[HSRN VIP] Enhance traffic-logger

[nicksome168]

• [x] format outputs into InfluxDB line protocol format
• [x] use telegraf to run the script and validate the InfluxDB line protocol format
• [x] connect to the Kubernetes API server to read the list of pods on the machine it's running, so it can output metrics with pod name/namespace rather than IP address
• [ ] testing this script on a machine with two running pods sending packets to each other
• [ ] add ICMP packet in the traffic logger (containers need to have permission to ping)

I am pushing back any work that involves BPF program such as adding ICMP packets logging and try to get a runnable proof-of-concept first that allows you to instrument pods on a machine to get observability in network traffic within the k8s cluster context.

[nicksome168]

I found another repo that did a similar thing. They have very nice modularization. Some notable differences:

• its BPF program only tracks TCP sent packets, no TCP received packets nor traffic for UDP packets. (I might be mistaken as I am not too familiar with the BPF kernel functions and TCP data transfer lifecycle.)
• it only sends Prometheus metrics on traffic from Kubernetes-managed IPs. But this should not be a big deal.

the author also wrote a medium on this https://medium.com/@isalapiyarisi/getting-started-on-kubernetes-observability-with-ebpf-88139eb13fb2

[nicksome168]

As for ICMP tracing, i looked around and couldn't find the exact code snippet that does what we want here. The closest one I found was this code that intercepts ICMP ping and sends back the pong. We should be able to repurpose it.

[remram44]

I don't know if ICMP is a high priority, we can definitely roll this out and get useful information without it, so it can be done later.