diff --git a/bindata/network/ovn-kubernetes/006-ovs-node.yaml b/bindata/network/ovn-kubernetes/006-ovs-node.yaml index 55f1abe67d..744c2c6bb7 100644 --- a/bindata/network/ovn-kubernetes/006-ovs-node.yaml +++ b/bindata/network/ovn-kubernetes/006-ovs-node.yaml @@ -79,6 +79,17 @@ spec: trap quit SIGTERM # Don't need to worry about restoring flows; this can only change if we've rebooted tail --pid=$BASHPID -F /host/var/log/openvswitch/ovs-vswitchd.log /host/var/log/openvswitch/ovsdb-server.log & + {{ if .EnableExportNetworkFlows }} + {{ if .EnableNetFlow }} + ovs-vsctl -- --id=@netflow create netflow targets={{ .NetFlowCollectors }} -- set bridge br-int netflow=@netflow + {{ end }} + {{ if .EnableSFlow }} + ovs-vsctl -- --id=@sflow create sflow agent=ovn-k8s-mp0 targets={{ .SFlowCollectors }} header=128 sampling=64 polling=10 -- set bridge br-int sflow=@sflow + {{ end }} + {{ if .EnableIPFIX }} + ovs-vsctl -- --id=@ipfix create ipfix targets={{ .IPFIXCollectors }} obs_domain_id=123 obs_point=456 sampling=1 -- set bridge br-int ipfix=@ipfix + {{ end }} + {{ end }} wait env: - name: OVS_LOG_LEVEL diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go index 77a08fe171..57a8d0067f 100644 --- a/pkg/network/ovn_kubernetes.go +++ b/pkg/network/ovn_kubernetes.go @@ -118,6 +118,45 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo data.Data["EnableIPsec"] = false } + if conf.ExportNetworkFlows != nil { + data.Data["EnableExportNetworkFlows"] = true + if conf.ExportNetworkFlows.NetFlow != nil { + data.Data["EnableNetFlow"] = true + collectors := "\\[" + for _, v := range conf.ExportNetworkFlows.NetFlow { + collectors += "\\\"" + v + "\\\"" + "," + } + collectors = strings.TrimSuffix(collectors, ",") + "\\]" + data.Data["NetFlowCollectors"] = collectors + } else { + data.Data["EnableNetFlow"] = false + } + if conf.ExportNetworkFlows.SFlow != nil { + data.Data["EnableSFlow"] = true + collectors := "\\[" + for _, v := range conf.ExportNetworkFlows.SFlow { + collectors += "\\\"" + v + "\\\"" + "," + } + collectors = strings.TrimSuffix(collectors, ",") + "\\]" + data.Data["SFlowCollectors"] = collectors + } else { + data.Data["EnableSFlow"] = false + } + if conf.ExportNetworkFlows.IPFIX != nil { + data.Data["EnableIPFIX"] = true + collectors := "\\[" + for _, v := range conf.ExportNetworkFlows.IPFIX { + collectors += "\\\"" + v + "\\\"" + "," + } + collectors = strings.TrimSuffix(collectors, ",") + "\\]" + data.Data["IPFIXCollectors"] = collectors + } else { + data.Data["EnableIPFIX"] = false + } + } else { + data.Data["EnableExportNetworkFlows"] = false + } + manifests, err := render.RenderDir(filepath.Join(manifestDir, "network/ovn-kubernetes"), &data) if err != nil { return nil, errors.Wrap(err, "failed to render manifests") diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml index d3d2b7279b..3263e5a244 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml @@ -355,6 +355,32 @@ spec: additional load of the pods performing the checks. type: boolean default: false + exportNetworkFlows: + description: exportNetworkFlows enables and configures the export + of network flows from OVS by using protocols netFlow, sFlow or ipfix. + type: object + properties: + ipfix: + description: ipfix defines the ipfix collectors that will consume + the flow data exported from OVS. It is a list of strings formatted + as ip:port + type: array + items: + type: string + netFlow: + description: netFlow defines the netFlow collectors that will + consume the flow data exported from OVS. It is a list of strings + formatted as ip:port + type: array + items: + type: string + sFlow: + description: sFlow defines the sFlow collectors that will consume + the flow data exported from OVS. It is a list of strings formatted + as ip:port + type: array + items: + type: string kubeProxyConfig: description: kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index ef022dc554..f714e38662 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -80,6 +80,11 @@ type NetworkSpec struct { // If not specified, sensible defaults will be chosen by OpenShift directly. // Not consumed by all network providers - currently only openshift-sdn. KubeProxyConfig *ProxyConfig `json:"kubeProxyConfig,omitempty"` + + // exportNetworkFlows enables and configures the export of network flows from OVS + // by using protocols netFlow, sFlow or ipfix. + // +optional + ExportNetworkFlows *ExportNetworkFlows `json:"exportNetworkFlows,omitempty"` } // ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size @@ -339,6 +344,21 @@ type HybridOverlayConfig struct { type IPsecConfig struct { } +type ExportNetworkFlows struct { + // netFlow defines the netFlow collectors that will consume the flow data exported from OVS. + // It is a list of strings formatted as ip:port + // +optional + NetFlow []string `json:"netFlow,omitempty"` + // sFlow defines the sFlow collectors that will consume the flow data exported from OVS. + // It is a list of strings formatted as ip:port + // +optional + SFlow []string `json:"sFlow,omitempty"` + // ipfix defines the ipfix collectors that will consume the flow data exported from OVS. + // It is a list of strings formatted as ip:port + // +optional + IPFIX []string `json:"ipfix,omitempty"` +} + // NetworkType describes the network plugin type to configure type NetworkType string