mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
OCPBUGS-43882: improve eBPF API reference docs
This commit is contained in:
Sara Thomas
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
f3a693906e
commit
5f83177968
@@ -202,7 +202,7 @@ Otherwise it is matched as a case-sensitive string.
|
||||
|
||||
| `features`
|
||||
| `array (string)`
|
||||
| List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. A possible value is `+`.
|
||||
| List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are: +
|
||||
|
||||
- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting
|
||||
the kernel debug filesystem, so the eBPF agent pods have to run as privileged.
|
||||
@@ -377,7 +377,7 @@ Type::
|
||||
|
||||
| `action`
|
||||
| `string`
|
||||
| `action` defines the action to perform on the flows that match the filter.
|
||||
| `action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`.
|
||||
|
||||
| `cidr`
|
||||
| `string`
|
||||
@@ -386,14 +386,14 @@ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
|
||||
|
||||
| `destPorts`
|
||||
| `integer-or-string`
|
||||
| `destPorts` defines the destination ports to filter flows by.
|
||||
| `destPorts` optionally defines the destination ports to filter flows by.
|
||||
To filter a single port, set a single port as an integer value. For example, `destPorts: 80`.
|
||||
To filter a range of ports, use a "start-end" range in string format. For example, `destPorts: "80-100"`.
|
||||
To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
|
||||
|
||||
| `direction`
|
||||
| `string`
|
||||
| `direction` defines the direction to filter flows by.
|
||||
| `direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -401,42 +401,43 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
|
||||
|
||||
| `icmpCode`
|
||||
| `integer`
|
||||
| `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by.
|
||||
| `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
|
||||
|
||||
| `icmpType`
|
||||
| `integer`
|
||||
| `icmpType`, for ICMP traffic, defines the ICMP type to filter flows by.
|
||||
| `icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
|
||||
|
||||
| `peerIP`
|
||||
| `string`
|
||||
| `peerIP` defines the IP address to filter flows by.
|
||||
| `peerIP` optionally defines the remote IP address to filter flows by.
|
||||
Example: `10.10.10.10`.
|
||||
|
||||
| `pktDrops`
|
||||
| `boolean`
|
||||
| `pktDrops` filters flows with packet drops
|
||||
| `pktDrops` optionally filters only flows containing packet drops.
|
||||
|
||||
| `ports`
|
||||
| `integer-or-string`
|
||||
| `ports` defines the ports to filter flows by. It is used both for source and destination ports.
|
||||
| `ports` optionally defines the ports to filter flows by. It is used both for source and destination ports.
|
||||
To filter a single port, set a single port as an integer value. For example, `ports: 80`.
|
||||
To filter a range of ports, use a "start-end" range in string format. For example, `ports: "80-100"`.
|
||||
To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
|
||||
|
||||
| `protocol`
|
||||
| `string`
|
||||
| `protocol` defines the protocol to filter flows by.
|
||||
| `protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6` and `SCTP`.
|
||||
|
||||
| `sourcePorts`
|
||||
| `integer-or-string`
|
||||
| `sourcePorts` defines the source ports to filter flows by.
|
||||
| `sourcePorts` optionally defines the source ports to filter flows by.
|
||||
To filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.
|
||||
To filter a range of ports, use a "start-end" range in string format. For example, `sourcePorts: "80-100"`.
|
||||
To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`.
|
||||
|
||||
| `tcpFlags`
|
||||
| `string`
|
||||
| `tcpFlags` defines the TCP flags to filter flows by.
|
||||
| `tcpFlags` optionally defines TCP flags to filter flows by.
|
||||
In addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK` and `RST-ACK`.
|
||||
|
||||
|===
|
||||
== .spec.agent.ebpf.metrics
|
||||
@@ -461,7 +462,7 @@ Type::
|
||||
| `disableAlerts` is a list of alerts that should be disabled.
|
||||
Possible values are: +
|
||||
|
||||
`NetObservDroppedFlows` is triggered when the eBPF agent is missing packets or flows, such as when the eBPF hashmap is busy or full, or the capacity limiter is triggered. +
|
||||
`NetObservDroppedFlows`, which is triggered when the eBPF agent is missing packets or flows, such as when the BPF hashmap is busy or full, or the capacity limiter is being triggered. +
|
||||
|
||||
|
||||
| `enable`
|
||||
@@ -611,7 +612,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.agent.ebpf.resources
|
||||
@@ -978,7 +979,7 @@ Required::
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| `type` selects the type of exporters. The available options are `Kafka` and `IPFIX`.
