Enable FlowExporter for Antrea in guest cluster
search cancel

Enable FlowExporter for Antrea in guest cluster

book

Article ID: 410650

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

The article's purpose is to talk about how to enable L4 FlowExporter for Antrea in guest cluster

Note:

  • L7 FlowExporter is not officially supported in VKS.
  • L4 FlowExporter is officially supported starting with VKR 1.34 and only in the context of the vRNI integration.

Environment

vSphere Kubernetes Service

Cause

antreaconfigs.cni.tanzu.vmware.com is available from VKR 1.31 which can be used to enable flowexporter for Antrea in guest cluster.

Resolution

Add a FlowExporter configuration toggle to antrea-agent to explicitly enable/disable flow exports. Needs to set the following in addition to the feature gate:

flowExporter:
  enable: true

Apply the below procedures:

  1. Login supervisor cluster and switch supervisor context:

    kubectl vsphere login --vsphere-username [email protected] --server=https://xx.xxx.xxx.xx --insecure-skip-tls-verify
    kubectl config use-context xx.xxx.xx.xx

  2. List all the antreaConfig:

    kubectl get antreaconfigs.cni.tanzu.vmware.com -A

  3. Edit the antreaconf of guest cluster:

    kubectl edit antreaconfigs.cni.tanzu.vmware.com xxx -n <namespace>

  4. Add enable: true to the flowExporter part. For example:

    flowExporter:
      enable: true
      activeFlowTimeout: 30s
      collectorAddress: flow-aggregator.flow-aggregator.svc:4739:tls
      idleFlowTimeout: 15s
      pollInterval: 5s

  5. Save the change.
  6. Login guest cluster:

    kubectl vsphere login --vsphere-username [email protected] --server=https://xx.xxx.xxx.xx --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace <namespace> --tanzu-kubernetes-cluster-name <guest-cluster-name>

  7. Restart antra agents inside the guest cluster:

    kubectl rollout restart ds antrea-agent -n kube-system
Powered by Wolken Software