-
Story
-
Resolution: Done
-
Normal
-
netobserv-1.4-candidate
-
Improvement
-
False
-
None
-
False
-
OCPSTRAT-965 - DNS tracking improvements
-
Modified DNS tracking ebpf logic from release 1.4 to be able to support DNS over TCP, the new approach doesn't need to set privileged however to get an accurate latency its recommended to configure ebpf sampling with value of 1
-
-
-
NetObserv - Sprint 240, NetObserv - Sprint 241, NetObserv - Sprint 242, NetObserv - Sprint 243, NetObserv - Sprint 244
-
Important
.Configure a pod with following spec, notice dnsConfig option to enable openshift-dns server to use TCP:
apiVersion: v1 kind: Pod metadata: name: dnsutils namespace: dns-traffic spec: securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault dnsConfig: options: - name: "use-vc" containers: - name: utils image: tutum/dnsutils command: ["/bin/sh", "-ec", "while :; do dig www.google.com +tcp ; sleep 5 ; done"] restartPolicy: Never securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"]
DNS flows generated out of this Pod is not enriched by DNS Info by agent.
on UI, make sure you select "Show Duplicates" and NS as destination where above pod is running
- links to
- mentioned on
(1 links to, 1 mentioned on)