|
||||
| `type` selects the type of exporters. The available options are `Kafka`, `IPFIX` and `OpenTelemetry`.
|
||||
|
||||
|===
|
||||
== .spec.exporters[].ipfix
|
||||
@@ -1003,11 +1004,11 @@ Required::
|
||||
|
||||
| `targetHost`
|
||||
| `string`
|
||||
| Address of the IPFIX external receiver
|
||||
| Address of the IPFIX external receiver.
|
||||
|
||||
| `targetPort`
|
||||
| `integer`
|
||||
| Port for the IPFIX external receiver
|
||||
| Port for the IPFIX external receiver.
|
||||
|
||||
| `transport`
|
||||
| `string`
|
||||
@@ -1113,7 +1114,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.exporters[].kafka.sasl.clientSecretReference
|
||||
@@ -1148,7 +1149,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.exporters[].kafka.tls
|
||||
@@ -1170,7 +1171,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -1183,14 +1184,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.exporters[].kafka.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -1229,7 +1230,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -1624,7 +1625,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.kafka.sasl.clientSecretReference
|
||||
@@ -1659,7 +1660,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.kafka.tls
|
||||
@@ -1681,7 +1682,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -1694,14 +1695,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.kafka.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -1740,7 +1741,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2010,7 +2011,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -2023,14 +2024,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.loki.manual.statusTls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2069,7 +2070,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2123,7 +2124,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -2136,14 +2137,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.loki.manual.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2182,7 +2183,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2272,7 +2273,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -2285,14 +2286,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.loki.microservices.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2331,7 +2332,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2417,7 +2418,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -2430,14 +2431,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.loki.monolithic.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2476,7 +2477,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -2538,7 +2539,7 @@ configuration, you can disable it and install your own instead.
|
||||
| `boolean`
|
||||
| Set `enable` to `true` to deploy network policies on the namespaces used by Network Observability (main and privileged). It is disabled by default.
|
||||
These network policies better isolate the Network Observability components to prevent undesired connections to them.
|
||||
Either enable it, or create your own network policy for Network Observability.
|
||||
We recommend you either enable it, or create your own network policy for Network Observability.
|
||||
|
||||
|===
|
||||
== .spec.processor
|
||||
@@ -2773,8 +2774,8 @@ Description::
|
||||
+
|
||||
--
|
||||
Define secondary networks to be checked for resources identification.
|
||||
To guarantee a correct identification, the indexed values must form an unique identifier across the cluster.
|
||||
If the same index is used by several resources, those resources might be wrongly labeled.
|
||||
To guarantee a correct identification, indexed values must form an unique identifier across the cluster.
|
||||
If the same index is used by several resources, those resources might be incorrectly labeled.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -3010,7 +3011,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
|
||||
| `type`
|
||||
| `string`
|
||||
| Type for the file reference: "configmap" or "secret".
|
||||
| Type for the file reference: `configmap` or `secret`.
|
||||
|
||||
|===
|
||||
== .spec.processor.resources
|
||||
@@ -3236,7 +3237,7 @@ Type::
|
||||
|
||||
| `caCert`
|
||||
| `object`
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority
|
||||
| `caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
|
||||
| `enable`
|
||||
| `boolean`
|
||||
@@ -3249,14 +3250,14 @@ If set to `true`, the `caCert` field is ignored.
|
||||
|
||||
| `userCert`
|
||||
| `object`
|
||||
| `userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
| `userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
|
||||
|===
|
||||
== .spec.prometheus.querier.manual.tls.caCert
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority
|
||||
`caCert` defines the reference of the certificate for the Certificate Authority.
|
||||
--
|
||||
|
||||
Type::
|
||||
@@ -3295,7 +3296,7 @@ If the namespace is different, the config map or the secret is copied so that it
|
||||
Description::
|
||||
+
|
||||
--
|
||||
`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)
|
||||
`userCert` defines the user certificate reference and is used for mTLS. When you use one-way TLS, you can ignore this property.
|
||||
--
|
||||
|
||||
Type::
|
||||
|
||||
Reference in New Issue
Block a user