Documentation
¶
Index ¶
- Constants
- func SetConfigDefaults(flowAggregatorConf *FlowAggregatorConfig)
- type APIServerConfig
- type AggregatorTransportProtocol
- type ClickHouseConfig
- type FlowAggregatorConfig
- type FlowCollectorConfig
- type FlowFilter
- type FlowLoggerConfig
- type NetworkPolicyRuleAction
- type RecordContentsConfig
- type S3UploaderConfig
- type TLSConfig
Constants ¶
View Source
const ( DefaultExternalFlowCollectorTransport = "tcp" DefaultExternalFlowCollectorPort = "4739" DefaultActiveFlowRecordTimeout = "60s" DefaultInactiveFlowRecordTimeout = "90s" DefaultAggregatorTransportProtocol = "TLS" DefaultRecordFormat = "IPFIX" DefaultClickHouseDatabase = "default" DefaultClickHouseCommitInterval = "8s" MinClickHouseCommitInterval = 1 * time.Second DefaultClickHouseDatabaseUrl = "tcp://clickhouse-clickhouse.flow-visibility.svc:9000" DefaultS3Region = "us-west-2" DefaultS3RecordFormat = "CSV" DefaultS3MaxRecordsPerFile = 1000000 DefaultS3UploadInterval = "60s" MinS3CommitInterval = 1 * time.Second DefaultLoggerMaxSize = 100 DefaultLoggerMaxBackups = 3 DefaultLoggerRecordFormat = "CSV" )
Variables ¶
This section is empty.
Functions ¶
func SetConfigDefaults ¶ added in v1.8.0
func SetConfigDefaults(flowAggregatorConf *FlowAggregatorConfig)
Types ¶
type APIServerConfig ¶
type APIServerConfig struct {
// APIPort is the port for the antrea-agent APIServer to serve on.
// Defaults to 10348.
APIPort int `yaml:"apiPort,omitempty"`
// Cipher suites to use.
TLSCipherSuites string `yaml:"tlsCipherSuites,omitempty"`
// TLS min version.
TLSMinVersion string `yaml:"tlsMinVersion,omitempty"`
}
type AggregatorTransportProtocol ¶ added in v1.8.0
type AggregatorTransportProtocol string
const ( AggregatorTransportProtocolTCP AggregatorTransportProtocol = "TCP" AggregatorTransportProtocolTLS AggregatorTransportProtocol = "TLS" AggregatorTransportProtocolUDP AggregatorTransportProtocol = "UDP" )
type ClickHouseConfig ¶ added in v1.6.0
type ClickHouseConfig struct {
// Enable is the switch to enable exporting flow records to ClickHouse.
Enable bool `yaml:"enable,omitempty"`
// Database is the name of database where Antrea "flows" table is created.
Database string `yaml:"database,omitempty"`
// DatabaseURL is the url to the database. Provide the database URL as a string with format
// <Protocol>://<ClickHouse server FQDN or IP>:<ClickHouse port>. The protocol has to be one
// from below: "tcp", "tls", "http", "https". When "tls" or "https" is used, tls will be enabled.
// Defaults to "tcp://clickhouse-clickhouse.flow-visibility.svc:9000"
DatabaseURL string `yaml:"databaseURL,omitempty"`
// Debug enables debug logs from ClickHouse sql driver. Defaults to false.
Debug bool `yaml:"debug,omitempty"`
// Compress enables lz4 compression when committing flow records. Defaults to true.
Compress *bool `yaml:"compress,omitempty"`
// CommitInterval is the periodical interval between batch commit of flow records to DB.
// Defaults to "8s". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
// Min value allowed is "1s".
CommitInterval string `yaml:"commitInterval,omitempty"`
// TLS configuration options, when using TLS to connect to the ClickHouse service.
TLS TLSConfig `yaml:"tls,omitempty"`
}
type FlowAggregatorConfig ¶
type FlowAggregatorConfig struct {
// Provide the active flow record timeout as a duration string. This determines
// how often the flow aggregator exports the active flow records to the flow
// collector. Thus, for flows with a continuous stream of packets, a flow record
// will be exported to the collector once the elapsed time since the last export
// event in the flow aggregator is equal to the value of this timeout.
// Defaults to "60s". Valid time units are "ns", "us" (or "µs"), "ms", "s",
// "m", "h".
ActiveFlowRecordTimeout string `yaml:"activeFlowRecordTimeout,omitempty"`
// Provide the inactive flow record timeout as a duration string. This determines
// how often the flow aggregator exports the inactive flow records to the flow
// collector. A flow record is considered to be inactive if no matching record
// has been received by the flow aggregator in the specified interval.
// Defaults to "90s". Valid time units are "ns", "us" (or "µs"), "ms", "s",
// "m", "h".
InactiveFlowRecordTimeout string `yaml:"inactiveFlowRecordTimeout,omitempty"`
// Transport protocol over which the aggregator collects IPFIX records from all Agents.
// Defaults to "tls"
AggregatorTransportProtocol AggregatorTransportProtocol `yaml:"aggregatorTransportProtocol,omitempty"`
// Provide an extra DNS name or IP address of flow aggregator for generating TLS certificate.
FlowAggregatorAddress string `yaml:"flowAggregatorAddress,omitempty"`
// RecordContents enables configuring some fields in the flow records. Fields can be
// excluded to reduce record size.
RecordContents RecordContentsConfig `yaml:"recordContents,omitempty"`
// APIServer contains APIServer related configuration options.
APIServer APIServerConfig `yaml:"apiServer,omitempty"`
// FlowCollector contains external IPFIX or JSON collector related configuration options.
FlowCollector FlowCollectorConfig `yaml:"flowCollector,omitempty"`
// ClickHouse contains ClickHouse related configuration options.
ClickHouse ClickHouseConfig `yaml:"clickHouse,omitempty"`
// S3Uploader contains configuration options for uploading flow records to AWS S3.
S3Uploader S3UploaderConfig `yaml:"s3Uploader,omitempty"`
// FlowLogger contains configuration options for writing flow records to a local log file.
FlowLogger FlowLoggerConfig `yaml:"flowLogger,omitempty"`
}
type FlowCollectorConfig ¶ added in v1.6.0
type FlowCollectorConfig struct {
// Enable is the switch to enable exporting flow records to external flow collector.
Enable bool `yaml:"enable,omitempty"`
// Provide the flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
// If no L4 transport proto is given, we consider tcp as default.
// Defaults to "".
Address string `yaml:"address,omitempty"`
// Provide the 32-bit Observation Domain ID which will uniquely identify this instance of the flow
// aggregator to an external flow collector. If omitted, an Observation Domain ID will be generated
// from the persistent cluster UUID generated by Antrea. Failing that (e.g. because the cluster UUID
// is not available), a value will be randomly generated, which may vary across restarts of the flow
// aggregator.
ObservationDomainID *uint32 `yaml:"observationDomainID,omitempty"`
// Provide format for records sent to the configured flow collector. Supported formats are IPFIX and JSON.
// Defaults to "IPFIX"
RecordFormat string `yaml:"recordFormat,omitempty"`
}
type FlowFilter ¶ added in v1.12.0
type FlowFilter struct {
// IngressNetworkPolicyRuleActions supports filtering based on the action name for the
// ingress policy rule applied to the flow. By default, all actions are considered.
IngressNetworkPolicyRuleActions []NetworkPolicyRuleAction `yaml:"ingressNetworkPolicyRuleActions,omitempty"`
// EgressNetworkPolicyRuleActions supports filtering based on the action name for the egress
// policy rule applied to the flow. By default, all actions are considered.
EgressNetworkPolicyRuleActions []NetworkPolicyRuleAction `yaml:"egressNetworkPolicyRuleActions,omitempty"`
}
FlowFilter will match a flow if all individual conditions are fulfilled.
type FlowLoggerConfig ¶ added in v1.12.0
type FlowLoggerConfig struct {
// Enable is the switch to enable writing flow records to a local log file.
Enable bool `yaml:"enable,omitempty"`
// Path is the path to the local log file. Defaults to the antrea-flows.log file in the
// operating system's default directory for temporary files (provided by os.TempDir).
Path string `yaml:"path,omitempty"`
// MaxSize is the maximum size in MB of a log file before it gets rotated. Defaults to 100MB.
