mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
48 lines
1.5 KiB
Plaintext
48 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// network_observability/observing-network-traffic.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="network-observability-configuring-ipsec-with-flow-collector-resource_{context}"]
|
|
= Configuring IPsec with the FlowCollector custom resource
|
|
|
|
[role="_abstract"]
|
|
Enable IPsec tracking in the `FlowCollector` resource to monitor encrypted traffic, adding an IPsec status column to the traffic flow view and generating a dedicated encryption dashboard.
|
|
|
|
In {product-title}, IPsec is disabled by default. You can enable IPsec by following the instructions in "Configuring IPsec encryption".
|
|
|
|
.Prerequisite
|
|
|
|
* You have enabled IPsec encryption on {product-title}.
|
|
|
|
.Procedure
|
|
. In the web console, navigate to *Ecosystem* -> *Installed Operators*.
|
|
. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
|
|
. Select *cluster* then select the *YAML* tab.
|
|
. Configure the `FlowCollector` custom resource for IPsec:
|
|
+
|
|
.Example configuration of `FlowCollector` for IPsec
|
|
[source, yaml]
|
|
----
|
|
apiVersion: flows.netobserv.io/v1beta2
|
|
kind: FlowCollector
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
namespace: netobserv
|
|
agent:
|
|
type: eBPF
|
|
ebpf:
|
|
features:
|
|
- "IPSec"
|
|
----
|
|
|
|
.Verification
|
|
|
|
When IPsec is enabled:
|
|
|
|
* A new column named *IPsec Status* is displayed in the network observability *Traffic flows* view to show whether a flow was successfully IPsec-encrypted or if there was an error during encryption/decryption.
|
|
|
|
* A new dashboard showing the percent of encrypted traffic is generated.
|
|
|