@@ -16446,8 +16451,8 @@ IMPORTANT: This feature is available as a Developer Preview.
| enum |
Set the Processor de-duplication mode. It comes in addition to the Agent-based deduplication because the Agent cannot de-duplicate same flows reported from different nodes.
-- Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer, or network events.
-- Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.
+- Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially losing some information such as the network interfaces used from peer, or network events.
+- Use `Sample` to randomly keep only one flow on 50, which is the default, among the ones considered as duplicates. This is a compromise between dropping every duplicate or keeping every duplicate. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling values are `50`, the combined sampling is 1:2500.
- Use `Disabled` to turn off Processor-based de-duplication.
Enum: Disabled, Drop, Sample
@@ -16474,7 +16479,7 @@ IMPORTANT: This feature is available as a Developer Preview.
-`FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions
+`FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions.
@@ -16496,7 +16501,7 @@ IMPORTANT: This feature is available as a Developer Preview.
| outputTarget |
enum |
- If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted.
+ If specified, these filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted.
Enum: , Loki, Metrics, Exporters
|
@@ -16520,7 +16525,7 @@ IMPORTANT: This feature is available as a Developer Preview.
-`FLPSingleFilter` defines the desired configuration for a single FLP-based filter
+`FLPSingleFilter` defines the desired configuration for a single FLP-based filter.
@@ -16535,15 +16540,15 @@ IMPORTANT: This feature is available as a Developer Preview.
| field |
string |
- Name of the field to filter on
-Refer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html.
+ Name of the field to filter on.
+Refer to the documentation for the list of available fields: https://github.com/netobserv/network-observability-operator/blob/main/docs/flows-format.adoc.
|
true |
| matchType |
enum |
- Type of matching to apply
+ Type of matching to apply.
Enum: Equal, NotEqual, Presence, Absence, MatchRegex, NotMatchRegex
Default: Equal
@@ -18235,7 +18240,7 @@ If the namespace is different, the config map or the secret is copied so that it
| conditions |
[]object |
- `conditions` represent the latest available observations of an object's state
+ `conditions` represents the latest available observations of an object's state
|
true |
diff --git a/docs/FlowMetric.md b/docs/FlowMetric.md
index afa5f9097..31c95eb70 100644
--- a/docs/FlowMetric.md
+++ b/docs/FlowMetric.md
@@ -155,7 +155,7 @@ Refer to the documentation for the list of available fields: https://docs.opensh
| flatten |
[]string |
- `flatten` is a list of list-type fields that must be flattened, such as Interfaces and NetworkEvents. Flattened fields generate one metric per item in that field.
+ `flatten` is a list of array-type fields that must be flattened, such as Interfaces or NetworkEvents. Flattened fields generate one metric per item in that field.
For instance, when flattening `Interfaces` on a bytes counter, a flow having Interfaces [br-ex, ens5] increases one counter for `br-ex` and another for `ens5`.
|
false |
diff --git a/docs/flowcollector-flows-netobserv-io-v1beta2.adoc b/docs/flowcollector-flows-netobserv-io-v1beta2.adoc
index 76865c55f..762d9fb54 100644
--- a/docs/flowcollector-flows-netobserv-io-v1beta2.adoc
+++ b/docs/flowcollector-flows-netobserv-io-v1beta2.adoc
@@ -102,7 +102,7 @@ Kafka can provide better scalability, resiliency, and high availability (for mor
| `exporters`
| `array`
-| `exporters` define additional optional exporters for custom consumption or storage.
+| `exporters` defines additional optional exporters for custom consumption or storage.
| `kafka`
| `object`
@@ -204,19 +204,27 @@ Otherwise it is matched as a case-sensitive string.
| `array (string)`
| List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are: +
-- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting
-the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+- `PacketDrop`: Enable the packets drop flows logging feature. This feature requires mounting
+the kernel debug filesystem, so the eBPF agent pods must run as privileged.
If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported. +
-- `DNSTracking`: enable the DNS tracking feature. +
+- `DNSTracking`: Enable the DNS tracking feature. +
-- `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic. +
+- `FlowRTT`: Enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic. +
-- `NetworkEvents`: enable the network events monitoring feature, such as correlating flows and network policies.
-This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
+- `NetworkEvents`: Enable the network events monitoring feature, such as correlating flows and network policies.
+This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
-IMPORTANT: This feature is available as a Developer Preview. +
+IMPORTANT: This feature is available as a Technology Preview. +
+- `PacketTranslation`: Enable enriching flows with packet translation information, such as Service NAT. +
+
+- `EbpfManager`: [Unsupported (*)]. Use eBPF Manager to manage Network Observability eBPF programs. Pre-requisite: the eBPF Manager operator (or upstream bpfman operator) must be installed. +
+
+- `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN). +
+
+This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
+It requires using the OVN-Kubernetes network plugin with the Observability feature.
| `flowFilter`
| `object`
@@ -407,6 +415,11 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
| `integer`
| `icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
+| `peerCIDR`
+| `string`
+| `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+
| `peerIP`
| `string`
| `peerIP` optionally defines the remote IP address to filter flows by.
@@ -427,6 +440,120 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
| `string`
| `protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`.
+| `rules`
+| `array`
+| `rules` defines a list of filtering rules on the eBPF Agents.
+When filtering is enabled, by default, flows that don't match any rule are rejected.
+To change the default, you can define a rule that accepts everything: `{ action: "Accept", cidr: "0.0.0.0/0" }`, and then refine with rejecting rules.
+[Unsupported (*)].
+
+| `sampling`
+| `integer`
+| `sampling` sampling rate for the matched flows, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
+
+| `sourcePorts`
+| `integer-or-string`
+| `sourcePorts` optionally defines the source ports to filter flows by.
+To filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.
+To filter a range of ports, use a "start-end" range in string format. For example, `sourcePorts: "80-100"`.
+To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
+
+| `tcpFlags`
+| `string`
+| `tcpFlags` optionally defines TCP flags to filter flows by.
+In addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK`, and `RST-ACK`.
+
+|===
+== .spec.agent.ebpf.flowFilter.rules
+Description::
++
+--
+`rules` defines a list of filtering rules on the eBPF Agents.
+When filtering is enabled, by default, flows that don't match any rule are rejected.
+To change the default, you can define a rule that accepts everything: `{ action: "Accept", cidr: "0.0.0.0/0" }`, and then refine with rejecting rules.
+[Unsupported (*)].
+--
+
+Type::
+ `array`
+
+
+
+
+== .spec.agent.ebpf.flowFilter.rules[]
+Description::
++
+--
+`EBPFFlowFilterRule` defines the desired eBPF agent configuration regarding flow filtering rule.
+--
+
+Type::
+ `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| `action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`.
+
+| `cidr`
+| `string`
+| `cidr` defines the IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+
+| `destPorts`
+| `integer-or-string`
+| `destPorts` optionally defines the destination ports to filter flows by.
+To filter a single port, set a single port as an integer value. For example, `destPorts: 80`.
+To filter a range of ports, use a "start-end" range in string format. For example, `destPorts: "80-100"`.
+To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
+
+| `direction`
+| `string`
+| `direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`.
+
+| `icmpCode`
+| `integer`
+| `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
+
+| `icmpType`
+| `integer`
+| `icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
+
+| `peerCIDR`
+| `string`
+| `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+
+| `peerIP`
+| `string`
+| `peerIP` optionally defines the remote IP address to filter flows by.
+Example: `10.10.10.10`.
+
+| `pktDrops`
+| `boolean`
+| `pktDrops` optionally filters only flows containing packet drops.
+
+| `ports`
+| `integer-or-string`
+| `ports` optionally defines the ports to filter flows by. It is used both for source and destination ports.
+To filter a single port, set a single port as an integer value. For example, `ports: 80`.
+To filter a range of ports, use a "start-end" range in string format. For example, `ports: "80-100"`.
+To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
+
+| `protocol`
+| `string`
+| `protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`.
+
+| `sampling`
+| `integer`
+| `sampling` sampling rate for the matched flows, overriding the global sampling defined at `spec.agent.ebpf.sampling`.
+
| `sourcePorts`
| `integer-or-string`
| `sourcePorts` optionally defines the source ports to filter flows by.
@@ -937,7 +1064,7 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co
Description::
+
--
-`exporters` define additional optional exporters for custom consumption or storage.
+`exporters` defines additional optional exporters for custom consumption or storage.
--
Type::
@@ -2575,6 +2702,18 @@ such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk.
| `string`
| `clusterName` is the name of the cluster to appear in the flows data. This is useful in a multi-cluster context. When using {product-title}, leave empty to make it automatically determined.
+| `deduper`
+| `object`
+| `deduper` allows you to sample or drop flows identified as duplicates, in order to save on resource usage.
+[Unsupported (*)].
+
+| `filters`
+| `array`
+| `filters` lets you define custom filters to limit the amount of generated flows.
+These filters provide more flexibility than the eBPF Agent filters (in `spec.agent.ebpf.flowFilter`), such as allowing to filter by Kubernetes namespace,
+but with a lesser improvement in performance.
+[Unsupported (*)].
+
| `imagePullPolicy`
| `string`
| `imagePullPolicy` is the Kubernetes pull policy for the image defined above
@@ -2605,13 +2744,13 @@ This setting is ignored when Kafka is disabled.
| `string`
| `logTypes` defines the desired record types to generate. Possible values are: +
-- `Flows` (default) to export regular network flows +
+- `Flows` to export regular network flows. This is the default. +
-- `Conversations` to generate events for started conversations, ended conversations as well as periodic "tick" updates +
+- `Conversations` to generate events for started conversations, ended conversations as well as periodic "tick" updates. +
-- `EndedConversations` to generate only ended conversations events +
+- `EndedConversations` to generate only ended conversations events. +
-- `All` to generate both network flows and all conversations events +
+- `All` to generate both network flows and all conversations events. It is not recommended due to the impact on resources footprint. +
| `metrics`
@@ -2700,7 +2839,7 @@ By convention, some values are forbidden. It must be greater than 1024 and diffe
| `secondaryNetworks`
| `array`
-| Define secondary networks to be checked for resources identification.
+| Defines secondary networks to be checked for resources identification.
To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
If the same index is used by several resources, those resources might be incorrectly labeled.
@@ -2773,7 +2912,7 @@ Type::
Description::
+
--
-Define secondary networks to be checked for resources identification.
+Defines secondary networks to be checked for resources identification.
To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
If the same index is used by several resources, those resources might be incorrectly labeled.
--
@@ -2814,6 +2953,133 @@ Fields absent from the 'k8s.v1.cni.cncf.io/network-status' annotation must not b
| `string`
| `name` should match the network name as visible in the pods annotation 'k8s.v1.cni.cncf.io/network-status'.
+|===
+== .spec.processor.deduper
+Description::
++
+--
+`deduper` allows you to sample or drop flows identified as duplicates, in order to save on resource usage.
+[Unsupported (*)].
+--
+
+Type::
+ `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mode`
+| `string`
+| Set the Processor de-duplication mode. It comes in addition to the Agent-based deduplication because the Agent cannot de-duplicate same flows reported from different nodes. +
+
+- Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially losing some information such as the network interfaces used from peer, or network events. +
+
+- Use `Sample` to randomly keep only one flow on 50, which is the default, among the ones considered as duplicates. This is a compromise between dropping every duplicate or keeping every duplicate. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling values are `50`, the combined sampling is 1:2500. +
+
+- Use `Disabled` to turn off Processor-based de-duplication. +
+
+
+| `sampling`
+| `integer`
+| `sampling` is the sampling rate when deduper `mode` is `Sample`.
+
+|===
+== .spec.processor.filters
+Description::
++
+--
+`filters` lets you define custom filters to limit the amount of generated flows.
+These filters provide more flexibility than the eBPF Agent filters (in `spec.agent.ebpf.flowFilter`), such as allowing to filter by Kubernetes namespace,
+but with a lesser improvement in performance.
+[Unsupported (*)].
+--
+
+Type::
+ `array`
+
+
+
+
+== .spec.processor.filters[]
+Description::
++
+--
+`FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions.
+--
+
+Type::
+ `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allOf`
+| `array`
+| `filters` is a list of matches that must be all satisfied in order to remove a flow.
+
+| `outputTarget`
+| `string`
+| If specified, these filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted.
+
+| `sampling`
+| `integer`
+| `sampling` is an optional sampling rate to apply to this filter.
+
+|===
+== .spec.processor.filters[].allOf
+Description::
++
+--
+`filters` is a list of matches that must be all satisfied in order to remove a flow.
+--
+
+Type::
+ `array`
+
+
+
+
+== .spec.processor.filters[].allOf[]
+Description::
++
+--
+`FLPSingleFilter` defines the desired configuration for a single FLP-based filter.
+--
+
+Type::
+ `object`
+
+Required::
+ - `field`
+ - `matchType`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `field`
+| `string`
+| Name of the field to filter on.
+Refer to the documentation for the list of available fields: https://github.com/netobserv/network-observability-operator/blob/main/docs/flows-format.adoc.
+
+| `matchType`
+| `string`
+| Type of matching to apply.
+
+| `value`
+| `string`
+| Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow.
+
|===
== .spec.processor.kafkaConsumerAutoscaler
Description::
@@ -2865,7 +3131,8 @@ Note that the more metrics you add, the bigger is the impact on Prometheus workl
Metrics enabled by default are:
`namespace_flows_total`, `node_ingress_bytes_total`, `node_egress_bytes_total`, `workload_ingress_bytes_total`,
`workload_egress_bytes_total`, `namespace_drop_packets_total` (when `PacketDrop` feature is enabled),
-`namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled).
+`namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled),
+`namespace_network_policy_events_total` (when `NetworkEvents` feature is enabled).
More information, with full list of available metrics: https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md
| `server`
diff --git a/docs/flowmetric-flows-netobserv-io-v1alpha1.adoc b/docs/flowmetric-flows-netobserv-io-v1alpha1.adoc
index 6bda2865c..88647448d 100644
--- a/docs/flowmetric-flows-netobserv-io-v1alpha1.adoc
+++ b/docs/flowmetric-flows-netobserv-io-v1alpha1.adoc
@@ -107,6 +107,11 @@ When set to `Egress`, it is equivalent to adding the regular expression filter o
be used to eliminate duplicates: `Duplicate != "true"` and `FlowDirection = "0"`.
Refer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html.
+| `flatten`
+| `array (string)`
+| `flatten` is a list of array-type fields that must be flattened, such as Interfaces or NetworkEvents. Flattened fields generate one metric per item in that field.
+For instance, when flattening `Interfaces` on a bytes counter, a flow having Interfaces [br-ex, ens5] increases one counter for `br-ex` and another for `ens5`.
+
| `labels`
| `array (string)`
| `labels` is a list of fields that should be used as Prometheus labels, also known as dimensions.
diff --git a/docs/flows-format.adoc b/docs/flows-format.adoc
index 76f5c85d3..d87ab52ab 100644
--- a/docs/flows-format.adoc
+++ b/docs/flows-format.adoc
@@ -99,6 +99,13 @@ The "Cardinality" column gives information about the implied metric cardinality
| yes
| fine
| destination.k8s.namespace.name
+| `DstK8S_NetworkName`
+| string
+| Destination network name
+| `dst_network`
+| no
+| fine
+| n/a
| `DstK8S_OwnerName`
| string
| Name of the destination owner, such as Deployment name, StatefulSet name, etc.
@@ -156,14 +163,14 @@ The "Cardinality" column gives information about the implied metric cardinality
| fine
| n/a
| `Flags`
-| number
-| Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
-- SYN+ACK (0x100) +
-- FIN+ACK (0x200) +
-- RST+ACK (0x400)
+| string[]
+| List of TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
+- SYN_ACK +
+- FIN_ACK +
+- RST_ACK
| `tcp_flags`
| no
-| fine
+| careful
| tcp.flags
| `FlowDirection`
| number
@@ -190,7 +197,7 @@ The "Cardinality" column gives information about the implied metric cardinality
| fine
| icmp.type
| `IfDirections`
-| number
+| number[]
| Flow directions from the network interface observation point. Can be one of: +
- 0: Ingress (interface incoming traffic) +
- 1: Egress (interface outgoing traffic)
@@ -199,7 +206,7 @@ The "Cardinality" column gives information about the implied metric cardinality
| fine
| interface.directions
| `Interfaces`
-| string
+| string[]
| Network interfaces
| `interfaces`
| no
@@ -220,8 +227,14 @@ The "Cardinality" column gives information about the implied metric cardinality
| fine
| k8s.layer
| `NetworkEvents`
-| string
-| Network events flow monitoring
+| object[]
+| Network events, such as network policy actions, composed of nested fields: +
+- Feature (such as "acl" for network policies) +
+- Type (such as an "AdminNetworkPolicy") +
+- Namespace (namespace where the event applies, if any) +
+- Name (name of the resource that triggered the event) +
+- Action (such as "allow" or "drop") +
+- Direction (Ingress or Egress)
| `network_events`
| no
| avoid
@@ -229,7 +242,7 @@ The "Cardinality" column gives information about the implied metric cardinality
| `Packets`
| number
| Number of packets
-| n/a
+| `pkt_drop_cause`
| no
| avoid
| packets
@@ -275,6 +288,13 @@ The "Cardinality" column gives information about the implied metric cardinality
| no
| fine
| protocol
+| `Sampling`
+| number
+| Sampling rate used for this flow
+| n/a
+| no
+| fine
+| n/a
| `SrcAddr`
| string
| Source IP address (ipv4 or ipv6)
@@ -310,6 +330,13 @@ The "Cardinality" column gives information about the implied metric cardinality
| yes
| fine
| source.k8s.namespace.name
+| `SrcK8S_NetworkName`
+| string
+| Source network name
+| `src_network`
+| no
+| fine
+| n/a
| `SrcK8S_OwnerName`
| string
| Name of the source owner, such as Deployment name, StatefulSet name, etc.
@@ -387,6 +414,48 @@ The "Cardinality" column gives information about the implied metric cardinality
| no
| avoid
| timereceived
+| `Udns`
+| string[]
+| List of User Defined Networks
+| `udns`
+| no
+| careful
+| n/a
+| `XlatDstAddr`
+| string
+| packet translation destination address
+| `xlat_dst_address`
+| no
+| avoid
+| n/a
+| `XlatDstPort`
+| number
+| packet translation destination port
+| `xlat_dst_port`
+| no
+| careful
+| n/a
+| `XlatSrcAddr`
+| string
+| packet translation source address
+| `xlat_src_address`
+| no
+| avoid
+| n/a
+| `XlatSrcPort`
+| number
+| packet translation source port
+| `xlat_src_port`
+| no
+| careful
+| n/a
+| `ZoneId`
+| number
+| packet translation zone id
+| `xlat_zone_id`
+| no
+| avoid
+| n/a
| `_HashId`
| string
| In conversation tracking, the conversation identifier
@@ -396,7 +465,7 @@ The "Cardinality" column gives information about the implied metric cardinality
| n/a
| `_RecordType`
| string
-| Type of record: 'flowLog' for regular flow logs, or 'newConnection', 'heartbeat', 'endConnection' for conversation tracking
+| Type of record: `flowLog` for regular flow logs, or `newConnection`, `heartbeat`, `endConnection` for conversation tracking
| `type`
| yes
| fine
diff --git a/hack/asciidoc-flows-gen.sh b/hack/asciidoc-flows-gen.sh
index 95443f702..7019f4414 100755
--- a/hack/asciidoc-flows-gen.sh
+++ b/hack/asciidoc-flows-gen.sh
@@ -63,9 +63,9 @@ for i in $(seq 0 $(( $nbfields-1 )) ); do
echo -e "| $otel" >> $ADOC
done
+echo -e '|===' >> $ADOC
+
if [[ $errors != "" ]]; then
echo -e $errors
exit 1
fi
-
-echo -e '|===' >> $ADOC
diff --git a/pkg/helper/cardinality/cardinality.json b/pkg/helper/cardinality/cardinality.json
index 1f19d555e..84088a788 100644
--- a/pkg/helper/cardinality/cardinality.json
+++ b/pkg/helper/cardinality/cardinality.json
@@ -13,6 +13,7 @@
"SrcK8S_HostIP": "fine",
"SrcK8S_HostName": "fine",
"SrcK8S_Zone": "fine",
+ "SrcK8S_NetworkName": "fine",
"SrcSubnetLabel": "fine",
"DstK8S_Name": "careful",
"DstK8S_Type": "fine",
@@ -25,6 +26,7 @@
"DstK8S_HostIP": "fine",
"DstK8S_HostName": "fine",
"DstK8S_Zone": "fine",
+ "DstK8S_NetworkName": "fine",
"DstSubnetLabel": "fine",
"K8S_FlowLayer": "fine",
"Proto": "fine",
@@ -64,6 +66,7 @@
"XlatIcmpId": "avoid",
"XlatDstPort": "careful",
"XlatDstAddr": "avoid",
+ "Udns": "careful",
"_RecordType": "fine",
"_HashId": "avoid"
}
|