WIP
Push flows directly to loki. It is an alternative to sending flows to file/stdout and using promtail.
(This image will contain both goflow2 and the plugin)
docker build --build-arg VERSION=`git describe --long HEAD` -t quay.io/jotak/goflow2:loki-latest .
docker push quay.io/jotak/goflow2:loki-latest
# or
podman build --build-arg VERSION=`git describe --long HEAD` -t quay.io/jotak/goflow2:loki-latest .
podman push quay.io/jotak/goflow2:loki-latest
# or with kube-enricher
podman build --build-arg VERSION=`git describe --long HEAD` -t quay.io/jotak/goflow2:kube-loki-latest -f examples/with-kube-enricher.dockerfile .
podman push quay.io/jotak/goflow2:kube-loki-latest
To run it, simply pipe
goflow2 output to loki-exporter
.
Assuming built image is quay.io/jotak/goflow2:loki-latest
.
Since both goflow + exporter are contained inside a single image, you can declare the following command inside the pod container:
# ...
containers:
- command:
- /bin/sh
- -c
- /goflow2 -loglevel "trace" | /loki-exporter -loglevel "trace"
image: quay.io/jotak/goflow2:loki-latest
# ...
Check the examples directory.
This example includes the kube-enricher: https://github.com/jotak/goflow2-kube-enricher/
First, refer to this documentation to setup ovn-k on Kind. Then:
kubectl apply -f ./examples/goflow-kube-loki.yaml
GF_IP=`kubectl get svc goflow -ojsonpath='{.spec.clusterIP}'` && echo $GF_IP
kubectl set env daemonset/ovnkube-node -c ovnkube-node -n ovn-kubernetes OVN_IPFIX_TARGETS="$GF_IP:2055"
Finally check goflow's logs for output
Similarly:
kubectl apply -f ./examples/goflow-kube-loki-nf5.yaml
GF_IP=`kubectl get svc goflow-leg -ojsonpath='{.spec.clusterIP}'` && echo $GF_IP
kubectl set env daemonset/ovnkube-node -c ovnkube-node -n ovn-kubernetes OVN_NETFLOW_TARGETS="$GF_IP:2056"
This example includes the kube-enricher: https://github.com/jotak/goflow2-kube-enricher/
- Pre-requisite: make sure you have a running OpenShift cluster (4.8 at least) with
OVNKubernetes
set as the network provider.
In OpenShift, a difference with the upstream ovn-kubernetes
is that the flows export config is managed by the ClusterNetworkOperator
.
oc apply -f ./examples/goflow-kube-loki.yaml
GF_IP=`oc get svc goflow -ojsonpath='{.spec.clusterIP}'` && echo $GF_IP
oc patch networks.operator.openshift.io cluster --type='json' -p "$(sed -e "s/GF_IP/$GF_IP/" examples/net-cluster-patch.json)"
helm upgrade --install loki grafana/loki-stack --set promtail.enabled=false
helm install loki-grafana grafana/grafana
kubectl get secret loki-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
kubectl port-forward svc/loki-grafana 3000:80
Open http://localhost:3000/ Login with admin + printed password Add datasource => Loki => http://loki:3100/
Example of queries:
- View raw logs:
{app="goflow2"}
- Top 10 sources by volumetry (1 min-rate):
topk(10, (sum by(SrcWorkload,SrcNamespace) ( rate({ app="goflow2" } | json | __error__="" | unwrap Bytes [1m]) )))
- Top 10 destinations for a given source (1 min-rate):
topk(10, (sum by(DstWorkload,DstNamespace) ( rate({ app="goflow2",SrcNamespace="default",SrcWorkload="goflow" } | json | __error__="" | unwrap Bytes [1m]) )))