modules/network-observability-flowcollector-example.adoc

// Module included in the following assemblies:

// * networking/network_observability/configuring-operators.adoc

:_mod-docs-content-type: REFERENCE
[id="network-observability-flowcollector-example_{context}"]
= Example of a FlowCollector resource

[role="_abstract"]
Review a comprehensive, annotated example of the `FlowCollector` custom resource that demonstrates configurations for `eBPF` sampling, conversation tracking, Loki integration, and console quick filters.

[id="network-observability-flowcollector-configuring-about-sample_{context}"]
== Sample `FlowCollector` resource
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
  name: cluster
spec:
  namespace: netobserv
  deploymentModel: Direct
  agent:
    type: eBPF                                <1>
    ebpf:
      sampling: 50                            <2>
      logLevel: info
      privileged: false
      resources:
        requests:
          memory: 50Mi
          cpu: 100m
        limits:
          memory: 800Mi
  processor:               <3>
    logLevel: info
    resources:
      requests:
        memory: 100Mi
        cpu: 100m
      limits:
        memory: 800Mi
    logTypes: Flows
    advanced:
      conversationEndTimeout: 10s
      conversationHeartbeatInterval: 30s
  loki:                     <4>
    mode: LokiStack         <5>
  consolePlugin:
    register: true
    logLevel: info
    portNaming:
      enable: true
      portNames:
        "3100": loki
    quickFilters:            <6>
    - name: Applications
      filter:
        src_namespace!: 'openshift-,netobserv'
        dst_namespace!: 'openshift-,netobserv'
      default: true
    - name: Infrastructure
      filter:
        src_namespace: 'openshift-,netobserv'
        dst_namespace: 'openshift-,netobserv'
    - name: Pods network
      filter:
        src_kind: 'Pod'
        dst_kind: 'Pod'
      default: true
    - name: Services network
      filter:
        dst_kind: 'Service'
----
<1> The Agent specification, `spec.agent.type`, must be `EBPF`. eBPF is the only {product-title} supported option.
<2> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. By default, eBPF sampling is set to `50`, so a flow has a 1 in 50 chance of being sampled. A lower sampling interval value requires more computational, memory, and storage resources. A value of `0` or `1` means all flows are sampled. It is recommended to start with the default value and refine it empirically to determine the optimal setting for your cluster.
<3> The Processor specification `spec.processor.` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The `spec.processor.logTypes` value is `Flows`. The `spec.processor.advanced` values are `Conversations`, `EndedConversations`, or `ALL`. Storage requirements are highest for `All` and lowest for `EndedConversations`.
<4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
<5> The `LokiStack` mode automatically sets a few configurations: `querierUrl`, `ingesterUrl` and `statusUrl`, `tenantID`, and corresponding TLS configuration. Cluster roles and a cluster role binding are created for reading and writing logs to Loki. And `authToken` is set to `Forward`. You can set these manually using the `Manual` mode.
<6> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
OSDOCS-17450 [NETOBSERV] Module short descriptions to configuring-operator.adoc 2025-12-02 10:25:21 -06:00			`// Module included in the following assemblies:`

			`// * networking/network_observability/configuring-operators.adoc`

			`:_mod-docs-content-type: REFERENCE`
			`[id="network-observability-flowcollector-example_{context}"]`
			`= Example of a FlowCollector resource`

			`[role="_abstract"]`
			Review a comprehensive, annotated example of the `FlowCollector` custom resource that demonstrates configurations for `eBPF` sampling, conversation tracking, Loki integration, and console quick filters.

			`[id="network-observability-flowcollector-configuring-about-sample_{context}"]`
			== Sample `FlowCollector` resource
			`[source, yaml]`
			`----`
			`apiVersion: flows.netobserv.io/v1beta2`
			`kind: FlowCollector`
			`metadata:`
			`name: cluster`
			`spec:`
			`namespace: netobserv`
			`deploymentModel: Direct`
			`agent:`
			`type: eBPF <1>`
			`ebpf:`
			`sampling: 50 <2>`
			`logLevel: info`
			`privileged: false`
			`resources:`
			`requests:`
			`memory: 50Mi`
			`cpu: 100m`
			`limits:`
			`memory: 800Mi`
			`processor: <3>`
			`logLevel: info`
			`resources:`
			`requests:`
			`memory: 100Mi`
			`cpu: 100m`
			`limits:`
			`memory: 800Mi`
			`logTypes: Flows`
			`advanced:`
			`conversationEndTimeout: 10s`
			`conversationHeartbeatInterval: 30s`
			`loki: <4>`
			`mode: LokiStack <5>`
			`consolePlugin:`
			`register: true`
			`logLevel: info`
			`portNaming:`
			`enable: true`
			`portNames:`
			`"3100": loki`
			`quickFilters: <6>`
			`- name: Applications`
			`filter:`
			`src_namespace!: 'openshift-,netobserv'`
			`dst_namespace!: 'openshift-,netobserv'`
			`default: true`
			`- name: Infrastructure`
			`filter:`
			`src_namespace: 'openshift-,netobserv'`
			`dst_namespace: 'openshift-,netobserv'`
			`- name: Pods network`
			`filter:`
			`src_kind: 'Pod'`
			`dst_kind: 'Pod'`
			`default: true`
			`- name: Services network`
			`filter:`
			`dst_kind: 'Service'`
			`----`
			<1> The Agent specification, `spec.agent.type`, must be `EBPF`. eBPF is the only {product-title} supported option.
			<2> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. By default, eBPF sampling is set to `50`, so a flow has a 1 in 50 chance of being sampled. A lower sampling interval value requires more computational, memory, and storage resources. A value of `0` or `1` means all flows are sampled. It is recommended to start with the default value and refine it empirically to determine the optimal setting for your cluster.
			<3> The Processor specification `spec.processor.` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The `spec.processor.logTypes` value is `Flows`. The `spec.processor.advanced` values are `Conversations`, `EndedConversations`, or `ALL`. Storage requirements are highest for `All` and lowest for `EndedConversations`.
			<4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
			<5> The `LokiStack` mode automatically sets a few configurations: `querierUrl`, `ingesterUrl` and `statusUrl`, `tenantID`, and corresponding TLS configuration. Cluster roles and a cluster role binding are created for reading and writing logs to Loki. And `authToken` is set to `Forward`. You can set these manually using the `Manual` mode.
			<6> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.