-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NETOBSERV-59 Create oc plugin to display flow table #1
Conversation
# image: quay.io/netobserv/netobserv-ebpf-agent:main | ||
image: quay.io/jpinsonn/netobserv-ebpf-agent:flow-stream-1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
netobserv/netobserv-ebpf-agent#224 needs to be merged first
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if u can reuse the current gRPC exporter from ebpf agent instead of creating new TCP exported ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would that work with oc port-forward
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gRPC uses TCP so I would think so
res/flow-capture.yml
Outdated
# TODO: find why this breaks collection: EOF | ||
#- name: ENABLE_PKT_DROPS | ||
# value: "true" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uncomment this to give a try with pktDrop
After some time running it, I get EOF in the TCP connection read
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems I was just unlucky ! It's working now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should provide a script or a way to uninstall this on your cluster.
.gitignore
Outdated
@@ -0,0 +1,2 @@ | |||
build | |||
output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A number of new files in this commit are missing the linefeed character on the last line. We should clean this up.
Makefile
Outdated
OUTPUT := $(DIST_DIR)/$(NAME) | ||
DOCKER := $(shell which podman) | ||
ifeq ($(DOCKER),) | ||
DOCKER := $(shell which docker) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps call it OCI or OCI_BIN instead of DOCKER.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, the Docker file is not even provided yet. I'm thinking about being able to run the cli as an extra pod inside the cluster and transfert the generated files locally before deleting it.
That would avoid running all the port-forward
and reduce the transfers / latency
I just need to ensure the terminal render properly using oc rsh <pod>
/ oc exec <pod>
README.md
Outdated
@@ -3,18 +3,78 @@ | |||
network-observability-cli is a lightweight Flow and Packet visualisation tool. | |||
It deploy [netobserv eBPF agent](https://github.com/netobserv/netobserv-ebpf-agent) on your k8s cluster to collect flows or packets from nodes network interfaces |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change: "deploys"
@@ -3,18 +3,78 @@ | |||
network-observability-cli is a lightweight Flow and Packet visualisation tool. | |||
It deploy [netobserv eBPF agent](https://github.com/netobserv/netobserv-ebpf-agent) on your k8s cluster to collect flows or packets from nodes network interfaces | |||
and streams data to a local collector for analysis and visualisation. | |||
Output files are generated under output/flow and output/pcap directories per host name | |||
Output files are generated under `output/flow` and `output/pcap` directories per host name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a section on Prerequisites that describe what you need to have (e.g. need a kind or OpenShift cluster).
cmd/flow-capture.go
Outdated
) | ||
|
||
const ( | ||
flowsToShow = 40 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make it configurable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did actually, and even more ! I'll make a demo to show all the capabilities
|
||
// lock since we are updating lastFlows concurrently | ||
mutex.Lock() | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, this defeats the benefits of using goroutines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, the problem is that I'm merging X sources (1 per nodes) to a single display.
Would it be more performant to save flows per node in different slices or map and call mutex.Lock only when reading them for display ?
c := exec.Command("clear") | ||
c.Stdout = os.Stdout | ||
c.Run() | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this tool is not meant to be scalable, but clearing and redrawing the screen for each flow is going to make it very limited. A better alternative is to periodically update the screen at a certain interval.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a mechanism that update only when a delay is over
if err != nil { | ||
log.Errorf("Create file %s failed: %v", filename, err.Error()) | ||
log.Fatal(err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be very useful if you can choose the stdout format, which could just be JSON instead of the UI table. I know technically you can effectively get this with the 'tee' command, but if it didn't output to the UI table, it would be more scalable. This would be simpler to export flows than what we have today, particularly if you just want to test this out and see what data you're getting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added some predefined view capabilities, including raw JSON 👍
if err != nil { | ||
log.Fatal(err) | ||
} | ||
go managePcapTable(PcapResult{NodeName: filename, PacketCount: 1, ByteCount: int64(n)}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure how useful this will be by only having node, packet and byte counts, even with a filter applied.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can become huge in a short time since everything is saved to the output
folder
It's more an indicator to avoid filling up your storage more than anything else
the cleanup is automatic, but I can provide a script that allow user to call it manually 👍 |
@jotak @msherif1234 @OlivierCazade how do you see the next steps for that ? I can merge as is if you agree and we can improve the approach if needed. Let me know what works best for you 🐱 |
I am fine merging and improving from here. This make iterations easier to read. IMO the first question that we need to answer is, do we want to keep this fully independent or de we want to use a NOO stack already present. Calling this the network observability cli might be a bit missleading. I would expect from a cli to be the terminal equivalent of the frontend, not an independent project with its own capture stack. If we keep this independent I would suggest to rename it to avoid confusion. |
I'm open to any solution that deploy as fast as applying the yaml in this PR. I think that's the key of this tool.
That could bring to less maintenance in the different config when we introduce new features indeed.
It will never be the equivalent since we can't handle Loki here. The capture must be different but it can be part of the operator. |
func runFlowCapture(cmd *cobra.Command, args []string) { | ||
go scanner() | ||
|
||
wg.Add(len(addresses)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wg and goroutines seem wrongly implemented here, we should have a wg.Done()
call somewhere... It probably doesn't do what we'd expect here.
I'm trying to change & make sure it doesn't break things
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok thanks; feel free to update this PR directly if you want to
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done - if you want to review my 2 commits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good ! I'm giving a last try before merging
@jpinsonneau I'm ok to merge, there are a couple of points though that I've noted and that we may address in a follow-up :
/lgtm |
I have created a followup for code improvments: Thanks ! |
This PR implement first version of
oc netobserv
cliDependencies
netobserv/netobserv-ebpf-agent#224