diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go
index 7ddfd5c7b..f6de0a238 100644
--- a/apis/flowcollector/v1beta1/flowcollector_types.go
+++ b/apis/flowcollector/v1beta1/flowcollector_types.go
@@ -154,7 +154,8 @@ type FlowCollectorIPFIX struct {
// - `NetworkEvents`, to track Network events.
// - `PacketTranslation`, to enrich flows with packets translation information.
// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
+// - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
type AgentFeature string
const (
@@ -164,6 +165,7 @@ const (
NetworkEvents AgentFeature = "NetworkEvents"
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
+ UDNMapping AgentFeature = "UDNMapping"
)
// Name of an eBPF agent alert.
@@ -358,6 +360,7 @@ type FlowCollectorEBPF struct {
// the kernel debug filesystem, so the eBPF pod has to run as privileged.
// - `PacketTranslation`: enable enriching flows with packet's translation information.
// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ // - `UDNMapping`, to enable interfaces mappind to udn.
// +optional
Features []AgentFeature `json:"features,omitempty"`
diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go
index 02057da06..f8a53b6d4 100644
--- a/apis/flowcollector/v1beta2/flowcollector_types.go
+++ b/apis/flowcollector/v1beta2/flowcollector_types.go
@@ -177,7 +177,8 @@ type FlowCollectorIPFIX struct {
// - `NetworkEvents`, to track Network events [Developer Preview].
// - `PacketTranslation`, to enrich flows with packets translation information.
// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
+// - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
type AgentFeature string
const (
@@ -187,6 +188,7 @@ const (
NetworkEvents AgentFeature = "NetworkEvents"
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
+ UDNMapping AgentFeature = "UDNMapping"
)
// Name of an eBPF agent alert.
@@ -384,6 +386,10 @@ type FlowCollectorEBPF struct {
// - `PacketTranslation`: enable enriching flows with packet's translation information.
// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
// IMPORTANT: This feature is available as a Developer Preview.
+ // - `UDNMapping`, to enable interfaces mappind to udn.
+ // This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+ // It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ // IMPORTANT: This feature is available as a Developer Preview.
// +optional
Features []AgentFeature `json:"features,omitempty"`
diff --git a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
index d8e5e295c..db107c19a 100644
--- a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
+++ b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
@@ -105,6 +105,9 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollector) (adm
if slices.Contains(fc.Spec.Agent.EBPF.Features, EbpfManager) && !fc.Spec.Agent.EBPF.Privileged {
warnings = append(warnings, "The BPF Manager feature requires eBPF Agent to run in privileged mode")
}
+ if slices.Contains(fc.Spec.Agent.EBPF.Features, UDNMapping) && !fc.Spec.Agent.EBPF.Privileged {
+ warnings = append(warnings, "The UDNMapping feature requires eBPF Agent to run in privileged mode")
+ }
var errs []error
if fc.Spec.Agent.EBPF.FlowFilter != nil && fc.Spec.Agent.EBPF.FlowFilter.Enable != nil && *fc.Spec.Agent.EBPF.FlowFilter.Enable {
m := make(map[string]bool)
diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
index 7f6791517..df3c4d317 100644
--- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
+++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -137,6 +137,7 @@ spec:
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ - `UDNMapping`, to enable interfaces mappind to udn.
items:
description: |-
Agent feature, can be one of:
@@ -146,6 +147,7 @@ spec:
- `NetworkEvents`, to track Network events.
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+ - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
enum:
- PacketDrop
- DNSTracking
@@ -153,6 +155,7 @@ spec:
- NetworkEvents
- PacketTranslation
- EbpfManager
+ - UDNMapping
type: string
type: array
flowFilter:
@@ -3949,6 +3952,10 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
IMPORTANT: This feature is available as a Developer Preview.
+ - `UDNMapping`, to enable interfaces mappind to udn.
+ This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+ It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ IMPORTANT: This feature is available as a Developer Preview.
items:
description: |-
Agent feature, can be one of:
@@ -3958,6 +3965,7 @@ spec:
- `NetworkEvents`, to track Network events [Developer Preview].
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+ - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
enum:
- PacketDrop
- DNSTracking
@@ -3965,6 +3973,7 @@ spec:
- NetworkEvents
- PacketTranslation
- EbpfManager
+ - UDNMapping
type: string
type: array
flowFilter:
diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
index 6e348b6f8..470d11d19 100644
--- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
+++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -122,6 +122,7 @@ spec:
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ - `UDNMapping`, to enable interfaces mappind to udn.
items:
description: |-
Agent feature, can be one of:
@@ -131,6 +132,7 @@ spec:
- `NetworkEvents`, to track Network events.
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+ - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
enum:
- PacketDrop
- DNSTracking
@@ -138,6 +140,7 @@ spec:
- NetworkEvents
- PacketTranslation
- EbpfManager
+ - UDNMapping
type: string
type: array
flowFilter:
@@ -3631,6 +3634,10 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
IMPORTANT: This feature is available as a Developer Preview.
+ - `UDNMapping`, to enable interfaces mappind to udn.
+ This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+ It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ IMPORTANT: This feature is available as a Developer Preview.
items:
description: |-
Agent feature, can be one of:
@@ -3640,6 +3647,7 @@ spec:
- `NetworkEvents`, to track Network events [Developer Preview].
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+ - `UDNMapping`, to enable interfaces mappind to udn [Developer Preview].
enum:
- PacketDrop
- DNSTracking
@@ -3647,6 +3655,7 @@ spec:
- NetworkEvents
- PacketTranslation
- EbpfManager
+ - UDNMapping
type: string
type: array
flowFilter:
diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml
index 31df2805f..d1ee11d5f 100644
--- a/config/samples/flows_v1beta2_flowcollector.yaml
+++ b/config/samples/flows_v1beta2_flowcollector.yaml
@@ -25,6 +25,7 @@ spec:
# - "NetworkEvents"
# - "PacketTranslation"
# - "EbpfManager"
+ # - "UDNMapping"
interfaces: []
excludeInterfaces: ["lo"]
kafkaBatchSize: 1048576
diff --git a/controllers/consoleplugin/config/static-frontend-config.yaml b/controllers/consoleplugin/config/static-frontend-config.yaml
index a4f26afbe..674621960 100644
--- a/controllers/consoleplugin/config/static-frontend-config.yaml
+++ b/controllers/consoleplugin/config/static-frontend-config.yaml
@@ -437,6 +437,13 @@ columns:
filter: ifdirections
default: false
width: 10
+ - id: Udns
+ name: UDN labels
+ field: Udns
+ filter: udns
+ default: true
+ width: 10
+ feature: udnMapping
- id: FlowDirInts
name: Interfaces and Directions
tooltip: Pairs of network interface and direction of the Flow observed at the network interface observation point.
@@ -955,6 +962,8 @@ filters:
name: User Defined Network
component: autocomplete
hint: Specify a user defined network name.
+ - id: udns
+ name: interface assigned udn label
- id: id
name: Conversation Id
component: text
@@ -1296,6 +1305,9 @@ fields:
- name: Interfaces
type: string
description: Network interfaces
+ - name: Udns
+ type: string
+ description: Network interfaces UDNs mapping
- name: Flags
type: string
description: |
diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
index d928c3c73..dc1a278df 100644
--- a/controllers/consoleplugin/consoleplugin_objects.go
+++ b/controllers/consoleplugin/consoleplugin_objects.go
@@ -462,6 +462,10 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
fconf.Features = append(fconf.Features, "packetTranslation")
}
+ if helper.IsUDNMappingEnabled(&b.desired.Agent.EBPF) {
+ fconf.Features = append(fconf.Features, "udnMapping")
+ }
+
if b.desired.Agent.EBPF.Advanced != nil {
if v, ok := b.desired.Agent.EBPF.Advanced.Env[ebpf.EnvDedupeJustMark]; ok {
dedupJustMark, err = strconv.ParseBool(v)
diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
index b52ec2af4..3ec6fa3ad 100644
--- a/controllers/ebpf/agent_controller.go
+++ b/controllers/ebpf/agent_controller.go
@@ -69,6 +69,7 @@ const (
envFilterRules = "FLOW_FILTER_RULES"
envEnablePacketTranslation = "ENABLE_PKT_TRANSLATION"
envEnableEbpfMgr = "EBPF_PROGRAM_MANAGER_MODE"
+ envEnableUDNMapping = "ENABLE_UDN_MAPPING"
envListSeparator = ","
)
@@ -319,7 +320,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
}
}
- if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) {
+ if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) ||
+ helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.UDNMapping) {
if !coll.Spec.Agent.EBPF.Privileged {
rlog.Error(fmt.Errorf("invalid configuration"), "To use Network Events Monitor"+
"features privileged mode needs to be enabled")
@@ -699,6 +701,13 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
})
}
+ if helper.IsUDNMappingEnabled(&coll.Spec.Agent.EBPF) {
+ config = append(config, corev1.EnvVar{
+ Name: envEnableUDNMapping,
+ Value: "true",
+ })
+ }
+
if helper.IsPacketTranslationEnabled(&coll.Spec.Agent.EBPF) {
config = append(config, corev1.EnvVar{
Name: envEnablePacketTranslation,
diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md
index 99f6db0f9..305fbc116 100644
--- a/docs/FlowCollector.md
+++ b/docs/FlowCollector.md
@@ -293,7 +293,8 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<
- `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information.
-- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+- `UDNMapping`, to enable interfaces mappind to udn.
false |
@@ -6265,6 +6266,10 @@ It requires using the OVN-Kubernetes network plugin with the Observability featu
IMPORTANT: This feature is available as a Developer Preview.
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+IMPORTANT: This feature is available as a Developer Preview.
+- `UDNMapping`, to enable interfaces mappind to udn.
+This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+It requires using the OVN-Kubernetes network plugin with the Observability feature.
IMPORTANT: This feature is available as a Developer Preview.
false |
diff --git a/pkg/helper/flowcollector.go b/pkg/helper/flowcollector.go
index 63f1854e0..2c48cda32 100644
--- a/pkg/helper/flowcollector.go
+++ b/pkg/helper/flowcollector.go
@@ -134,6 +134,10 @@ func IsEbpfManagerEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
return IsAgentFeatureEnabled(spec, flowslatest.EbpfManager)
}
+func IsUDNMappingEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
+ return IsAgentFeatureEnabled(spec, flowslatest.UDNMapping)
+}
+
func IsConntrack(spec *flowslatest.FlowCollectorFLP) bool {
return spec != nil && spec.LogTypes != nil && *spec.LogTypes != flowslatest.LogTypeFlows
}