-
Epic
-
Resolution: Won't Do
-
Undefined
-
None
-
None
-
None
-
capture-only-ingress-egress
-
False
-
None
-
False
-
Not Selected
-
To Do
-
67% To Do, 0% In Progress, 33% Done
A recent feature in the eBPF agent allows it to capture only egress or ingress flows: https://github.com/netobserv/netobserv-ebpf-agent/pull/58
We could leverage this in the operator to dramatically reduce the number of flows captured. (More or less div by 2)
This would be a mitigation option for users facing scalability issues. E.g. by capturing only node-ingress, you still see 100% of the in-cluster traffic, you would just miss traffic going outside of the cluster (most flows a duplicated between ingress and egress).
It's basically the same thing as the option we have in the UI "reporter: source/destination/both", which is set by default on "destination" (=ingress), so, in some ways, we're already used to having this filtering.
When the filtering is active at the agent level, it should be reflected in the console plugin so that the corresponding filters are disabled in the options (reporter: source/destination/both).