXCollectors"] = collectors
+		} else {
+			data.Data["EnableIPFIX"] = false
+		}
+	} else {
+		data.Data["EnableExportNetworkFlows"] = false
+	}
+
 	manifests, err := render.RenderDir(filepath.Join(manifestDir, "network/ovn-kubernetes"), &data)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to render manifests")

diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml
diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go