Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-2450

ebpf-agent not able to send flows with networkPolicy enabled on cluster with OpenShiftSDN

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • NetObserv - Sprint 278, NetObserv - Sprint 279, NetObserv - Sprint 280
    • None
    • None
    • Hide
      Previously, when OpenShiftSDN was the cluster network plugin, enabling the FlowCollector network policy would break the communication between network observability pods. This does not occur with OVNKubernetes, which is the default supported network plugin in OpenShift.
      With this change, the operator will not try to deploy the network policy when OpenShiftSDN is detected, and a warning will be displayed. Additionally, the default value for enabling the network policy is modified: it is now enabled by default only for OVNKubernetes.
      Show
      Previously, when OpenShiftSDN was the cluster network plugin, enabling the FlowCollector network policy would break the communication between network observability pods. This does not occur with OVNKubernetes, which is the default supported network plugin in OpenShift. With this change, the operator will not try to deploy the network policy when OpenShiftSDN is detected, and a warning will be displayed. Additionally, the default value for enabling the network policy is modified: it is now enabled by default only for OVNKubernetes.

      Description of problem:

      ebpf-agent below logs when flowcollector with NP enabled on 4.14 cluster with OpenShiftSDN CNI

time="2025-10-17T13:53:39Z" level=error msg="couldn't send flow records to collector" collector="10.0.68.187:2055" component=exporter/GRPCProto error="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial tcp 10.0.68.187:2055: i/o timeout\""
time="2025-10-17T13:53:39Z" level=debug msg="400 flows evicted" component=flow.MapTracer
time="2025-10-17T13:53:44Z" level=debug msg="triggering flow eviction on timer" component=flow.MapTracer
time="2025-10-17T13:53:44Z" level=debug msg="evictionSynchronization signal received" component=flow.MapTracer
time="2025-10-17T13:53:44Z" level=debug msg="sending 332 records" collector="10.0.68.187:2055" component=exporter/GRPCProto
time="2025-10-17T13:53:44Z" level=error msg="couldn't send flow records to collector" collector="10.0.68.187:2055" component=exporter/GRPCProto error="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial tcp 10.0.68.187:2055: i/o timeout\""

      Steps to Reproduce:

      1. Deploy 4.14 cluster with OpenShiftSDN - Flexy profile versioned-installer for 4.14 installs cluster with OpenShiftSDN.
2.  Deploy NOO 1.10 and 0-click loki Create FC with Loki enabled in monolithic mode
3. Check network traffic page with Loki as datasource

      Actual results:

      Flows are not sent to FLP

      Expected results:

      flows should be sent

      Workaround:
      To disable Network Policy for 1.10 in flowcollector

        1. Screenshot 2025-11-17 at 1.41.24 PM.png
          Screenshot 2025-11-17 at 1.41.24 PM.png
          301 kB

              jtakvori Joel Takvorian
              rhn-support-memodi Mehul Modi
              None
              None
              None
              Amogh Rameshappa Devapura Amogh Rameshappa Devapura
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: