About Network Observability
Red Hat offers cluster administrators the Network Observability Operator to observe the network traffic for OKD clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with OKD information and stored in Loki. You can view and analyze the stored network flows information in the OKD console for further insight and troubleshooting.
Optional dependencies of the Network Observability Operator
Loki Operator: Loki is the backend that is used to store all collected flows. It is recommended to install Loki to use with the Network Observability Operator. You can choose to use Network Observability without Loki, but there are some considerations for doing this, as described in the linked section. If you choose to install Loki, it is recommended to use the Red Hat Loki Operator, as it is supported by Red Hat.
Grafana Operator: You can install Grafana for creating custom dashboards and querying capabilities, by using an open source product, such as the Grafana Operator. Red Hat does not support the Grafana Operator.
AMQ Streams Operator: Kafka provides scalability, resiliency and high availability in the OKD cluster for large scale deployments. If you choose to use Kafka, it is recommended to use the AMQ Streams Operator, because it is supported by Red Hat.
Network Observability Operator
The Network Observability Operator provides the Flow Collector API custom resource definition. A Flow Collector instance is created during installation and enables configuration of network flow collection. The Flow Collector instance deploys pods and services that form a monitoring pipeline where network flows are then collected and enriched with the Kubernetes metadata before storing in Loki. The eBPF agent, which is deployed as a daemonset
object, creates the network flows.
OKD console integration
OKD console integration offers overview, topology view and traffic flow tables.
Network Observability metrics dashboards
On the Overview tab in the OKD console, you can view the overall aggregated metrics of the network traffic flow on the cluster. You can choose to display the information by node, namespace, owner, pod, and service. Filters and display options can further refine the metrics.
In Observe → Dashboards, the Netobserv dashboard provides a quick overview of the network flows in your OKD cluster. You can view distillations of the network traffic metrics in the following categories:
Top byte rates received per source and destination nodes
Top byte rates received per source and destination namespaces
Top byte rates received per source and destination workloads
Infrastructure and Application metrics are shown in a split-view for namespace and workloads. You can configure the FlowCollector
spec.processor.metrics
to add or remove metrics by changing the ignoreTags
list. For more information about available tags, see the Flow Collector API Reference
Also in Observe → Dashboards, the Netobserv/Health dashboard provides metrics about the health of the Operator in the following categories.
Flows
Flows Overhead
Top flow rates per source and destination nodes
Top flow rates per source and destination namespaces
Top flow rates per source and destination workloads
Agents
Processor
Operator
Infrastructure and Application metrics are shown in a split-view for namespace and workloads.
Network Observability topology views
The OKD console offers the Topology tab which displays a graphical representation of the network flows and the amount of traffic. The topology view represents traffic between the OKD components as a network graph. You can refine the graph by using the filters and display options. You can access the information for node, namespace, owner, pod, and service.
Traffic flow tables
The traffic flow table view provides a view for raw flows, non aggregated filtering options, and configurable columns. The OKD console offers the Traffic flows tab which displays the data of the network flows and the amount of traffic.