Closed antoninbas closed 1 year ago
Thanks Antonin, + @xliuxu to evaluate the UI solutions.
@vicky-liu @xliuxu to clarify, I have already implemented a PoC using React + Clarity, with support for Traceflow. I will be presenting it at the community meeting on Monday. I'd be happy to discuss possible UI alternatives at the meeting.
Just dropping a pointer to the Headlamp K8s UI project here: https://www.headlamp.dev/ - it has support for plugins, and has been submitted to CNCF for Sandbox. The team is in the #headlamp channel in Kubernetes slack if you want to connect.
@ahrkrak I appreciate the pointer. I am a bit wary of the plugin model (bad experience with Octant), because breaking API changes can be very painful and it's hard to know ahead of time whether the plugin framework will cover all your use cases. I can see the Headlamp plugin framework as being valuable if you have some CRDs and for which you want to provide a web page, or if you want to customize an existing resource page. However, all the plugin examples are pretty simple, and we have some advanced needs for the Antrea UI. In particular, we need to have a custom backend that can call different APIs (K8s / Antrea APIs).
It's not clear to me that Headlamp supports customizing the backend, or non-K8s APIs.
Makes sense. Just wanted to make sure you're aware of it. I think you're right that plug-ins are FE only - you'd have to write a separate backend service currently.
Antrea UI v0.1.0 is out (https://github.com/antrea-io/antrea-ui/releases/tag/v0.1.0), and the Octant plugin is deprecated in Antrea v1.12. Only remaining item for this issue is to remove the Octant plugin altogether post v1.12.0 release.
Closing this issue. The Antrea Octant plugin has been removed from the code base.
Describe what you are trying to solve
Octant is no longer maintained. Therefore, we should stop investing any further effort into the Antrea Octant plugin, and we should look for an alternative. On a side note, it seems that there could be a security risk associated with the way in which we run Octant (as a K8s Pod): https://github.com/vmware-archive/octant/issues/3370
IMO, this is a good thing, as the Octant-based solution was never very useful:
replace
directives in the go.modIn the words of 1 Reddit user:
Describe the solution you have in mind
I suggest that we deprecate and remove the Octant plugin from Antrea, and replace it with a custom web UI. Below is a screenshot of something I have built using React. Obviously it is just a start, and we could start small and improve over time. Unlike with Octant, it is easy to build functionality & value over time with a custom web UI:
Traceflow is just a place to start, we could expose metrics and flow visibility data:
We could also support executing NetworkPolicy recommendation jobs from the UI.
Describe how your solution impacts user flows
IMO, it should be built into Antrea and we should keep it as simple as possible. We need an extra container which can server the frontend React App, and process API calls from the frontend. This container can be run as its own Deployment or can be included in the antrea-controller Pod.
For a typical user, the steps will be as follows: 1) deploy the Antrea UI (if separate Deployment, otherwise it can be part of the antrea-controller Pod by default) 2) run
kubectl port-forward <svc name> 8080:<svc port>
to expose the Antrea UI locally 3) visitlocalhost:8080
in browser to access the UIDescribe the main design/architecture of your solution
We need to define some authentication mechanism for Antrea UI APIs. Could be password-based (similar to Grafana) or use a K8s bearer token? If the latter, we need to provide a convenient way for users to retrieve a token.
Alternative solutions that you considered
From an API perspective, there are multiple options. The current solution is a custom HTTP API server (part of the Antrea UI container) which in the case of Traceflow will translate the API call into a Custom Resource. Theoretically, the frontend could also access K8s APIs directly, but accessing K8s APIs from the browser is not a common scenario (except when using
kubectl proxy
). Some UI features (e.g., Network Visibility) require a custom API anyway.