Theia is a network observability and analytics platform for Kubernetes, built on top of Antrea. Theia consumes network flows exported by Antrea to provide fine-grained visibility into the communication and NetworkPolicies among Pods and Services in a Kubernetes cluster.
Theia supports network flow visualization and monitoring with Grafana, and can recommend appropriate NetworkPolicy configuration to secure Kubernetes network and applications. This guide describes how to install and get started with Theia.
Theia requires that Antrea v1.7.0 or later is installed in the Kubernetes cluster.
For Antrea v1.7, please ensure the Flow Exporter feature of Antrea Agent is enabled in the Antrea deployment manifest:
antrea-agent.conf: |
...
featureGates:
...
FlowExporter: trueFrom Antrea v1.8, you can deploy Antrea through Helm by running the following commands:
helm repo add antrea https://charts.antrea.io
helm install antrea antrea/antrea -n kube-system --set featureGates.FlowExporter=trueThis will install the latest available version of Antrea with the Flow Exporter
feature enabled. You can also install a specific version of Antrea (>= v1.8.0)
with --version <TAG>.
For more information about Antrea Helm chart, please refer to Antrea Helm chart installation instructions.
Please install Flow Aggregator and Theia through Helm.
For Theia v0.1, please clone the repository and checkout branch release-0.1.
Both Helm charts are located under the folder build/charts.
From Theia v0.2 and Antrea v1.8, the Flow Aggregator Helm chart is moved from Theia repository to Antrea repository; and the Helm charts are added to Antrea Helm repo. Please add the repo by running the following command:
helm repo add antrea https://charts.antrea.io
helm repo updateTo enable both Grafana Flow Collector and NetworkPolicy Recommendation, please install Flow Aggregator and Theia by runnning the following commands:
helm install flow-aggregator antrea/flow-aggregator --set clickHouse.enable=true,recordContents.podLabels=true -n flow-aggregator --create-namespace
helm install theia antrea/theia --set sparkOperator.enable=true -n flow-visibility --create-namespaceTo enable only Grafana Flow Collector, please install Flow Aggregator and Theia by runnning the following commands:
helm install flow-aggregator antrea/flow-aggregator --set clickHouse.enable=true,recordContents.podLabels=true -n flow-aggregator --create-namespace
helm install theia antrea/theia -n flow-visibility --create-namespaceThese will install the latest available versions of Flow Aggregator and Theia.
You can also install specific versions of Flow Aggregator (>= v1.8.0) and
Theia (>= v0.2.0) with --version <TAG>. Please ensure that you use the same
released version for the Flow Aggregator chart as for the Antrea chart.
Theia uses Grafana to visualize network flows in the Kubernetes cluster. After the installation, you can run the following commands to get the Grafana Service address:
NODE_NAME=$(kubectl get pod -l app=grafana -n flow-visibility -o jsonpath='{.items[0].spec.nodeName}')
NODE_IP=$(kubectl get nodes ${NODE_NAME} -o jsonpath='{.status.addresses[0].address}')
GRAFANA_NODEPORT=$(kubectl get svc grafana -n flow-visibility -o jsonpath='{.spec.ports[*].nodePort}')
echo "=== Grafana Service is listening on ${NODE_IP}:${GRAFANA_NODEPORT} ==="You can access Grafana in your browser at: http://[NodeIP]:[NodePort], and log
in with username: admin and password: admin. Navigate to the Theia
dashboards to view the network
flows in the cluster.
Please follow the instructions in the NetworkPolicy Recommendation user guide.
Refer to Antrea documentation to learn more about Flow Exporter, Flow Aggregator, and their advanced configurations.
For more information about Grafana Flow Collector installation and customization, please refer to Grafana Flow Collector Deployment Steps, and Configuration.