OSDOCS-6642: DNS tracking Network Observability

modules/network-observability-dns-overview.adoc

@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_content-type: REFERENCE
+[id="network-observability-dns-overview_{context}"]
+= Configuring DNS
+You can configure graphical representation of DNS tracking of network flows in the Overview view. See the _Sample `FlowCollector` Resource for more information about enabling this view. When enabled, you can see the following metrics represented in a chart:
+
+* Top 5 average DNS latencies
+* Top 5 DNS response code
+* Top 5 DNS response code stacked with total

modules/network-observability-flowcollector-view.adoc

@@ -27,8 +27,9 @@ spec:
   agent:
     type: EBPF                                <1>
     ebpf:
-      sampling: 50                            <2>
-      logLevel: info
+      enableDNSTracking: false                <2>
+      sampling: 50                            <3> 
+      logLevel: info                          <2>
       privileged: false
       resources:
         requests:
@@ -45,9 +46,9 @@ spec:
       limits:
         memory: 800Mi
     conversationEndTimeout: 10s
-    logTypes: FLOWS                            <3>
+    logTypes: FLOWS                           <4>
     conversationHeartbeatInterval: 30s
-  loki:                                       <4>
+  loki:                                       <5>
     url: 'https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network'
     statusUrl: 'https://loki-query-frontend-http.netobserv.svc:3100/'
     authToken: FORWARD
@@ -64,7 +65,7 @@ spec:
       enable: true
       portNames:
         "3100": loki
-    quickFilters:                             <5>
+    quickFilters:                             <6>
     - name: Applications
       filter:
         src_namespace!: 'openshift-,netobserv'
@@ -84,7 +85,8 @@ spec:
         dst_kind: 'Service'
 ----
 <1> The Agent specification, `spec.agent.type`, must be `EBPF`. eBPF is the only {product-title} supported option.
-<2> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. Lower sampling values might consume a large amount of computational, memory and storage resources. You can mitigate this by specifying a sampling ratio value. A value of 100 means 1 flow every 100 is sampled. A value of 0 or 1 means all flows are captured. The lower the value, the increase in returned flows and the accuracy of derived metrics. By default, eBPF sampling is set to a value of 50, so 1 flow every 50 is sampled. Note that more sampled flows also means more storage needed. It is recommend to start with default values and refine empirically, to determine which setting your cluster can manage.
-<3> The optional specifications `spec.processor.logTypes`, `spec.processor.conversationHeartbeatInterval`, and `spec.processor.conversationEndTimeout` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The values for `spec.processor.logTypes` are as follows: `FLOWS` `CONVERSATIONS`, `ENDED_CONVERSATIONS`, or `ALL`. Storage requirements are highest for `ALL` and lowest for `ENDED_CONVERSATIONS`.
-<4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
-<5> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
+<2> You can set the `spec.agent.ebpf.enableDNSTracking` and `spec.agent.ebpf.privileged` specifications to `true` to enable DNS tracking of each network flow in the web console.
+<3> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. Lower sampling values might consume a large amount of computational, memory and storage resources. You can mitigate this by specifying a sampling ratio value. A value of 100 means 1 flow every 100 is sampled. A value of 0 or 1 means all flows are captured. The lower the value, the increase in returned flows and the accuracy of derived metrics. By default, eBPF sampling is set to a value of 50, so 1 flow every 50 is sampled. Note that more sampled flows also means more storage needed. It is recommend to start with default values and refine empirically, to determine which setting your cluster can manage.
+<4> The optional specifications `spec.processor.logTypes`, `spec.processor.conversationHeartbeatInterval`, and `spec.processor.conversationEndTimeout` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The values for `spec.processor.logTypes` are as follows: `FLOWS` `CONVERSATIONS`, `ENDED_CONVERSATIONS`, or `ALL`. Storage requirements are highest for `ALL` and lowest for `ENDED_CONVERSATIONS`.
+<5> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
+<6> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.

networking/network_observability/observing-network-traffic.adoc

@@ -12,6 +12,11 @@ As an administrator, you can observe the network traffic in the {product-title}
 include::modules/network-observability-overview.adoc[leveloffset=+1]
 include::modules/network-observability-working-with-overview.adoc[leveloffset=+2]
 include::modules/network-observability-configuring-options-overview.adoc[leveloffset=+2]
+include::modules/network-observability-dns-overview.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+For more information about configuring DNS in the `FlowCollector`, see xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
 
 //Traffic flows
 include::modules/network-observability-trafficflow.adoc[leveloffset=+1]