OSDOCS-10211: eBPF flow rule filtering #74622
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@skrthomas: This pull request references OSDOCS-10211 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
size/M
skrthomas
force-pushed
the
OSDOCS-10211
branch
2 times, most recently
from
a9015cb
to
eda4bc1
Compare
openshift-ci
bot
added
size/L
skrthomas
force-pushed
the
OSDOCS-10211
branch
6 times, most recently
from
b7871c6
to
f9d7c83
Compare
|
@msherif1234 can you PTAL at this first draft? |
skrthomas
force-pushed
the
OSDOCS-10211
branch
4 times, most recently
from
9c05572
to
5b83ad2
Compare
| :_mod-docs-content-type: PROCEDURE | ||
| [id="network-observability-filtering-ebpf-rule_{context}"] | ||
| = Filtering eBPF flow data with rules | ||
| You can configure the `FlowCollector` to filter eBPF flows using rules as a method to control the flow of packets cached in eBPF's flows table based on certain configuration. |
There was a problem hiding this comment.
its worth mention its single global rule not rules :)
There was a problem hiding this comment.
|
Sample looks weird in preview |
|
@Amoghrd oo, thanks, it looks like I put "====" instead of "----" around my [sample,yaml] box by mistake. I just fixed this. |
skrthomas
force-pushed
the
OSDOCS-10211
branch
2 times, most recently
from
058fc1c
to
a8093b6
Compare
|
/label qe-approved |
openshift-ci
bot
added
the
qe-approved
skrthomas
added
the
peer-review-needed
|
/label peer-review-in-progress |
openshift-ci
bot
added
the
peer-review-in-progress
There was a problem hiding this comment.
This is a really great PR! I've added some thoughts (most are just suggestions for simplifying the language a bit). I'm onboarding to peer review, so @michaelryanpeter will follow after me with his review. Thanks for your patience!
| = eBPF flow rule filter | ||
| You can use rule-based filtering to control the volume of packets cached in the eBPF flow table. For example, a filter can specify that only packets coming from port 100 should be recorded. Then all packets which do not match the filter are not cached and only the ones that match are cached. | ||
|
|
||
| == How ingress and egress traffic filtering works |
There was a problem hiding this comment.
| == How ingress and egress traffic filtering works | |
| == Ingress and egress traffic filtering |
I tried to eliminate "How" based on the IBM quick reference guide.
There was a problem hiding this comment.
Other than the anchor ids and context variable for your module headings, nothing besides a few style nits and supporting suggestions for clarity/minimalism.
Great job!
/label peer-review-done
/remove-label peer-review-in-progress
/remove-label peer-review-needed
| | DestPorts defines the destination ports to filter flows by. To filter a single port, set a single port as an integer value, for example `destPorts: 80`. To filter a range of ports, use a "start-end" range in string format, for example `destPorts: "80-100"`. | ||
|
|
||
| | `icmpType` | ||
| | Defines the ICMP type to filter flows by. |
There was a problem hiding this comment.
Note, while I agree with this suggestion based on my ear, if it is more accurate to use "flows by", the ISG specifies that it is not only okay but preferable to end a sentence with a preposition if it is the simplest way to convey the meaning. https://www.ibm.com/docs/en/ibm-style?topic=grammar-prepositions
observability/network_observability/network-observability-scheduling-resources.adoc
Outdated
Show resolved
Hide resolved
observability/network_observability/network-observability-scheduling-resources.adoc
Outdated
Show resolved
Hide resolved
openshift-ci
bot
added
peer-review-done
|
@skrthomas: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
skrthomas
added
the
merge-review-needed
mburke5678
added
merge-review-in-progress
Version(s):
Merge to only the no-1.6 branch - no cherrypicks are required.
This PR is part of an experiment for simplifying merges for asynchronous content, and I will open one PR against main to incorporate all of the Network Observability 1.6 content just before its GA
Issue:
https://issues.redhat.com/browse/OSDOCS-10211
Link to docs preview:
eBPF flow filter rule: https://74622--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/observing-network-traffic.html#network-observability-ebpf-flow-rule-filter_nw-observe-network-traffic
Flow filter configuration parameters: https://74622--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/observing-network-traffic.html#network-observability-flowcollector-flowfilter-parameters_nw-observe-network-traffic
Filtering eBPF flow data with rules: https://74622--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/observing-network-traffic.html#network-observability-filtering-ebpf-rule_nw-observe-network-traffic
Scheduling Network Observability resources: https://74622--ocpdocs-pr.netlify.app/openshift-enterprise/latest/observability/network_observability/network-observability-scheduling-resources
QE review:
Additional information: