Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-1692: Add FLP-based filters & deduper options #591

Merged
merged 6 commits into from
Nov 26, 2024
Merged

NETOBSERV-1692: Add FLP-based filters & deduper options #591

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
73ac632
NETOBSERV-1692: Add FLP-based deduper options
jotak Oct 15, 2024
433a609
Add filters API
jotak Oct 15, 2024
c61c6e0
FLP-based filters
jotak Oct 16, 2024
ee782e4
update sample config
jotak Oct 16, 2024
cf1e3b5
bump flp, mention dev preview
jotak Nov 26, 2024
44398e8
fix rebase issue
jotak Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions apis/flowcollector/v1beta1/flowcollector_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -604,13 +604,95 @@ type FlowCollectorFLP struct {
// When a subnet matches the source or destination IP of a flow, a corresponding field is added: `SrcSubnetLabel` or `DstSubnetLabel`.
SubnetLabels SubnetLabels `json:"subnetLabels,omitempty"`

//+optional
// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage.
Deduper *FLPDeduper `json:"deduper,omitempty"`

// `filters` let you define custom filters to limit the amount of generated flows.
// +optional
Filters []FLPFilterSet `json:"filters"`

// `debug` allows setting some aspects of the internal configuration of the flow processor.
// This section is aimed exclusively for debugging and fine-grained performance optimizations,
// such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk.
// +optional
Debug DebugConfig `json:"debug,omitempty"`
}

type FLPDeduperMode string

const (
FLPDeduperDisabled FLPDeduperMode = "Disabled"
FLPDeduperDrop FLPDeduperMode = "Drop"
FLPDeduperSample FLPDeduperMode = "Sample"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jpinsonneau a possibility could be to add a "Merge" mode here that would involve infinispan like in your PoC

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good; but should we offer all of these or just support one or two modes in the end ?

Copy link
Member Author

@jotak jotak Mar 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see pros and cons on every mode and no clear "winner"

  • Disabled to make sure we get every flow / not loosing anything
  • Infinispan-based is similar but with performance impacts (positive on Loki, negative on FLP) and adds a new component, so it requires more configuration
  • Drop is the best for overall performance but looses data
  • Sample offers a compromise between Drop and Disabled, providing statistical samples of dropped flows

)

// `FLPDeduper` defines the desired configuration for FLP-based deduper
type FLPDeduper struct {
// Set the Processor deduper mode (de-duplication). It comes in addition to the Agent deduper because the Agent cannot de-duplicate same flows reported from different nodes.<br>
// - Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer.<br>
// - Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.<br>
// - Use `Disabled` to turn off Processor-based de-duplication.<br>
// +kubebuilder:validation:Enum:="Disabled";"Drop";"Sample"
// +kubebuilder:default:=Disabled
Mode FLPDeduperMode `json:"mode,omitempty"`

// `sampling` is the sampling rate when deduper `mode` is `Sample`.
//+kubebuilder:validation:Minimum=0
//+kubebuilder:default:=50
Sampling int32 `json:"sampling,omitempty"`
}

type FLPFilterMatch string
type FLPFilterTarget string

const (
FLPFilterEqual FLPFilterMatch = "Equal"
FLPFilterNotEqual FLPFilterMatch = "NotEqual"
FLPFilterPresence FLPFilterMatch = "Presence"
FLPFilterAbsence FLPFilterMatch = "Absence"
FLPFilterRegex FLPFilterMatch = "MatchRegex"
FLPFilterNotRegex FLPFilterMatch = "NotMatchRegex"
FLPFilterTargetAll FLPFilterTarget = ""
FLPFilterTargetLoki FLPFilterTarget = "Loki"
FLPFilterTargetMetrics FLPFilterTarget = "Metrics"
FLPFilterTargetExporters FLPFilterTarget = "Exporters"
)

// `FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions
type FLPFilterSet struct {
// `filters` is a list of matches that must be all satisfied in order to remove a flow.
// +optional
AllOf []FLPSingleFilter `json:"allOf"`

// If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted.
// +optional
// +kubebuilder:validation:Enum:="";"Loki";"Metrics";"Exporters"
OutputTarget FLPFilterTarget `json:"outputTarget,omitempty"`

// `sampling` is an optional sampling rate to apply to this filter.
//+kubebuilder:validation:Minimum=0
// +optional
Sampling int32 `json:"sampling,omitempty"`
}

// `FLPSingleFilter` defines the desired configuration for a single FLP-based filter
type FLPSingleFilter struct {
// Type of matching to apply
// +kubebuilder:validation:Enum:="Equal";"NotEqual";"Presence";"Absence";"MatchRegex";"NotMatchRegex"
// +kubebuilder:default:="Equal"
MatchType FLPFilterMatch `json:"matchType"`

// Name of the field to filter on
// Refer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html.
// +required
Field string `json:"field"`

// Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow.
// +optional
Value string `json:"value"`
}

const (
HPAStatusDisabled = "DISABLED"
HPAStatusEnabled = "ENABLED"
Expand Down
104 changes: 104 additions & 0 deletions apis/flowcollector/v1beta1/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

62 changes: 62 additions & 0 deletions apis/flowcollector/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading