NETOBSERV-2471: TLS fields

config/samples/flowmetrics/tls_egress_traffic.yaml

@@ -0,0 +1,37 @@
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowMetric
+metadata:
+  name: tls-egress-traffic
+  namespace: netobserv
+spec:
+  type: Counter
+  valueField: Bytes
+  labels: [SrcSubnetLabel,SrcK8S_Namespace,SrcK8S_OwnerName,SrcK8S_OwnerType,DstSubnetLabel,DstK8S_Namespace,DstK8S_OwnerName,DstK8S_OwnerType,Proto,TLSVersion]
+  direction: Egress
+  filters:
+  - field: SrcK8S_Namespace
+    matchType: Presence
+  charts:
+  - dashboardName: TLS
+    title: "Egress TLS traffic"
+    unit: percent
+    type: SingleStat
+    queries:
+    - promQL: 'sum(rate(netobserv_tls_egress_traffic{TLSVersion!=""}[2m])) / sum(rate(netobserv_tls_egress_traffic[2m]))'
+      legend: ""
+  - dashboardName: TLS
+    sectionName: Per namespace
+    title: Egress traffic without TLS
+    unit: Bps
+    type: StackArea
+    queries:
+    - promQL: 'topk(10, sum(rate(netobserv_tls_egress_traffic{TLSVersion=""}[2m])) by (SrcK8S_Namespace))'
+      legend: "{{SrcK8S_Namespace}}"
+  - dashboardName: TLS
+    sectionName: Per version
+    title: Egress traffic per TLS version
+    unit: Bps
+    type: StackArea
+    queries:
+    - promQL: 'topk(10, sum(rate(netobserv_tls_egress_traffic{TLSVersion!~"|.*0x.*"}[2m])) by (TLSVersion))'
+      legend: "{{TLSVersion}}"

config/samples/flowmetrics/tls_ingress_traffic.yaml

@@ -0,0 +1,37 @@
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowMetric
+metadata:
+  name: tls-ingress-traffic
+  namespace: netobserv
+spec:
+  type: Counter
+  valueField: Bytes
+  labels: [SrcSubnetLabel,SrcK8S_Namespace,SrcK8S_OwnerName,SrcK8S_OwnerType,DstSubnetLabel,DstK8S_Namespace,DstK8S_OwnerName,DstK8S_OwnerType,Proto,TLSVersion]
+  direction: Ingress
+  filters:
+  - field: DstK8S_Namespace
+    matchType: Presence
+  charts:
+  - dashboardName: TLS
+    title: "Ingress TLS traffic"
+    unit: percent
+    type: SingleStat
+    queries:
+    - promQL: 'sum(rate(netobserv_tls_ingress_traffic{TLSVersion!=""}[2m])) / sum(rate(netobserv_tls_ingress_traffic[2m]))'
+      legend: ""
+  - dashboardName: TLS
+    sectionName: Per namespace
+    title: Ingress traffic without TLS
+    unit: Bps
+    type: StackArea
+    queries:
+    - promQL: 'topk(10, sum(rate(netobserv_tls_ingress_traffic{TLSVersion=""}[2m])) by (DstK8S_Namespace))'
+      legend: "{{DstK8S_Namespace}}"
+  - dashboardName: TLS
+    sectionName: Per version
+    title: Ingress traffic per TLS version
+    unit: Bps
+    type: StackArea
+    queries:
+    - promQL: 'topk(10, sum(rate(netobserv_tls_ingress_traffic{TLSVersion!~"|.*0x.*"}[2m])) by (TLSVersion))'
+      legend: "{{TLSVersion}}"

internal/controller/consoleplugin/config/static-frontend-config.yaml

@@ -396,44 +396,53 @@ columns:
     default: false
     width: 15
   - id: Proto
-    group: L3 Layer
+    group: Protocol Info
     name: Protocol
     tooltip: The value of the protocol number in the IP packet header
     field: Proto
     filter: protocol
     default: true
     width: 10
   - id: Dscp
-    group: L3 Layer
+    group: Protocol Info
     name: DSCP
     tooltip: The value of the Differentiated Services Code Point
     field: Dscp
     filter: dscp
+    default: false
+    width: 10
+  - id: TCPFlags
+    group: Protocol Info
+    name: TCP Flags
+    tooltip: Logical OR combination of unique TCP flags comprised in the flow, according to RFC-9293, with additional custom values.
+    field: Flags
+    filter: tcp_flags
+    default: false
+    width: 10
+  - id: TLSVersion
+    group: Protocol Info
+    name: TLS Version
+    tooltip: TLS Version found in the packets header
+    field: TLSVersion
+    filter: tls_version
     default: true
     width: 10
   - id: IcmpType
-    group: ICMP
-    name: Type
+    group: Protocol Info
+    name: ICMP Type
     tooltip: The type of the ICMP message
     field: IcmpType
     filter: icmp_type
     default: false
     width: 10
   - id: IcmpCode
-    group: ICMP
-    name: Code
+    group: Protocol Info
+    name: ICMP Code
     tooltip: The code of the ICMP message
     field: IcmpCode
     filter: icmp_code
     default: false
     width: 10
-  - id: TCPFlags
-    name: TCP Flags
-    tooltip: Logical OR combination of unique TCP flags comprised in the flow, according to RFC-9293, with additional custom values.
-    field: Flags
-    filter: tcp_flags
-    default: false
-    width: 10
   - id: FlowDirection
     name: Node Direction
     tooltip: The interpreted direction of the flow observed at the Node observation point.
@@ -945,6 +954,11 @@ filters:
               - A protocol number like 6, 17
               - A IANA name like TCP, UDP
     docUrl: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+  - id: tls_version
+    name: TLS version
+    component: text
+    placeholder: 'E.g: TLS 1.2'
+    hint: Specify a version of TLS.
   - id: dscp
     name: DSCP
     component: autocomplete
@@ -1324,6 +1338,9 @@ fields:
   - name: Proto
     type: number
     description: L4 protocol
+  - name: TLSVersion
+    type: string
+    description: TLS version
   - name: Dscp
     type: number
     description: Differentiated Services Code Point (DSCP) value

internal/pkg/helper/cardinality/cardinality.json

@@ -67,6 +67,7 @@
   "XlatDstAddr": "avoid",
   "Udns": "careful",
   "IPSecStatus": "fine",
+  "TLSVersion": "fine",
   "_RecordType": "fine",
   "_HashId": "avoid"
 }

internal/pkg/metrics/predefined_metrics.go

@@ -23,9 +23,9 @@
 var (
 	latencyBuckets = []string{".005", ".01", ".02", ".03", ".04", ".05", ".075", ".1", ".25", "1"}
 	mapLabels      = map[string][]string{
-		tagNodes:      {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_HostName", "DstK8S_HostName"},
-		tagNamespaces: {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_Namespace", "DstK8S_Namespace", "K8S_FlowLayer", "SrcSubnetLabel", "DstSubnetLabel"},
-		tagWorkloads:  {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_Namespace", "DstK8S_Namespace", "K8S_FlowLayer", "SrcSubnetLabel", "DstSubnetLabel", "SrcK8S_OwnerName", "DstK8S_OwnerName", "SrcK8S_OwnerType", "DstK8S_OwnerType", "SrcK8S_Type", "DstK8S_Type"},
+		tagNodes:      {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_HostName", "DstK8S_HostName", "TLSVersion"},
+		tagNamespaces: {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_Namespace", "DstK8S_Namespace", "K8S_FlowLayer", "SrcSubnetLabel", "DstSubnetLabel", "TLSVersion"},
+		tagWorkloads:  {"K8S_ClusterName", "SrcK8S_Zone", "DstK8S_Zone", "SrcK8S_Namespace", "DstK8S_Namespace", "K8S_FlowLayer", "SrcSubnetLabel", "DstSubnetLabel", "SrcK8S_OwnerName", "DstK8S_OwnerName", "SrcK8S_OwnerType", "DstK8S_OwnerType", "SrcK8S_Type", "DstK8S_Type", "TLSVersion"},
 	}
 	mapValueFields = map[string]string{
 		tagBytes:   "Bytes",
@@ -321,6 +321,9 @@
 	if !fc.Processor.IsMultiClusterEnabled() {
 		labelsToRemove = append(labelsToRemove, "K8S_ClusterName")
 	}
+	if !fc.Agent.EBPF.IsTLSTrackingEnabled() {
+		labelsToRemove = append(labelsToRemove, "TLSVersion")
+	}
 
 	var filterRecordType *metricslatest.MetricFilter
 	if fc.Processor.LogTypes != nil {