hubble/metrics: Add support for fallback labels, ip addresses and dns names #14848
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gandro
added
release-note/minor
Flow events can originate from trace, drop, capture or policy verdict events. The metrics code did not have the necessary cases to deal with the latter two and treated them as unknown events instead. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This adds a new context option to the Hubble metrics, which adds the DNS
name as the source or destination label. If multiple DNS names are
associated with an IP address, all of them are added.
Example metric for `--hubble-metrics=flow:destinationContext=dns` in the
`connectivity-check.yaml`:
```
hubble_flows_processed_total{destination="www.google.com",protocol="TCP",subtype="",type="PolicyVerdict",verdict="FORWARDED"} 57
```
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro
force-pushed
the
pr/gandro/hubble-metrics-dns-context
branch
from
cc37ac1
to
292595e
Compare
rolinh
approved these changes
Feb 3, 2021
qmonnet
approved these changes
Feb 3, 2021
|
test-me-please |
|
@gandro it might be useful to fall back to other context if dns name is not set? for example, if the destination is inside the cluster, i'd still like to see namespace / pod name, etc 🤔 not sure if it makes sense, but i was thinking something like: or something |
I'd like to avoid making DNS a special case. All the other context options (except maybe identity) have the same problem in that the target might be empty. But maybe we can support a list of targets that are tried in sequence. |
This extends the `sourceContext` and `destinationContext` option in such
a way that multiple contexts can be specified. For example:
flow:sourceContext=dns|pod;destinationContext=identity
Implies that Hubble first tries to use the DNS name as the source
context. If this yields an empty result, it tries to use an identity
instead. If that still yields an empty result, the source context
remains empty. In other words: The first non-empty context is added as
the label. The `destinationContext` in the above example still works as
before: The context label contains the destination identity, otherwise
an empty string.
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This adds a new source and destination context which adds the source or destination IP as a label to metrics which support context options. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This documents the newly added `dns` and `ip` context options, as well as the ability to specify multiple fallback contexts. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro
force-pushed
the
pr/gandro/hubble-metrics-dns-context
branch
from
292595e
to
824db3f
Compare
gandro
changed the title
|
I have reworked the PR a bit, please see the PR description for details. @michi-covalent your use-case should now be supported by the following syntax: |
michi-covalent
approved these changes
Feb 4, 2021
|
test-me-please |
rolinh
approved these changes
Feb 8, 2021
gandro
added
the
ready-to-merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a two context option to the Hubble metrics,
dnsandip.dnsadds the DNS name as the source or destination label. If multiple DNS names are associated with an IP address, all of them are added.ipadds the IPv4 or IPv6 address as the source or destination label.In addition, this PR also fixes some missing cases around policy verdict and capture events. It also add support for specifying multiple contexts to support fall-back. For example, a metric configuration of
flow:destinationContext=dns|ipwill first try to use the DNS name of the target for the label, but if no DNS name is known, it will fall back and use the IP address of the target instead.Except from
--hubble-metrics=flow:destinationContext=dns|ipagainst theconnectivity-check.yaml: