NETOBSERV-59 Create oc plugin to display flow table #1
Conversation
| # image: quay.io/netobserv/netobserv-ebpf-agent:main | ||
| image: quay.io/jpinsonn/netobserv-ebpf-agent:flow-stream-1 |
There was a problem hiding this comment.
netobserv/netobserv-ebpf-agent#224 needs to be merged first
There was a problem hiding this comment.
I wonder if u can reuse the current gRPC exporter from ebpf agent instead of creating new TCP exported ?
There was a problem hiding this comment.
Would that work with oc port-forward ?
There was a problem hiding this comment.
gRPC uses TCP so I would think so
res/flow-capture.yml
Outdated
| # TODO: find why this breaks collection: EOF | ||
| #- name: ENABLE_PKT_DROPS | ||
| # value: "true" |
There was a problem hiding this comment.
Uncomment this to give a try with pktDrop
After some time running it, I get EOF in the TCP connection read
There was a problem hiding this comment.
It seems I was just unlucky ! It's working now
.gitignore
Outdated
| @@ -0,0 +1,2 @@ | |||
| build | |||
| output | |||
There was a problem hiding this comment.
A number of new files in this commit are missing the linefeed character on the last line. We should clean this up.
Makefile
Outdated
| OUTPUT := $(DIST_DIR)/$(NAME) | ||
| DOCKER := $(shell which podman) | ||
| ifeq ($(DOCKER),) | ||
| DOCKER := $(shell which docker) |
There was a problem hiding this comment.
Perhaps call it OCI or OCI_BIN instead of DOCKER.
There was a problem hiding this comment.
Sure, the Docker file is not even provided yet. I'm thinking about being able to run the cli as an extra pod inside the cluster and transfert the generated files locally before deleting it.
That would avoid running all the port-forward and reduce the transfers / latency
I just need to ensure the terminal render properly using oc rsh <pod> / oc exec <pod>
README.md
Outdated
| @@ -3,18 +3,78 @@ | |||
| network-observability-cli is a lightweight Flow and Packet visualisation tool. | |||
| It deploy [netobserv eBPF agent](https://github.com/netobserv/netobserv-ebpf-agent) on your k8s cluster to collect flows or packets from nodes network interfaces | |||
| @@ -3,18 +3,78 @@ | |||
| network-observability-cli is a lightweight Flow and Packet visualisation tool. | |||
| It deploy [netobserv eBPF agent](https://github.com/netobserv/netobserv-ebpf-agent) on your k8s cluster to collect flows or packets from nodes network interfaces | |||
| and streams data to a local collector for analysis and visualisation. | |||
| Output files are generated under output/flow and output/pcap directories per host name | |||
| Output files are generated under `output/flow` and `output/pcap` directories per host name | |||
There was a problem hiding this comment.
Add a section on Prerequisites that describe what you need to have (e.g. need a kind or OpenShift cluster).
cmd/flow-capture.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| flowsToShow = 40 |
There was a problem hiding this comment.
I did actually, and even more ! I'll make a demo to show all the capabilities
|
|
||
| // lock since we are updating lastFlows concurrently | ||
| mutex.Lock() | ||
|
|
There was a problem hiding this comment.
Unfortunately, this defeats the benefits of using goroutines.
There was a problem hiding this comment.
Correct, the problem is that I'm merging X sources (1 per nodes) to a single display.
Would it be more performant to save flows per node in different slices or map and call mutex.Lock only when reading them for display ?
| c := exec.Command("clear") | ||
| c.Stdout = os.Stdout | ||
| c.Run() | ||
|
|
There was a problem hiding this comment.
I know this tool is not meant to be scalable, but clearing and redrawing the screen for each flow is going to make it very limited. A better alternative is to periodically update the screen at a certain interval.
There was a problem hiding this comment.
I've added a mechanism that update only when a delay is over
| if err != nil { | ||
| log.Errorf("Create file %s failed: %v", filename, err.Error()) | ||
| log.Fatal(err) | ||
| } |
There was a problem hiding this comment.
It would be very useful if you can choose the stdout format, which could just be JSON instead of the UI table. I know technically you can effectively get this with the 'tee' command, but if it didn't output to the UI table, it would be more scalable. This would be simpler to export flows than what we have today, particularly if you just want to test this out and see what data you're getting.
There was a problem hiding this comment.
I've added some predefined view capabilities, including raw JSON 👍
| if err != nil { | ||
| log.Fatal(err) | ||
| } | ||
| go managePcapTable(PcapResult{NodeName: filename, PacketCount: 1, ByteCount: int64(n)}) |
There was a problem hiding this comment.
Not sure how useful this will be by only having node, packet and byte counts, even with a filter applied.
There was a problem hiding this comment.
This can become huge in a short time since everything is saved to the output folder
It's more an indicator to avoid filling up your storage more than anything else
the cleanup is automatic, but I can provide a script that allow user to call it manually 👍 |
|
@jotak @msherif1234 @OlivierCazade how do you see the next steps for that ? I can merge as is if you agree and we can improve the approach if needed. Let me know what works best for you 🐱 |
|
I am fine merging and improving from here. This make iterations easier to read. IMO the first question that we need to answer is, do we want to keep this fully independent or de we want to use a NOO stack already present. Calling this the network observability cli might be a bit missleading. I would expect from a cli to be the terminal equivalent of the frontend, not an independent project with its own capture stack. If we keep this independent I would suggest to rename it to avoid confusion. |
I'm open to any solution that deploy as fast as applying the yaml in this PR. I think that's the key of this tool.
That could bring to less maintenance in the different config when we introduce new features indeed.
It will never be the equivalent since we can't handle Loki here. The capture must be different but it can be part of the operator. |
| func runFlowCapture(cmd *cobra.Command, args []string) { | ||
| go scanner() | ||
|
|
||
| wg.Add(len(addresses)) |
There was a problem hiding this comment.
wg and goroutines seem wrongly implemented here, we should have a wg.Done() call somewhere... It probably doesn't do what we'd expect here.
I'm trying to change & make sure it doesn't break things
There was a problem hiding this comment.
Ok thanks; feel free to update this PR directly if you want to
There was a problem hiding this comment.
done - if you want to review my 2 commits
There was a problem hiding this comment.
Code looks good ! I'm giving a last try before merging
|
@jpinsonneau I'm ok to merge, there are a couple of points though that I've noted and that we may address in a follow-up :
/lgtm |
|
I have created a followup for code improvments: Thanks ! |
This PR implement first version of
oc netobservcliDependencies
netobserv/netobserv-ebpf-agent#224