Website update for main

antrea-io · Nov 9, 2024 · d3954c3 · d3954c3
1 parent 8e6b59f
commit d3954c3
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 3 deletions.
diff --git a/content/docs/main/docs/api-reference.html b/content/docs/main/docs/api-reference.html
@@ -3152,7 +3152,7 @@ <h3 id="crd.antrea.io/v1alpha1.PacketCapture">PacketCapture
 <td>
 <code>timeout</code></br>
 <em>
-uint16
+int32
 </em>
 </td>
 <td>
@@ -4353,7 +4353,7 @@ <h3 id="crd.antrea.io/v1alpha1.PacketCaptureSpec">PacketCaptureSpec
 <td>
 <code>timeout</code></br>
 <em>
-uint16
+int32
 </em>
 </td>
 <td>
@@ -12571,5 +12571,5 @@ <h3 id="system.antrea.io/v1beta1.BundleStatus">BundleStatus
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>be1b08d</code>.
+on git commit <code>d9a3305</code>.
 </em></p>
diff --git a/content/docs/main/docs/feature-gates.md b/content/docs/main/docs/feature-gates.md
@@ -62,6 +62,7 @@ edit the Agent configuration in the
 | `L7FlowExporter`              | Agent              | `false` | Alpha | v1.15         | N/A          | N/A        | Yes                |                                               |
 | `BGPPolicy`                   | Agent              | `false` | Alpha | v2.1          | N/A          | N/A        | No                 |                                               |
 | `NodeLatencyMonitor`          | Agent              | `false` | Alpha | v2.1          | N/A          | N/A        | No                 |                                               |
+| `PacketCapture`               | Agent              | `false` | Alpha | v2.2          | N/A          | N/A        | No                 |                                               |
 
 ## Description and Requirements of Features
 
@@ -531,3 +532,12 @@ experienced by Pod traffic.
 #### Requirements for this Feature
 
 - Linux Nodes only - the feature has not been tested on Windows Nodes yet.
+
+### PacketCapture
+
+`PacketCapture` allows user to capture live traffic packets from specified flows for further analysis.
+Refer to this [document](packetcapture-guide.md) for more information.
+
+#### Requirements for this Feature
+
+This feature is only supported on Linux for now.
diff --git a/content/docs/main/docs/packetcapture-guide.md b/content/docs/main/docs/packetcapture-guide.md
@@ -0,0 +1,87 @@
+# Packet Capture User Guide
+
+Starting with Antrea v2.2, Antrea supports PacketCapture for network diagnosis.
+It can capture specified number of packets from real traffic and upload them to a
+supported storage location. Users can create a `PacketCapture` CR to trigger
+packet capture on the target traffic flow.
+
+## Prerequisites
+
+PacketCapture is disabled by default. If you
+want to enable this feature, you need to set feature gate `PacketCapture` to `true` in
+the `antrea-config` ConfigMap for `antrea-agent`.
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: antrea-config
+  namespace: kube-system
+data:
+  antrea-agent.conf: |
+    featureGates:
+      PacketCapture: true
+```
+
+## Start a new PacketCapture
+
+When starting a new packet capture, you can provide the following information to identify
+the target traffic flow:
+
+* Source Pod, or IP address
+* Destination Pod, or IP address
+* Transport protocol (TCP/UDP/ICMP)
+* Transport ports
+
+You can start a new packet capture by creating a `PacketCapture` CR. An optional `fileServer`
+field can be specified to store the generated packets file. Before that,
+a Secret named `antrea-packetcapture-fileserver-auth` located in the same Namespace where
+Antrea is deployed must exist and carry the authentication information for the target file server.
+You can also create the Secret using the following `kubectl` command:
+
+```bash
+kubectl create secret generic antrea-packetcapture-fileserver-auth -n kube-system --from-literal=username='<username>' --from-literal=password='<password>'
+```
+
+If no `fileServer` field is present in the CR, the captured packets file will be saved in the
+antrea-agent Pod (the one on the same Node with the source or destination Pod in the CR). The result
+path information will be available in `.status.FilePath`.
+
+And here is an example of `PacketCapture` CR:
+
+```yaml
+apiVersion: crd.antrea.io/v1alpha1
+kind: PacketCapture
+metadata:
+  name: pc-test
+spec:
+  fileServer:
+    url: sftp://127.0.0.1:22/upload # Define your own sftp url here.
+  timeout: 60
+  captureConfig:
+    firstN:
+      number: 5
+  source:
+    pod:
+      namespace: default
+      name: frontend
+  destination:
+  # Available options for source/destination could be `pod` (a Pod), `ip` (a specific IP address). These 2 options are mutually exclusive.
+    pod:
+      namespace: default
+      name: backend
+  packet:
+    ipFamily: IPv4
+    protocol: TCP # support arbitrary number values and string values in [TCP,UDP,ICMP] (case insensitive)
+    transportHeader:
+      tcp:
+        dstPort: 8080 # Destination port needs to be set when the protocol is TCP/UDP.
+```
+
+The CR above starts a new packet capture of TCP flows from a Pod named `frontend`
+to the port 8080 of a Pod named `backend` using TCP protocol. It will capture the first 5 packets
+that meet this criterion and upload them to the specified sftp server. Users can download the
+packet file from the sftp server (or from the local antrea-agent Pod) and analyze its content
+with network diagnose tools like Wireshark or tcpdump.
+
+Note: This feature is not supported on Windows for now.