Support Pod-to-Service flows with Flow Exporter when Antrea Proxy enabled #984
Conversation
|
Thanks for your PR. The following commands are available:
These commands can only be run by members of the vmware-tanzu organization. |
srikartati
changed the title
|
Can one of the admins verify this patch? |
srikartati
force-pushed
the
service_info
branch
from
e641ee6
to
c3fe824
Compare
|
Thanks for your PR. The following commands are available:
These commands can only be run by members of the vmware-tanzu organization. |
srikartati
force-pushed
the
service_info
branch
3 times, most recently
from
519a36b
to
714eb8f
Compare
srikartati
changed the title
| @@ -124,6 +130,26 @@ func (cs *ConnectionStore) addOrUpdateConn(conn *flowexporter.Connection) { | |||
| if !srcFound && dstFound { | |||
| conn.DoExport = false | |||
| } | |||
|
|
|||
| // Pod-to-Service flows w/ antrea-proxy:Antrea proxy is enabled. | |||
There was a problem hiding this comment.
| // Pod-to-Service flows w/ antrea-proxy:Antrea proxy is enabled. | |
| // Process Pod-to-Service flows when Antrea proxy is enabled |
pkg/util/ip/ip.go
Outdated
| @@ -167,3 +175,12 @@ func LookupProtocolMap(name string) (uint8, error) { | |||
| } | |||
| return proto, nil | |||
| } | |||
|
|
|||
| // LookupServiceProtocol return service protocol string given protocol identifier | |||
| func LookupServiceProtocol(protoID uint8) (corev1.Protocol, error) { | |||
There was a problem hiding this comment.
I don't think there is much value in having this function in this package, especially with the dependency on K8s. It is clear that you also only support protocols supported by K8s Services. I think you can just move it to pkg/agent/flowexporter/connections/connections.go
There was a problem hiding this comment.
Only one file is using right now. Ok to move there and acknowledge the point on k8s dependency.
| svcPort := conn.TupleOrig.DestinationPort | ||
| protocol, err := ip.LookupServiceProtocol(conn.TupleOrig.Protocol) | ||
| if err != nil { | ||
| klog.Warningf("Could not retrieve service protocol: %v", err) |
There was a problem hiding this comment.
s/service/Service in log messages
There was a problem hiding this comment.
I don't think this was addressed actually?
There was a problem hiding this comment.
I changed in the other line. Missed this. Done.
pkg/agent/proxy/proxier.go
Outdated
| func (p *proxier) addServiceByIP(serviceStr string, servicePortName k8sproxy.ServicePortName) { | ||
| p.serviceStringMapMutex.Lock() | ||
| defer p.serviceStringMapMutex.Unlock() | ||
| klog.V(2).Infof("Added service with key: %v value: %v", serviceStr, servicePortName) |
There was a problem hiding this comment.
Not convinced we need a log message just for updating this map? At least, maybe you can reduce the verbosity and add a symmetric log message for service deletion.
There was a problem hiding this comment.
Used it for initial debugging. Function is straightforward; do not see much use as well.
| @@ -140,6 +141,7 @@ func TestFlowExporter_sendDataRecord(t *testing.T) { | |||
| for i, ie := range AntreaInfoElements { | |||
| elemList[i+len(IANAInfoElements)+len(IANAReverseInfoElements)] = ipfixentities.NewInfoElement(ie, 0, 0, 0, 0) | |||
| } | |||
| // Define mocks and flowExporter | |||
There was a problem hiding this comment.
not a very useful comment I think
| @@ -61,6 +61,8 @@ var ( | |||
| "destinationPodName", | |||
| "destinationPodNamespace", | |||
| "destinationNodeName", | |||
| "destinationClusterIP", | |||
| "destinationServiceName", | |||
There was a problem hiding this comment.
this includes the port as well right? should the name be destinationServicePortName?
There was a problem hiding this comment.