MaxSize int32 `yaml:"maxSize,omitempty"`
// MaxBackups is the maximum number of old log files to retain. If set to 0, all log files
// will be retained (unless MaxAge causes them to be deleted). Defaults to 3.
MaxBackups int32 `yaml:"maxBackups,omitempty"`
// MaxAge is the maximum number of days to retain old log files based on the timestamp
// encoded in their filename. The default (0) is not to remove old log files based on age.
MaxAge int32 `yaml:"maxAge,omitempty"`
// Compress enables gzip compression on rotated files. Defaults to true.
Compress *bool `yaml:"compress,omitempty"`
// RecordFormat defines the format of the flow records logged to file. Only "CSV" is
// supported at the moment.
RecordFormat string `yaml:"recordFormat,omitempty"`
// Filters can be used to select which flow records to log to file. The provided filters are
// OR-ed to determine whether a specific flow should be logged. By default, all flows are
// logged.
Filters []FlowFilter `yaml:"filters,omitempty"`
// PrettyPrint enables conversion of some numeric fields to a more meaningful string
// representation.
PrettyPrint *bool `yaml:"prettyPrint,omitempty"`
}
type NetworkPolicyRuleAction ¶ added in v1.12.0
type NetworkPolicyRuleAction string
const ( NetworkPolicyRuleActionNone NetworkPolicyRuleAction = "None" NetworkPolicyRuleActionAllow NetworkPolicyRuleAction = "Allow" NetworkPolicyRuleActionDrop NetworkPolicyRuleAction = "Drop" NetworkPolicyRuleActionReject NetworkPolicyRuleAction = "Reject" )
type RecordContentsConfig ¶
type RecordContentsConfig struct {
PodLabels bool `yaml:"podLabels,omitempty"`
}
type S3UploaderConfig ¶ added in v1.9.0
type S3UploaderConfig struct {
// Enable is the switch to enable exporting flow records to AWS S3.
// At the moment, the flow aggregator will look for the "standard" environment variables to
// authenticate to AWS. These can be static credentials (AWS_ACCESS_KEY_ID,
// AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) or a Web Identity Token
// (AWS_WEB_IDENTITY_TOKEN_FILE).
Enable bool `yaml:"enable,omitempty"`
// BucketName is the name of the S3 bucket to which flow records will be uploaded. If this
// field is empty, initialization will fail.
BucketName string `yaml:"bucketName"`
// BucketPrefix is the prefix ("folder") under which flow records will be uploaded. If this
// is omitted, flow records will be uploaded to the root of the bucket.
BucketPrefix string `yaml:"bucketPrefix,omitempty"`
// Region is used as a "hint" to get the region in which the provided bucket is located.
// An error will occur if the bucket does not exist in the AWS partition the region hint
// belongs to. If region is omitted, the value of the AWS_REGION environment variable will
// be used, and if it is missing, we will default to "us-west-2".
Region string `yaml:"region,omitempty"`
// RecordFormat defines the format of the flow records uploaded to S3. Only "CSV" is
// supported at the moment.
RecordFormat string `yaml:"recordFormat,omitempty"`
// Compress enables gzip compression when uploading files to S3. Defaults to true.
Compress *bool `yaml:"compress,omitempty"`
// MaxRecordsPerFile is the maximum number of records per file uploaded. It is not recommended
// to change this value. Defaults to 1,000,000.
MaxRecordsPerFile int32 `yaml:"maxRecordsPerFile,omitempty"`
// UploadInterval is the duration between each file upload to S3.
UploadInterval string `yaml:"uploadInterval,omitempty"`
}
type TLSConfig ¶ added in v1.13.0
type TLSConfig struct {
// InsecureSkipVerify determines whether to skip the verification of the server's certificate chain and host name.
// Default is false.
InsecureSkipVerify bool `yaml:"insecureSkipVerify,omitempty"`
// CACert determines whether to use custom CA certificate. Default root CAs will be used if false.
// If true, a Secret named "flow-aggregator-ca" must be provided with the following keys:
// ca.crt: <CA certificate>
CACert bool `yaml:"caCert,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.