Configure OpenShift OVN-Kubernetes

To retrieve network flows from OVN-Kubernetes, the cloud operator acts as an IPFIX collector. This is a standard format collector that OVN-Kubernetes natively supports for exporting.

The preferred collector is the Service IP. OVN-Kubernetes cannot use a Service IP within the same cluster as a network flow collector. When configured with a Service IP, flow data will not reach the collector.

This document offers the cloud operator's pod IP address as an alternative solution until the service IP address functionality is resolved.

Prerequisites

An installation of OpenShift CLI (oc).
Access to a kubernetes cluster onboarded with a cloud operator.
Log into the cluster with a user with cluster-admin privileges.
Obtain the pod IP address for the cloud operator by running kubectl get pods -n illumio-cloud -o wide

Steps to configure OVN

Create a patch yaml file that looks like the following. Replace <ip_address> with your cloud-operator's pod IP address.
```
spec:
  exportNetworkFlows:
    ipfix:
      collectors:
        - <ip_address>:4739
```
Use the following command to apply this patch file to openshift-ovn-kubernetes on each node.
```
oc patch network.operator cluster --type merge -p "$(cat <file_name>.yaml)"
```
To validate this worked, run the following command:
```
oc get network.operator cluster -o jsonpath="{.spec.exportNetworkFlows}"
```
This will show you the following if your patch file worked as expected.
```
{"netFlow":{"collectors":[<ip_address>:4739]}}
```

Cloud

Configure OpenShift OVN-Kubernetes

Prerequisites

Steps to configure OVN

Search results