-
Notifications
You must be signed in to change notification settings - Fork 292
/
example.yaml
1755 lines (1542 loc) · 67.5 KB
/
example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
## Agent Group ID
vtap_group_id: g-xxxxxx
####################
## Resource Limit ##
####################
## CPU Limit (in CPU Cores)
## Unit: number of logical cores. Default: 1. Range: [1, 1000]
## Note: deepflow-agent uses cgroups to limit CPU usage. 1 cpu = 1 core.
## The actual CPU limit is based on the lesser of max_cpus and max_millicpus.
## For example, if max_cpus = 2 and max_millicpus = 1500, the actual CPU limit
## would be 1.5 cores.
#max_cpus: 1
## CPU Limit (in MilliCPUs)
## Unit: number of millicpus. Default: 1000. Range: [1, 1000000]
## Note: deepflow-agent uses cgroups to limit CPU usage. 1 millicpu = 1 millicore = 0.001 core.
## The actual CPU limit is based on the lesser of max_cpus and max_millicpus.
## For example, if max_cpus = 2 and max_millicpus = 1500, the actual CPU limit
## would be 1.5 cores.
#max_millicpus: 1000
## Memory Limit
## Unit: M bytes. Default: 768. Range: [128, 100000]
## Note: deepflow-agent uses cgroups to limit memory usage.
#max_memory: 768
## System Free Memory Limit
## Unit: %. Default: 0. Range: [0, 100]
## Note: The limit of the percentage of system free memory.
## Setting sys_free_memory_limit to 0 indicates that the system free memory ratio is not checked.
## 1. When the current system free memory ratio is below sys_free_memory_limit * 70%,
## the agent will automatically restart.
## 2. When the current system free memory ratio is below sys_free_memory_limit but above 70%,
## the agent enters the disabled state.
## 3. When the current system free memory ratio remains above sys_free_memory_limit * 110%,
## the agent recovers from the disabled state.
#sys_free_memory_limit: 0
## Packet Capture Rate Limit
## Unit: Kpps. Default: 200. Range: [1, 1000000]
#max_collect_pps: 200
## NPB (Packet Broker) Traffic Limit
## Unit: Mbps. Default: 1000. Range: [1, 100000]
#max_npb_bps: 1000
## System Load Circuit Breaker Threshold
## Default: 1.0
## Range: [0, 10.0]
## Note: When the load of the Linux system divided by the number of
## CPU cores exceeds this value, the agent automatically enters
## the disabled state. It will automatically recover if it remains
## below 90% of this value for a continuous 5 minutes. Setting it
## to 0 disables this feature.
#system_load_circuit_breaker_threshold: 1.0
## System Load Circuit Breaker Recover
## Default: 0.9
## Range: [0, 10.0]
## Note: When the system load of the Linux system divided by the
## number of CPU cores is continuously below this value for 5
## minutes, the agent can recover from the circuit breaker
## disabled state, and setting it to 0 means turning off the
## circuit breaker feature.
#system_load_circuit_breaker_recover: 0.9
## System Load Circuit Breaker Metric
## Default: load15
## Supported values: load1, load5, load15
## Note: The system load circuit breaker mechanism uses this metric,
## and the agent will check this metric every 10 seconds by default.
#system_load_circuit_breaker_metric: load15
## NPB (Packet Broker) Circuit Breaker Threshold
## Unit: Mbps. Default: 0. Range: [0, 100000]
## Note: When the outbound direction of the NPB interface
## reaches or exceeds the threshold, the distribution will be
## stopped, and then the distribution will be resumed if the
## value is lower than (max_tx_bandwidth - max_npb_bps)*90%
## within 5 consecutive monitoring intervals.
## Attention: When configuring this value, it must be greater
## than max_npb_bps. 0 means disable this feature.
#max_tx_bandwidth: 0
## NPB Circuit Breaker Monitoring Interval
## Unit: second. Default: 10. Range: [1, 60]
## Note: monitoring interval for outbound traffic rate of NPB interface
#bandwidth_probe_interval: 10
## Remote Log Rate
## Unit: lines/hour. Default: 300. Range: [0, 10000]
## Note: deepflow-agent will send logs to deepflow-server, 0 means no limit.
#log_threshold: 300
## Log Level
## Default: INFO. options: DEBUG, INFO, WARNING, ERROR
#log_level: INFO
## Log File Size
## Unit: M bytes. Default: 1000. Range: [10, 10000]
#log_file_size: 1000
## Thread Limit
## Default: 500. Range: [1, 1000]
## Note: Maximum number of threads that deepflow-agent is allowed to launch.
#thread_threshold: 500
## Process Limit
## Default: 10. Range: [1, 100]
## Note: Maximum number of processes that deepflow-agent is allowed to launch.
#process_threshold: 10
#########################
## Basic Configuration ##
#########################
## Regular Expression for TAP (Traffic Access Point)
## Length: [0, 65535]
## Default:
## Localhost: lo
## Common NIC: eth.*|en[osipx].*
## QEMU VM NIC: tap.*
## Flannel: veth.*
## Calico: cali.*
## Cilium: lxc.*
## Kube-OVN: [0-9a-f]+_h$
## Note: Regular expression of NIC name for collecting traffic
#tap_interface_regex: ^(tap.*|cali.*|veth.*|eth.*|en[osipx].*|lxc.*|lo|[0-9a-f]+_h)$
## Extra Capture Network Namespace
## Default: "", means no extra network namespace (default namespace only)
## Description: Traffic will be captured in regex matched namespaces besides the default
# namespace. NICs captured in extra namespaces are also filtered with `tap_interface_regex`.
#extra_netns_regex:
## Traffic Capture Filter
## Length: [1, 512]
## Note: If not configured, all traffic will be collected. Please
## refer to BPF syntax: https://biot.com/capstats/bpf.html
#capture_bpf:
## Maximum Packet Capture Length
## Unit: bytes. Default: 65535. Range: [128, 65535]
## Note: DPDK environment does not support this configuration.
#capture_packet_size: 65535
## Traffic Capture API
## Default: 0, means adaptive. Options: 0, 2 (AF_PACKET V2), 3 (AF_PACKET V3)
## Description: Traffic capture API in Linux environment
#capture_socket_type: 0
## Traffic Tap Mode
## Default: 0, means local.
## Options: 0, 1 (virtual mirror), 2 (physical mirror, aka. analyzer mode)
## Note: Mirror mode is used when deepflow-agent cannot directly capture the
## traffic from the source. For example:
## - in the K8s macvlan environment, capture the Pod traffic through the Node NIC
## - in the Hyper-V environment, capture the VM traffic through the Hypervisor NIC
## - in the ESXi environment, capture traffic through VDS/VSS local SPAN
## - in the DPDK environment, capture traffic through DPDK ring buffer
## Use Analyzer mode when deepflow-agent captures traffic through physical switch
## mirroring.
#tap_mode: 0
## Decapsulation Tunnel Protocols
## Default: [1, 2], means VXLAN and IPIP. Options: 1 (VXLAN), 2 (IPIP), 3 (GRE), 4 (Geneve)
#decap_type:
#- 1
#- 2
## VM MAC Address Extraction
## Default: 0
## Options:
## 0: extracted from tap interface MAC address
## 1: extracted from tap interface name
## 2: extracted from the XML file of the virtual machine
## Note: How to extract the real MAC address of the virtual machine when the
## agent runs on the KVM host
#if_mac_source: 0
## VM XML File Directory
## Default: /etc/libvirt/qemu/
## Length: [0, 100]
#vm_xml_path: /etc/libvirt/qemu/
## Active Sync Interval
## Unit: second. Default: 60. Range: [10, 3600]
## Note: The interval at which deepflow-agent actively requests configuration and
## tag information from deepflow-server.
#sync_interval: 60
## Platform Sync Interval
## Unit: second. Default: 10. Range: [10, 3600]
## Note: The interval at which deepflow-agent actively reports resource information
## to deepflow-server.
#platform_sync_interval: 10
## Maximum Escape Time
## Unit: seconds. Default: 3600. Range: [600, 2592000]
## Note: The maximum time that the agent is allowed to work normally when it
## cannot connect to the server. After the timeout, the agent automatically
## enters the disabled state.
#max_escape_seconds: 3600
## UDP maximum MTU, unit: bytes, default value: 1500, value range [500, 10000]
## Note: Maximum MTU allowed when using UDP to transfer data.
## Attention: Public cloud service providers may modify the content of the
## tail of the UDP packet whose packet length is close to 1500 bytes. When
## using UDP transmission, it is recommended to set a slightly smaller value.
#mtu: 1500
## Raw UDP VLAN Tag
## Default: 0, means no VLAN tag. Range: [0, 4095]
## Note: When using Raw Socket to transmit UDP data, this value can be used to
## set the VLAN tag
#output_vlan: 0
## Request NAT IP
## Default: 0. Options: 0, 1
## Note: Used when deepflow-agent uses an external IP address to access
## deepflow-server. For example, when deepflow-server is behind a NAT gateway,
## or the host where deepflow-server is located has multiple node IP addresses
## and different deepflow-agents need to access different node IPs, you can
## set an additional NAT IP for each deepflow-server address, and modify this
## value to 1.
#nat_ip_enabled: 0
## Log Retention Time
## Unit: days. Default: 30. Range: [7, 365]
#log_retention: 300
## Control Plane Server Port
## Default: 30035. Range: 1-65535
## Note: The control plane port used by deepflow-agent to access deepflow-server.
## The default port within the same K8s cluster is 20035, and the default port
## of deepflow-agent outside the cluster is 30035.
#proxy_controller_port: 30035
## Data Plane Server Port
## Default: 30033. Range: 1-65535
## Note: The data plane port used by deepflow-agent to access deepflow-server.
## The default port within the same K8s cluster is 20033, and the default port
## of deepflow-agent outside the cluster is 30033.
#analyzer_port: 30033
## Fixed Control Plane Server IP
## Note: When this value is set, deepflow-agent will use this IP to access the
## control plane port of deepflow-server, which is usually used when
## deepflow-server uses an external load balancer.
#proxy_controller_ip:
## Fixed Data Plane Server IP
## Note: When this value is set, deepflow-agent will use this IP to access the
## data plane port of deepflow-server, which is usually used when
## deepflow-server uses an external load balancer.
#analyzer_ip:
#############################
## Collector Configuration ##
#############################
## Data Socket Type
## Default: TCP. Options: TCP, UDP, FILE
## Note: It can only be set to FILE in standalone mode, in which case
## l4_flow_log and l7_flow_log will be written to local files.
#collector_socket_type: TCP
## PCAP Socket Type
## Default: TCP. Options: TCP, UDP, RAW_UDP
## Note: RAW_UDP uses RawSocket to send UDP packets, which has the highest
## performance, but there may be compatibility issues in some environments.
#compressor_socket_type: TCP
## HTTP Real Client Key
## Default: X-Forwarded-For.
## Note: It is used to extract the real client IP field in the HTTP header,
## such as X-Forwarded-For, etc. Leave it empty to disable this feature.
#http_log_proxy_client: X-Forwarded-For
## HTTP X-Request-ID Key
## Default: X-Request-ID
## Note: It is used to extract the fields in the HTTP header that are used
## to uniquely identify the same request before and after the gateway,
## such as X-Request-ID, etc. This feature can be turned off by setting
## it to empty.
#http_log_x_request_id: X-Request-ID
## TraceID Keys
## Default: traceparent, sw8.
## Note: Used to extract the TraceID field in HTTP and RPC headers, supports filling
## in multiple values separated by commas. This feature can be turned off by
## setting it to empty.
#http_log_trace_id: traceparent, sw8
## SpanID Keys
## Default: traceparent, sw8.
## Note: Used to extract the SpanID field in HTTP and RPC headers, supports filling
## in multiple values separated by commas. This feature can be turned off by
## setting it to empty.
#http_log_span_id: traceparent, sw8
## Protocol Identification Maximun Packet Length
## Default: 1024. Bpf Range: [256, 65535], Ebpf Range: [256, 16384]
## Note: The maximum data length used for application protocol identification,
## note that the effective value is less than or equal to the value of
## capture_packet_size.
#l7_log_packet_size: 1024
## Maximum Sending Rate for l4_flow_log
## Default: 10000. Range: [100, [1000000]
## Note: The maximum number of rows of l4_flow_log sent per second, when the actual
## number of rows exceeds this value, sampling is triggered.
#l4_log_collect_nps_threshold: 10000
## Maximum Sending Rate for l7_flow_log
## Default: 10000. Range: [100, [1000000]
## Note: The maximum number of rows of l7_flow_log sent per second, when the actual
## number of rows exceeds this value, sampling is triggered.
#l7_log_collect_nps_threshold: 10000
#######################
## NPB Configuration ##
#######################
## NPB Socket Type
## Default: RAW_UDP. Options: UDP, RAW_UDP
## Note: RAW_UDP uses RawSocket to send UDP packets, which has the highest
## performance, but there may be compatibility issues in some environments.
#npb_socket_type: RAW_UDP
## Inner Additional Header
## Default: 0, means none. Options: 0, 1 (Additional 802.1Q Header), 2 (QinQ)
## Note: Whether to add an extra 802.1Q header to NPB traffic, when this value is
## set, deepflow-agent will insert a VLAN Tag into the NPB traffic header, and
## the value is the lower 12 bits of TunnelID in the VXLAN header.
#npb_vlan_mode: 0
##############################
## Management Configuration ##
##############################
## KVM/Host Metadata Collection
## Default: 0, means disabled. Options: 0 (disabled), 1 (enabled).
## Node: When enabled, deepflow-agent will automatically synchronize virtual
## machine and network information on the KVM (or Host) to deepflow-server.
#platform_enabled: 0
## Self Log Sending
## Default: 1, means enabled. Options: 0 (disabled), 1 (enabled).
## Note: When enabled, deepflow-agent will send its own logs to deepflow-server.
#rsyslog_enabled: 1
## NTP Synchronization
## Default: 0, means enabled. Options: 0 (disabled), 1 (enabled).
## Note: Whether to synchronize the clock to the deepflow-server, this behavior
## will not change the time of the deepflow-agent running environment.
#ntp_enabled: 0
## Resource MAC/IP Address Delivery
## Default: 0, which means all domains, or can be set to a list of lcuuid of a
## series of domains, you can get lcuuid through 'deepflow-ctl domain list'.
## Note: The list of MAC and IP addresses is used by deepflow-agent to inject tags
## into data. This configuration can reduce the number and frequency of MAC and
## IP addresses delivered by deepflow-server to deepflow-agent. When there is no
## cross-domain service request, deepflow-server can be configured to only deliver
## the information in the local domain to deepflow-agent.
#domains:
#- 0
## Pod MAC/IP Address Delivery
## Default: 0, which means all K8s cluster.
## Options: 0 (all K8s cluster), 1 (local K8s cluster).
## Note: The list of MAC and IP addresses is used by deepflow-agent to inject tags
## into data. This configuration can reduce the number and frequency of MAC and IP
## addresses delivered by deepflow-server to deepflow-agent. When the Pod IP is not
## used for direct communication between the K8s cluster and the outside world,
## deepflow-server can be configured to only deliver the information in the local
## K8s cluster to deepflow-agent.
#pod_cluster_internal_ip: 0
########################
## Collector Switches ##
########################
## AutoMetrics & AutoLogging
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: When disabled, deepflow-agent will not send metrics and logging data
## collected using eBPF and cBPF.
#collector_enabled: 1
## Detailed Metrics for Inactive Port
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: When closed, deepflow-agent will not generate detailed metrics for each
## inactive port (ports that only receive data, not send data), and the data of
## all inactive ports will be aggregated into the metrics with a tag
## 'server_port = 0'.
#inactive_server_port_enabled: 1
## Detailed Metrics for Inactive IP Address
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: When closed, deepflow-agent will not generate detailed metrics for each
## inactive IP address (IP addresses that only receive data, not send data), and
## the data of all inactive IP addresses will be aggregated into the metrics with
## a tag 'ip = 0'.
#inactive_ip_enabled: 1
## NPM Metrics
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: When closed, deepflow-agent only collects some basic throughput metrics.
#l4_performance_enabled: 1
## APM Metrics
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: When closed, deepflow-agent will not collect RED (request/error/delay) metrics.
#l7_metrics_enabled: 1
## Second Granularity Metrics
## Default: 1. Options: 0 (disabled), 1 (enabled).
#vtap_flow_1s_enabled: 1
## TAPs Collect l4_flow_log
## Default: 0, which means all TAPs. Options: -1 (disabled), 0 (all TAPs)
## Note: The list of TAPs to collect l4_flow_log, you can also set a list of TAPs to
## be collected.
#l4_log_tap_types:
#- 0
## TAPs Collect l7_flow_log
## Default: 0, which means all TAPs. Options: -1 (disabled), 0 (all TAPs)
## Note: The list of TAPs to collect l7_flow_log, you can also set a list of TAPs to
## be collected.
#l7_log_store_tap_types:
#- 0
## L4 flow log ignored tap sides
## Default: [], stores everything.
## Note: Use the value of tap_side to control which l4_flow_log should be ignored for
## collection. This configuration also applies to tcp_sequence and pcap data in
## the Enterprise Edition.
## Supported values:
## - 0 (rest: Other NIC)
## - 1 (c: Client NIC)
## - 2 (s: Server NIC)
## - 4 (local: Local NIC)
## - 9 (c-nd: Client K8s Node)
## - 10 (s-nd: Server K8s Node)
## - 17 (c-hv: Client VM Hypervisor)
## - 18 (s-hv: Server VM Hypervisor)
## - 25 (c-gw-hv: Client-side Gateway Hypervisor)
## - 26 (s-gw-hv: Server-side Gateway Hypervisor)
## - 33 (c-gw: Client-side Gateway)
## - 34 (s-gw: Server-side Gateway)
## - 41 (c-p: Client Process)
## - 42 (s-p: Server Process)
#l4_log_ignore_tap_sides: []
## L7 flow log ignored tap sides
## Default: [], stores everything.
## Note: Use the value of tap_side to control which l7_flow_log should be ignored for
## collection.
## Supported values: See `l4_log_ignore_tap_sides`.
#l7_log_ignore_tap_sides: []
############
## plugin ##
############
## wasm plugin need to load in agent
#wasm_plugins: []
## so plugin need to load in agent
## Note: so plugin use dlopen flag RTLD_LOCAL and RTLD_LAZY to open the so file, it mean that
## the so must solve the link problem by itself
#so_plugins: []
## Data Integration Socket
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: Whether to enable receiving external data sources such as Prometheus,
## Telegraf, OpenTelemetry, and SkyWalking.
#external_agent_http_proxy_enabled: 1
## Listen Port of the Data Integration Socket
## Default: 38086. Options: [1, 65535]
#external_agent_http_proxy_port: 38086
##################
## NPB Switches ##
##################
## Global Deduplication
## Default: 1. Options: 0 (disabled), 1 (enabled).
## Note: Whether to enable global (distributed) traffic deduplication for the
## NPB feature.
#npb_dedup_enabled: 1
############################
## Advanced Configuration ##
############################
#static_config:
###################
## K8s apiserver ##
###################
## K8s Namespace
## Note: Used when deepflow-agent has only one k8s namespace query permission.
#kubernetes-namespace:
## K8s api list limit
## Default: 1000. Options: [10, 4294967296)
## Note: Used when limit k8s api list entry size.
#kubernetes-api-list-limit: 1000
## K8s api list interval
## Default: 10m. Must be larger than or equal to 10m.
## Note: Interval of listing resource when watcher idles
#kubernetes-api-list-interval: 10m
## K8s api resources
## Note: Specify kubernetes resources to watch.
# The schematics of entries in list is:
# {
# name: string
# group: string
# version: string
# disabled: bool
# field-selector: string
# }
#
# Agent will watch the following resources by default:
# - namespaces
# - nodes
# - pods
# - replicationcontrollers
# - services
# - daemonsets
# - deployments
# - replicasets
# - statefulsets
# - ingresses
#
# To disable a resource, add an entry to the list with `disabled: true`:
#
# kubernetes-resources:
# - name: services
# disabled: true
#
# To enable a resource, add an entry of this resource to the list. Be advised that
# this setting overrides the default of the same resource. For example, to enable
# `statefulsets` in both group `apps` (the default) and `apps.kruise.io` will require
# two entries:
#
# kubernetes-resources:
# - name: statefulsets
# group: apps
# - name: statefulsets
# group: apps.kruise.io
# version: v1beta1
#
# The old `ingress-flavour` setting is deprecated. Watching `routes` in openshift will
# use these settings:
#
# kubernetes-resources:
# - name: ingresses
# disabled: true
# - name: routes
#
#kubernetes-resources: []
## [Deprecated] Type of Ingress
## Note: This config is deprecated. Use `kubernetes-resources` instead.
#ingress-flavour: kubernetes
## Pod MAC/IP Address Query Method
## Default: adaptive. Options: adaptive, active, passive.
## Note: In active mode, deepflow-agent enters the netns of other Pods through
## setns syscall to query the MAC and IP addresses. In this mode, the setns
## operation requires the SYS_ADMIN permission. In passive mode deepflow-agent
## calculates the MAC and IP addresses used by Pods by capturing ARP/ND traffic.
## When set to adaptive, active mode will be used first.
#kubernetes-poller-type: adaptive
#########################
## Debug Configuration ##
#########################
## Golang Profiler
## Note: Only available for Trident (Golang version of Agent).
#profiler: false
## Client Port for deepflow-agent-ctl
## Default: 0, which means use a random client port number.
## Note: Only available for Trident (Golang version of Agent).
#debug-listen-port: 0
## StatsD Counters For Sniffer
## Note: Only available for Trident (Golang version of Agent).
#enable-debug-stats: false
###############
## AF_PACKET ##
###############
## AF_PACKET Blocks Switch
## Note: When tap_mode != 2, you need to explicitly turn on this switch to
## configure 'afpacket-blocks'.
#afpacket-blocks-enabled: false
## AF_PACKET Blocks
## Default: 128, Range: [8, +oo)
## Note: deepflow-agent will automatically calculate the number of blocks
## used by AF_PACKET according to max_memory, which can also be specified
## using this configuration item. The size of each block is fixed at 1MB.
#afpacket-blocks: 128
###################
## Analyzer Mode ##
###################
## Mirror Traffic Dedup
## Note: Whether to enable mirror traffic deduplication when tap_mode = 2.
#analyzer-dedup-disabled: false
## Buffer block size used to store raw packet.
## Larger value will reduce memory allocation for raw packet, but will also
## delay memory free.
## Default: 65536, Range: [65536: +oo)
#analyzer-raw-packet-block-size: 65536
## Default TAP for Mirror Traffic
## Default: 3, means Cloud Network
## Options: 1-2,4-255 (IDC Network), 3 (Cloud Network)
## Note: deepflow-agent will mark the TAP (Traffic Access Point) location
## according to the outer vlan tag in the mirrored traffic of the physical
## switch. When the vlan tag has no corresponding TAP value, or the vlan
## pcp does not match the 'mirror-traffic-pcp', it will assign the TAP value.
## This configuration item.
#default-tap-type: 3
## Mirror Traffic PCP
## Default: 0, Range: [0, 9]
## Note: When mirror-traffic-pcp <= 7 calculate TAP value from vlan tag only if vlan pcp matches this value.
## when mirror-traffic-pcp is 8 calculate TAP value from outer vlan tag, when mirror-traffic-pcp is 9
## calculate TAP value from inner vlan tag.
#mirror-traffic-pcp: 0
## NFVGW Traffic
## Note: Whether it is the mirrored traffic of NFVGW (cloud gateway).
#cloud-gateway-traffic: false
############
## Sender ##
############
## RAW_UDP Sender Performance Optimization
## Note: When sender uses RAW_UDP to send data, this feature can be enabled to
## improve performance. Linux Kernel >= 3.14 is required. Note that the data
## sent when this feature is enabled cannot be captured by tcpdump.
#enable-qos-bypass: false
#####################
## NPB/PCAP Policy ##
#####################
## Fast Path Map Size
## Note: When set to 0, deepflow-agent will automatically adjust the map size
## according to max_memory.
#fast-path-map-size: 0
## Fast Path Disabled
## Note: When set to true, deepflow-agent will not use fast path.
#fast-path-disabled: false
## Forward Table Capacity
## Default: 16384. Range: [16384, +oo)
## Note: When this value is larger, the more memory usage may be
#forward-capacity: 16384
## Fast Path Level
## Default: 8. Range: [1, 16]
## Note: When this value is larger, the memory overhead is smaller, but the
## performance of policy matching is worse.
#first-path-level: 8
################
## Dispatcher ##
################
## TAP NICs when tap_mode != 0
## Note: Deprecated and instead use tap_interface_regex
#src-interfaces:
#- dummy0
#- dummy1
## Bond sub interface configuration
## Default: []
## Note: Packets of interfaces in the same group can be aggregated together,
## Only effective when tap_mode is 0.
#tap-interface-bond-groups:
#- tap-interfaces: []
## Local dispatcher count
## Default: 1. Range: [1, +oo)
## Note: The configuration takes effect when tap_mode is 0 and extra_netns_regex is null,
## PACKET_FANOUT is to enable load balancing and parallel processing, which can improve
## the performance and scalability of network applications. When the `local-dispatcher-count`
## is greater than 1, multiple dispatcher threads will be launched, consuming more CPU and
## memory. Increasing the `local-dispatcher-count` helps to reduce the operating system's
## software interrupts on multi-core CPU servers.
#local-dispatcher-count: 1
## Packet fanout mode
## Note: The configuration is a parameter used with the PACKET_FANOUT feature in the Linux
## kernel to specify the desired packet distribution algorithm. Refer to
## https://github.com/torvalds/linux/blob/afcd48134c58d6af45fb3fdb648f1260b20f2326/include/uapi/linux/if_packet.h#L71
## https://www.stackpath.com/blog/bpf-hook-points-part-1/
## Default: 0. Range: [0, 7]
## PACKET_FANOUT_HASH = 0
## PACKET_FANOUT_LB = 1
## PACKET_FANOUT_CPU = 2
## PACKET_FANOUT_ROLLOVER = 3
## PACKET_FANOUT_RND = 4
## PACKET_FANOUT_QM = 5
## PACKET_FANOUT_CBPF = 6
## PACKET_FANOUT_EBPF = 7
#packet-fanout-mode: 0
## Dispatcher queue
## Note: The configuration takes effect when tap_mode is 0 or 2, dispatcher-queue is always true when tap_mode is 2
#dispatcher-queue: false
####################
## InMemory Queue ##
####################
## Queue Size of FlowGenerator Output
## Default: 65536. Range: [65536, +oo)
## Note: the length of the following queues:
## - 1-tagged-flow-to-quadruple-generator
## - 1-tagged-flow-to-app-protocol-logs
## - 0-{flow_type}-{port}-packet-to-tagged-flow, flow_type: sflow, netflow
#flow-queue-size: 65536
## Queue Size of QuadrupleGenerator Output
## Default: 262144. Range: [262144, +oo)
## Note: the length of the following queues:
## - 2-flow-with-meter-to-second-collector
## - 2-flow-with-meter-to-minute-collector
#quadruple-queue-size: 262144
## Queue Size of Collector Output
## Default: 65536. Range: [65536, +oo)
## Note: the length of the following queues:
## - 2-doc-to-collector-sender
#collector-sender-queue-size: 65536
## Queue Count of Collector Output
## Default: 1. Range: [1, +oo)
## Note: The number of replicas for each output queue of the collector.
#collector-sender-queue-count: 1
## Queue Size of tcp option address info sync queue size
## Default: 65536. Range: [1, +oo)
## Note: The number of replicas for each output queue of the collector.
#toa-sender-queue-size: 65536
## Queue Size of FlowAggregator/SessionAggregator Output
## Default: 65536. Range: [65536, +oo)
## Note: the length of the following queues:
## - 3-flow-to-collector-sender
## - 3-protolog-to-collector-sender
#flow-sender-queue-size: 65536
## Queue Count of FlowAggregator/SessionAggregator Output
## Default: 1. Range: [1, +oo)
## Note: The number of replicas for each output queue of the
## FlowAggregator/SessionAggregator.
#flow-sender-queue-count: 1
## Queue Size for Analyzer Mode
## Default: 131072. Range: [65536, +oo)
## Note: the length of the following queues (only for tap_mode = 2):
## - 0.1-bytes-to-parse
## - 0.2-packet-to-flowgenerator
## - 0.3-packet-to-pipeline
#analyzer-queue-size: 131072
#########
## LRU ##
#########
## Size of tcp option address info cache size
## Default: 65536. Range: [1, +oo)
#toa-lru-cache-size: 65536
###########################
## Time Window Tolerance ##
###########################
## Extra Tolerance for QuadrupleGenerator Receiving 1s-FlowLog
## Format: ${number}${time_unit}
## Example: 1s, 2m, 10h
#second-flow-extra-delay-second: 0s
## Maximum Tolerable Packet Delay
## Default: 1s
## Format: $number$time_unit
## Example: 1s, 2m, 10h
## Note: The timestamp carried by the packet captured by AF_PACKET may be delayed
## from the current clock, especially in heavy traffic scenarios, which may be
## as high as nearly 10s.
#packet-delay: 1s
## l7_flow_log Aggregate Window
## Default: 120s. Range: [20s, 300s]
## Format: $number$time_unit
## Example: 1s, 2m, 10h
#l7-log-session-aggr-timeout: 120s
## Capacity of Each l7_flow_log Aggregation Time Slot
## Default: 1024. Range: [1024, +∞)
## Note: By default, unidirectional l7_flow_log is aggregated into bidirectional
## request_log (session) with a caching time window of 2 minutes. During this
## period, every 5 seconds is considered as a time slot (i.e., a LRU). This
## configuration is used to specify the maximum number of unidirectional l7_flow_log
## entries that can be cached in each time slot.
## If the number of l7_flow_log entries cached in a time slot exceeds this
## configuration, 10% of the data in that time slot will be evicted based on the
## LRU strategy to reduce memory consumption. Note that the evicted data will not be
## discarded; instead, they will be sent to the deepflow-server as unidirectional
## request_log.
## The following metrics can be used as reference data for adjusting this
## configuration:
## - Metric `deepflow_system.deepflow_agent_l7_session_aggr.cached-request-resource`
## Used to record the total memory occupied by the request_resource field of the
## unidirectional l7_flow_log cached in all time slots at the current moment, in bytes
## - Metric `deepflow_system.deepflow_agent_l7_session_aggr.over-limit`
## Used to record the number of times eviction is triggered due to reaching the
## LRU capacity limit
#l7-log-session-slot-capacity: 1024
##########
## PCAP ##
##########
#pcap:
## Queue Size to PCAP Generator
## Default: 65536. Range: [65536, +oo)
## Note: the length of the following queues:
## - 1-mini-meta-packet-to-pcap
#queue-size: 65536
## Pcap buffer size for each flow
## Default: 64K
## Note: buffer flushes when one of the flows reach this limit
#flow-buffer-size: 65536
## Total pcap buffer size
## Default: 96K
## Note: buffer flushes when total data size reach this limit
## cannot exceed sender buffer size 128K
#buffer-size: 98304
## Flow flush interval
## Default: 1m
## Note: flushes a flow if its first packet were older then this interval
#flush-interval: 1m
#############################
## FlowMap (FlowGenerator) ##
#############################
#flow:
## HashSlot Size of FlowMap
## Default: 131072
## Note: Since FlowAggregator is the first step in all processing, this value
## is also widely used in other hash tables such as QuadrupleGenerator,
## Collector, etc.
#flow-slots-size: 131072
## Maximum Flow
## Default: 65535
## Note: Maximum number of flows that can be stored in FlowMap, It will also affect the capacity of
## the RRT cache, Example: rrt-cache-capacity = flow-count-limit. When rrt-cache-capacity is
## not enough, it will be unable to calculate the rrt of l7.
#flow-count-limit: 65535
## Queue Size of FlowAggregator (1s->1m)
## Default: 65536. Range: [65536, +oo)
## Note: the length of the following queues:
## - 2-second-flow-to-minute-aggrer
#flow-aggr-queue-size: 65535
## Flush Interval of FlowMap Output Queue
## Format: $number$time_unit
## Example: 1s, 2m, 10h
## Note: Flush interval of the queue connected to the collector.
#flush-interval: 1s
## Ignore MAC when Generate Flow
## Note: When the MAC addresses of the two-way traffic collected at the same
## location are asymmetrical, the traffic cannot be aggregated into a Flow.
## You can set this value at this time. Only valid for Cloud (not IDC) traffic.
#ignore-tor-mac: false
## Ignore L2End when Generate Flow
## Note: For Cloud traffic, only the MAC address corresponding to the side with
## L2End = true is matched when generating the flow. Set this value to true to
## force a double-sided MAC address match and only aggregate traffic with
## exactly equal MAC addresses.
#ignore-l2-end: false
## Ignore VLAN when Generate Flow
## Note: When the VLAN of the two-way traffic collected at the same location
## are asymmetrical, the traffic cannot be aggregated into a Flow. You can
## set this value at this time. Only valid for IDC (not Cloud) traffic.
#ignore-idc-vlan: false
## Timeouts for TCP State Machine
## Format: $number$time_unit
## Example: 1s, 2m, 10h
#established-timeout: 300s
#closing-rst-timeout: 35s
#others-timeout: 5s
#opening-rst-timeout: 1s
## Size of memory pool used in flow_map
## Default: 65536
## Note: This value is used to set max length of memory pool in FlowMap
## Memory pools are used for frequently create and destroy objects like
## FlowNode, FlowLog, etc.
#memory-pool-size: 65536
## Service port list, priority lower than TCP SYN flags
## Example:
## server-ports:
## - 80
## - 443
#server-ports: []
## Max size of batched buffer
## Default: 131072. Range: [1024, +oo)
## Note: Only TaggedFlow allocation is affected at the moment.
## Structs will be allocated in batch to minimalize malloc calls.
## Total memory size of a batch will not exceed this limit.
## A number larger than 128K is not recommended because the default
## MMAP_THRESHOLD is 128K, allocating chunks larger than 128K will
## result in calling mmap and more page faults.
#batched-buffer-size-limit: 131072
#####################
## DPDK RecvEngine ##
#####################
## Enable for DPDK RecvEngine
## Note: The DPDK RecvEngine is only started when this configuration item is turned on.
## Note that you also need to set tap_mode to 1. Please refer to
## https://dpdk-docs.readthedocs.io/en/latest/prog_guide/multi_proc_support.html
#dpdk-enabled: false
########################
## Libpcap RecvEngine ##
########################
## Enable for Libpcap RecvEngine
## Note: Supports running on Windows and Linux, Low performance when using multiple interfaces.
## Default to true in Windows, false in Linux.
#libpcap-enabled: false
###########################
## vHost User RecvEngine ##
###########################
## Enable for vHost User RecvEngine
## Note: Supports running on Linux with mirror mode.
#vhost-socket-path:
#################################
## sFlow / NetFlow / NetStream ##
#################################
## sFlow & NetFlow Server Ports
#xflow-collector:
## sFlow Server Ports
## Default: [], means that no sFlow data will be collected.
## Note: This feature is only supported by the Enterprise Edition of Trident.
## In general, sFlow uses port 6343.
#sflow-ports: []
## NetFlow Server Ports
## Default: [], means that no NetFlow data will be collected.
## Note: This feature is only supported by the Enterprise Edition of Trident.
## Additionally, only NetFlow v5 is currently supported. In general, NetFlow
## uses port 2055.
#netflow-ports: []
#########
## NPB ##
#########
## Server Port for NPB
#npb-port: 4789
## Reserve Flags for VXLAN
## Default: 0xff. Range: [0x00, 0xff], except 0x8.
## Note: NPB uses the first byte of the VXLAN Flag to identify the sending traffic to
## prevent the traffic sent by NPB from being collected by deepflow-agent. To ensure
## that the VNI bit is set, the value configured here will be used after |= 0x8.
#vxlan-flags: 0xff
## NPB Packet ignoring VLAN Header in overlay
## Default: false. Range: [true, false]
## Note:
## This configuration only ignores the VLAN header in the captured original message
## and does not affect the configuration item: npb_vlan_mode
#ignore-overlay-vlan: false
############
## Tunnel ##
############
## Remove Tunnel Header
## Default: [], Range: [ERSPAN, VXLAN, TEB]