Agreed. Changed the name here and in Antrea IPFIX registry
srikartati
force-pushed
the
service_info
branch
4 times, most recently
from
15db4fc
to
5039410
Compare
|
Thanks for your PR. The following commands are available:
|
srikartati
force-pushed
the
service_info
branch
from
5039410
to
ab73f37
Compare
|
/test-all |
srikartati
force-pushed
the
service_info
branch
from
ab73f37
to
ad77568
Compare
srikartati
force-pushed
the
service_info
branch
3 times, most recently
from
b90fed8
to
736cf16
Compare
| TupleOrig: *tuple3, | ||
| TupleReply: *revTuple3, |
There was a problem hiding this comment.
If you always end up dereferencing the tuples, I think it may make more sense to just return values (and not pointers) in makeTuple.
There was a problem hiding this comment.
Sure.. Any insight on the copy of return value from a function VS copy from dereferencing? I believe the first one is little efficient because of return registers.
There was a problem hiding this comment.
I think performance is not an issue here, since the struct is small, the function is not called many times, and this is test code. It's also not always faster to return a pointer. So I would favor readability. If you were embedding a point in flowexporter.Connection, I would recommend using a pointer instead.
You are also using the tuple as an immutable value in a way, so I think passing it around by value works well.
| // Sending dummy IP as IPFIX collector expects constant length of data for IP field. | ||
| // We should probably think of better approach as this involves customization of IPFIX collector to ignore | ||
| // this dummy IP address. | ||
| _, err = dataRec.AddInfoElement(ie, net.IP{0, 0, 0, 0}) |
There was a problem hiding this comment.
newbie question: is it not possible to simply omit the information element in this case? Or will the collector complain if some elements are missing?
There was a problem hiding this comment.
Yes collector checks that if number of elements in a data record matches to originally sent template record or not.
| @@ -184,3 +218,12 @@ func (cs *ConnectionStore) DeleteConnectionByKey(connKey flowexporter.Connection | |||
|
|
|||
| return nil | |||
| } | |||
|
|
|||
| // LookupServiceProtocol return service protocol string given protocol identifier | |||
There was a problem hiding this comment.
| // LookupServiceProtocol return service protocol string given protocol identifier | |
| // LookupServiceProtocol returns the corresponding Service protocol string given a protocol identifier. |
srikartati
force-pushed
the
service_info
branch
2 times, most recently
from
bd8f387
to
c4c535b
Compare
|
/test-all |
|
/test-e2e |
|
/test-e2e |
3 similar comments
|
/test-e2e |
|
/test-e2e |
|
/test-e2e |
|
@srikartati if there is an issue with the Jenkins e2e testbed, we should let @lzhecheng. In some cases, re-triggering the job too much actually makes things worse :( |
Ok. I see the following error: === Get kubeconfig (try for 1m) === I will check with @lzhecheng |
srikartati
force-pushed
the
service_info
branch
2 times, most recently
from
16e71e3
to
6233fc7
Compare
|
/test-all |
|
/test-windows-conformance |
|
Hi @antoninbas: Can I skip hw-offload test for this PR too? This was in pending state for few hours and I could not see the logs as well. I see it is being done for some recent PRs. |
|
/skip-hw-offload |
Flow exporter can send flow records of Pod-To-Service flows with service name, when Antrea proxy is enabled. Flow records from source host (local to pod) contains service name. For this purpose, added a map in proxier: ServicePort(clusterIP:Port/Proto) to ServicePortName
srikartati
force-pushed
the
service_info
branch
from
98b1429
to
431ff8f
Compare
|
/test-all |
|
/test-network-policy |
|
/test-windows-networkpolicy |
|
/skip-hw-offload |
…bled (antrea-io#984) * Flow Exporter: Support Pod-To-Service flows with Antrea Proxy Flow exporter can send flow records of Pod-To-Service flows with the service name, when Antrea proxy is enabled. Flow records from the source host (local to the sender pod) contain a service name. For this purpose, added a map in proxier: ServicePort(clusterIP:Port/Proto) to ServicePortName
This is based on PR #825. The actual commit for this PR is 714eb8f.
Flow exporter can send flow records of Pod-To-Service flows
with the service name, when Antrea proxy is enabled. Flow records from
the source host (local to the pod) contain the service name.
For this purpose, added a map in proxier:
ServicePort(clusterIP:Port/Proto) to ServicePortName