Cloud TAP

This chapter describes the Supervisor section specific to the Cloud TAP module, accessed via the Cloud TAP menu item. Kubernetes clusters can be managed further in the sections described in Traffic Management and Event Monitoring.

The Registered Clusters tab of the Cloud TAP page provides an overview of the K8s clusters managed by the Supervisor, general information about them, and their status.

Each cluster can be assigned to a Network. Networks can be used to isolate devices and K8s clusters in logical networks in the Traffic Management page, with each Network operating with its own set of traffic rules.

Clicking on a cluster provides additional information about this cluster, and the ability to create pod groups and tunnel destinations prior to Traffic Management.

Clicking on a network navigates to this network, listing the devices it contains. Clicking the Home button navigates back to the root.

From this dashboard, clusters and networks can be added, modified, or removed.

To add a new cluster, click the Add Virtual Environment button in the top right corner of the interface, and enter the cluster's information in the Add Virtual Environment window. Select a network in this window to add the device to this network. The cluster's information can be changed at a later time by clicking the cluster's Edit button.

To create a network, click the Add Network button, and enter the network name in the Add Virtual Network window. The network's name can be changed at a later time by clicking the network's Edit button.

Pod Groups are groups of Kubernetes pods monitored by Cloud TAP and used as a source of traffic to be sent to analysis tools. Two types of pod groups can be created: Static and Dynamic. Static Pod Groups contain specific pods that were manually selected. Dynamic Pod Groups contain any pods matching a name filter, and are automatically updated to include new pods which name matches that filter.

To create a pod group, navigate to the Cloud TAP > Registered Clusters page, click a cluster to open its details window, and click the Create Static Pod Group or Create Dynamic Pod Group button:

• For Static Pod Groups, set a name, select which traffic direction to monitor (ingress, egress, or both), and select the pods to include in the group.
• For Dynamic Pod Groups, set a name, select which traffic direction to monitor (ingress, egress, or both), and set a Match Filter to match the name of the pods to automatically include in the group.

Tunnel Destinations define where the monitored traffic from the configured pod groups will be sent, encapsulated in a GRE-TAP tunnel. This can for instance be an X2-Series device on which a Tunnel Termination port group was created, from where it can then be forwarded to analysis tools via Traffic Rules.

Tunnel destination creation process:

1. Navigate to the Cloud TAP > Registered Clusters page.
2. Click a cluster to open its details window.
3. Click the Create Destination button.
4. Set a name.
5. Set a destination IPv4 address.
6. Set a tunnel ID.
7. (Optional) Enable Force MTU Size and set the desired MTU.
8. Click the Confirm button.

You can then create Traffic Rules to send traffic from specific pod groups to the tunnel destination configured above.

To link a K8s cluster to an X2-Series device, create a Tunnel Termination port group on that device with the same IPv4 address as the one specified above, then create an uplink between this port group and the tunnel destination configured above. You can then create Traffic Rules to send traffic from specific pod groups to any destination linked through the X2-Series device.

The Cluster Topology tab of the Cloud TAP page gives a view of the topology of registered clusters. Select the cluster to view by selecting it in the Selected Environment drop-down menu in the top left corner.