Network Observability
This guide explains how to use network observability features.
Netflow list
Netflow is a network-related metric that tracks sent and received traffic in bytes. Unlike VPC flow logs, it contains rich Kubernetes context.
In the Netflow list, you can find various Kubernetes cluster network metrics.
The combination of dynamic grouping and advanced CEL—based search makes it easy to find the top cross-zone, cross-namespace, traffic to the Internet, and unexpected spikes.
Search examples
Find cross-zone traffic within the Kubernetes cluster. You can also group sources and destinations by zone only.
zone != "" && dst_zone != "" && zone != dst_zone
Find traffic to the internet.
dst_workload_kind=="internet"
Find any traffic from source namespaces.
ns in ["metrics", "kube-system"]
Find any traffic from source to destination namespaces.
ns == "metrics" && dst_ns == "kube-system"
Find GitLab runners containers that process traffic to the internet. For this search, you can group sources by process only. It can also be helpful to sort by received traffic to see the impact on possible NAT processing impact.
ns == "gitlab" && dst_workload_kind == "internet"
Find traffic from the source namespace and pod name prefix.
ns == "gitlab" && pod_name.startsWith("runner-")
All available search fields
CEL search can combine multiple available fields for Netflow metadata.
| Property | Type | Description |
|---|---|---|
| protocol | Enum | Available values for the protocol are udp and tcp |
| process | string | Source container Linux process name. |
| container_name | string | Source Kubernetes container name. |
| pod_name | string | Source Kubernetes pod name. |
| ns | string | Source Kubernetes namespace. |
| zone | string | Source node zone. |
| workload_name | string | Source Kubernetes workload name. |
| workload_kind | string | Source Kubernetes workload kind. |
| node_name | string | Source Kubernetes node name. |
| addr | string | Source IP address |
| dst_domain | string | Destination DNS domain. This field is the best effort and may not always be present. |
| dst_pod_name | string | Destination Kubernetes pod name. |
| dst_ns | string | Destination Kubernetes namespace. |
| dst_workload_name | string | Destination Kubernetes workload kind or other name for special kinds |
| dst_workload_kind | string | Destination Kubernetes workload kind or special kinds such as private for any unknown private IPs and internet for any public IP. |
| dst_node_name | string | Destination Kubernetes node name. |
How to enable Netflow collection
The Netflow collection is implemented with Cast AI Kvisor agent and can be installed via the helm chart.
helm upgrade --install castai-kvisor castai-helm/castai-kvisor -n castai-agent --reset-then-reuse-values \
--set castai.apiKey=<your-api-token> \
--set castai.clusterID=<your-cluster-id> \
--set agent.enabled=true \
--set agent.extraArgs.netflow-enabled=true
Note
If you have
egressdrunning it should be uninstalled.
Updated 2 days ago