Closed bhale closed 7 months ago
Hi @bhale. Thanks for your PR.
I'm waiting for a netobserv member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test
on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test
label.
I understand the commands that are listed here.
I think this pattern is going badly, partly because there isn't a logical place to put the new fields... the previous Kubernetes enrichment section added strings that don't change or contain values, like source namespace. With the new data being produced upstream in the ebpf agent, there are new fields we want to export that are not static data / enrichment, or data that already exists in an IANA data model - such as timeFlowRttNs. Should we be looking to create a third set of fields, or am I missing a better solution?
Hi @bhale , thanks for the contrib!
I am not super familiar with the ipfix code, perhaps if @praveingk is around he can better answer that me. I'm not sure to understand what you mean when saying "the previous Kubernetes enrichment section added strings that don't change or contain values" ... kube enrichment should set values and vary according to the src/dst IPs found in the flows, this is not supposed to be static ... or I'm misunderstanding something.
That said, it seems indeed wrong to tie agent-specific features such as RTT to the K8s model, as this isn't related to k8s. I'm not sure how to do that (as said I'm not very familiar with this code) but I can take a look and try
@bhale Thanks for addressing this. I had previously added enrichEnterpriseID to support fields that are not supported by IANA registry and a custom registry. In this case, RTT isn't supported by IANA, and it makes sense to add a separate function and not adding as part of K8s enrichment.
@bhale my PR https://github.com/netobserv/flowlogs-pipeline/pull/606 adds a test with ipfix that should be helpful here There will be a small conflict with your PR, as you'll then need to add any additional field managed in a global list here: https://github.com/netobserv/flowlogs-pipeline/pull/606/files#diff-9f1ae1c930f06df67c0493ad41f8774ae4fa31832f12f7a8d4f38f0ffa534b74R79-R81
@bhale my PR #606 adds a test with ipfix that should be helpful here There will be a small conflict with your PR, as you'll then need to add any additional field managed in a global list here: https://github.com/netobserv/flowlogs-pipeline/pull/606/files#diff-9f1ae1c930f06df67c0493ad41f8774ae4fa31832f12f7a8d4f38f0ffa534b74R79-R81
This is a huge help thank you! I will rebase on these changes tomorrow, it looks like it will simplify things.
Thanks for all your help and advice, @praveingk and @jotak! I incorporated the refactoring and tests from jotak, integrated my changes to export timeFlowRttNs, and added a test for it. The test passes, and I can see valid data for RTT in IBM SevOne for the new RTT field.
Regarding the comment on using field id 7739 - my colleague has access to a database at IBM that tracks the fields for our enterpriseId. Someone had already claimed 7739, so I skipped it.
Thanks for all your help and advice, @praveingk and @jotak! I incorporated the refactoring and tests from jotak, integrated my changes to export timeFlowRttNs, and added a test for it. The test passes, and I can see valid data for RTT in IBM SevOne for the new RTT field.
Nice 👍
Regarding the comment on using field id 7739 - my colleague has access to a database at IBM that tracks the fields for our enterpriseId. Someone had already claimed 7739, so I skipped it.
ok .. I don't know why exactly it starts at 7733
, it would probably have been better if we had a range that wouldn't overlap with other's using the same enterprise id (if someone not from IBM wants to add a new field, I guess we'll need to coordinate with you ; or change the way it works to allow custom field ids)
btw I've merged my PR, this one should be rebased
btw I've merged my PR, this one should be rebased
Rebase good to go!
@jotak FYI, yes, between myself & Dale Bowie, we track the field ID allocations. The 7xxx starting number was partly looking for a range that doesn't overlap with other IBM products. We should probably switch it from private to public git at some point.
New image: quay.io/netobserv/flowlogs-pipeline:71f5ae6
It will expire after two weeks.
To deploy this build, run from the operator repo, assuming the operator is running:
USER=netobserv VERSION=71f5ae6 make set-flp-image
/lgtm /approve Thank you @bhale !
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: jotak
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Attention: Patch coverage is 0%
with 11 lines
in your changes are missing coverage. Please review.
Project coverage is 66.95%. Comparing base (
ba7ad1f
) to head (6dd5537
). Report is 3 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
pkg/pipeline/write/write_ipfix.go | 0.00% | 11 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Description
I am working on implementing a fix for https://github.com/netobserv/flowlogs-pipeline/issues/544
There are many new fields added to the pipeline but not yet written via IPFIX. I attempted to start with a single field and get feedback before I added several fields using a bad approach.
Dependencies
None
Checklist
I am not familiar with the processes
If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.