Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Antrea / Community / 11 Sep 2023
Antrea / Community / 11 Sep 2023
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Antrea Community Meeting 09/11/2023

Description

Antrea Community Meeting, September 11th 2023

A

All right, good morning, good afternoon good evening, thanks for joining the systems of gentria community meeting today is Tuesday September 12th and we have quite a few topics on the agenda. For today we will start with a new crd design for live tracing, and this will be presented by Hank and uh then we'll have a discussion regarding and and CTL support for, VM agency mode by Mandy. Okay. So since we have aquately quite a few things to discuss, maybe it's better if we start immediately and let's start with the live tracing, please do your presentation.

A

Okay,.

B

Thank you, I'll just share my screen.

B

Okay, so can you guys see my screen? Yes, okay, thank you. So uh today, I would like to present the new CID design for live tracing. So during the past year we have been. We have proposed a few uh design for for this feature, including the uh EB version and the uh using the trace flow crd version. uh So after a few run, our discussion today I would like to introduce a new CRT, which is a specifically for the uh laboratorian feature.

B

So a few first I would like to spend some time to introduce the the background for this feature. uh We we have a existing crd for the choice flow and it is supported to you to capture the first packet of another flow, and uh but we want to exist in exchange this feature by capture more packets, because you in in most of the cases such as gcp, we would like to.

B

Maybe the users want to capture more packs, like uh a full session for a TCP uh run CCP session, so I I think this would be a useful feature for, for some of the trash cases for Network like bugs or videos. So, uh in a new study has the following benefits: compared to exchange the existing Chris flow crd, the first one is we we can keep the all the trace flow crd, it's a voice like a constraint preference and it's more.

B

We we wouldn't like bring like unrelated features to the previous flow CRT, and we can uh a new crd. We can also have better support for additional sample method, because we we we can we we have a few choices for the for the capture method and we would like to support this this this method in the future, and the final benefits is that we can. uh We have more choices for the story, because after we capture the package, we need a storage location storage.

B

We need a storage space to store the package and because uh we we, the user, we we would give users the uh like the time window to fetch the package as as their wishes. So I have a sampling crd example.

B

For for the package sampling feature, uh the basic idea is through uh uh reuse, the package lecture from the trace flow, CRT and reuse. The storage uh storage choices from the support bundle CRT.

B

So, uh first of the spec is we we added our package sampling parameters for, for example, we have a hardware which is which will be set which can be set to let the user decide if whether the sampling is succeeded or not, it will definitely stop at this hard time limit and after the uh an extra field is the the type of the sampling.

B

So uh in the First Development phase, we would like to support the most simple one, which is called the first unsampling means we we want to capture like the first like 13, 2 or 46 uh like this number of packets, and you can search the number limit in the pyramid. Spec parameter structure. So after uh so uh after this uh sampling related Trails, we have the uh similar structure field, fails as Tris flow crd, because the bear behind the API.

B

We we have a similar logical to choose the network flow, so I think we can reuse the whole structure for flow, select and I. Think it's maybe more familiar for the users as you can. They wouldn't have much learning curve to adapt to the new crd and after we down the couch and get the actual package, so we can uh like transfer the package data to an external field server. This this part was borrowed from the.

B

Collection, crd, which supports users to uh download the the support bundle date from this external server. I think this. This has the similar effect as the selector, because we we already have this design and I I want to reuse the existing crd design to uh to mix the users like feel. This is a more familiar and it's a simple crd, so they can quickly like uh learning the and use and learn this a new feature so yeah. This is the basic idea of the crd structure design.

B

So uh the other topic I want to share is that we we already done some tests on the interval sampling method, which means we can pick one package out of unsampling. This was natively supported by the apifix product, which is also supported. Beauty buzzer OS, it's a built-in feature, so it has better like performance against the first line, sampling and I. Think uh if the cre design was was finished, we can quickly exchange the current uh feature and the support of this sampling method.

B

uh So, during the last session, we we have a question about. If we want to uh support start, the packet and metadata into the raw package fail, because uh in the last meeting we we we use the existing Trace flow.

B

Crd under uh some people may wonder if we can combine the the the the the the trace flow information with the pack raw package metadata and because we we use the pcap and G4 image to store the package data and it has a like a comment section. So we can't like store attribute.

B

uh We can start start various metadata information into this section, so we we may not like support this in the early stage, but I think this possibility. We can't add this feature. Add this feature in the future. So maybe we can add more Flags or failed to the crd to let users decide if we want to add this information uh in their like final uh package data yeah I. Think that will be uh because I is the crd is, is not that uh complex and I reused.

B

The many existing uh structure from the existing crd I'm, not sure if this is the a good design and I, would like you guys to uh share your feedback to to the current design and uh yeah I. Think that would be all for my presentation.

C

I have a.

D

Question about.

C

Them: okay,.

B

Okay,.

C

Criteria, it is for package or for flow, because, if I want to capture package of a session, I could specify the source, port and destination Port, but I would expect that both traffic of on both directions could be captured. So I can see the request and reply and check the delay and check which package is, uh is missing or really wrist wrist chain meeting really transmitted.

C

So my question is this package criteria IP header and the transport header uh only means One Direction right, but would the other direction be included by default? Oh, we need another way to satisfy it.

B

um uh For now, I only considered the the single way, direct single with network flow for the trees for the capture, I I I'm, not sure if we need to like, including the both way, not flowing in the card design I. If if this was a like a mandatory or bad to have feature in in for now, I would like to uh applications are the character design to reflect the changes to support uh both way.

B

I I think the current um spec can can support the replay, Trace flow, replace net flow, not sure which field like uh is, is inconsistent with the uh for which will break as a uh both the the situation you you mentioned, you mean the the protocol failed right or.

C

uh No I mean if I want to capture traffic uh drawing a session uh in the correct trial. We are only match One Direction, because if you match only sport to be one uh 10, 000 and.

D

Then.

C

You will get only the the request.

B

Yes, yes, okay,.

C

It's, but uh that may be not aware, have before uh to debug a whole session, because.

B

When.

C

You see which request didn't get a reply.

B

And.

C

The latency of receiving the reply so.

B

Yeah, yes, in.

C

Most the case, the other direction is also important, so I'm not sure whether it it will be captured by default, or we need another way to that users to uh Express the intention.

E

To.

B

Be honest: yeah we didn't test this case before, but I think the better choice would be.

B

If we can't we, we should make the both three traffic capture, be the default choice for users and if we need more, like failed or Flags to to support this feature, I think we we we can't uh like do this, but by default, but on uh The best scenario is that we we we can't and I think we in that case, we need to be clearly documented this uh this feature for the users that only support One, Direction but uh I, think I.

B

Think I would like to spend about some time to doing some uh POC test for the both way traffic first to and if, if we need some failure, changes, I would like to update the CR this design to reflect the the the underlying changes.

B

Yeah I think we we better support this uh case and which is a best Ambassador for the choice, and if we can't we we need to clearly let the users know yeah.

E

Okay,.

C

Thank you, I have another question regarding the uh data structure of the API.

F

I.

C

See that currently, when there is only one type.

E

um A.

C

Time Field and uh parameters field under the the type of specific parameter is in parameters fields and when we have another type, I see you put another type specific parameter in parameters field as well, so I I feel this is not very cumulative style because you usually, we need to figure out what parameters should be used for what type and normally in a community Style API the type and the types specific parameters, uh Association Associated and in a way of key and value so that perhaps it's like you have first and sampling as the key and it's a specific parameters, as the value in the user will know that if I want to use first and sampling, I could only specify number.

C

And if you I, if I use the other type, I only need to certify the other type of specific parameters.

C

I could share some examples.

B

Yeah yeah I got a punch and actually I have done some research for the the the the tab. The tab related field, so I, yes, I, I, think I know that they are. These are this? The current way is not the best choice and I I I didn't I, didn't I'm, not very sure.

B

What's the best choices for for this kind of spec to to be present so uh I I guess I I feel like a maybe this is the most simple one and it is a bit of overhead to uh create a like a full type specific structure for the sampling uh related part, but I think uh yeah, your you.

B

uh We it's better to follow the best practice from the kubernetes community. So I really appreciate you like share the the some good examples for for this practice design. Yeah. Thank you.

E

Is.

D

About.

C

The the data we captured.

D

You mentioned.

C

It's A, pcapp and G, so could it be passed by TCP dump like to us.

B

uh You mean, as it can be pleasured by the gcp dump tools, yeah.

C

Yeah.

B

uh

B

I I think so: I I didn't test it yet, but I see I have some like uh documents related to the similar design, so I I'm pretty sure it will. But I I need a fan of like confirmation for confirm for this yeah.

C

Okay, thank you, I think it's good to um TCB down to be able to pass it because normally we we want to leverage that tour to or what shark to do some searching on the filtering to analyze the traffic. If it's not compatible, I think it would be a little hard to troubleshoot with this low data.

B

Yeah yeah sure for sure I will reflect this in the design under and I think we. We need to point this part out in the final user document yeah it's a it's a very important part for the competitive of existing tools.

C

Okay, thank you.

A

Okay, do we have any other questions for him on this topic.

D

uh Yeah, hello I have a question about the five server parts so that to design a few fields for where to store the package capture packages, I'm wondering if there is a way I mean you know there are lots of fears, rights, I, feel it might be better. We can provide a song different way. Maybe for a cluster there is a default setting which the package sampling CR can refer to them. User may not have to set this field.

B

We we have a like a local storage version for for this part, but I'm not sure if this it's it's a like a production, ready solution for for this, that we we have some discussion in the last presentation by shui and batch the Lock Storage, a design is not very stable because it may lose data after the update our how to restart so I yeah I'm, not sure if this a a good choice for foreign.

D

Server, for example, the SFTP.

A

They.

D

May all have the same five server right, but.

A

If.

D

User need to have this package samplings there they have to imposes all this information repeatedly. I mean that maybe we can uh save the effort if we can I mean use a default one and maybe refer to I'm, not sure it's. uh If there is in any way, maybe trian household in the kubernetes way how the difference they are the handle these parts, but I feel it might be useful to setting a default. Allow user to set a default storage.

D

All these fields again again in this crdm.

B

Yeah I have this. This question has occurred to me in the design before the you have during I'm. Designing this crd. So I also wonder if there are existing ways to to support like a share share. The crd structure between different crds I I didn't find a like a character way to doing so so I think the the current part A we we can only can do like share, uh also security.

B

Maybe this is the as the most of we, and this is the what we can do for now. uh I'm, not sure if you do, you know any like uh better solution for for this case. If we can share the the same same information between differences, crds.

C

To avoid the redundancy.

D

Normally.

C

Another object will be created and then you can reference refer to that object in this one, and it could be multiple one into one so, but it would mean the the design would require at least two objects and more complexities. So um we need to assess whether it's was, for example, low and low binding. There are two objects and one refer to another one: to represent that a user has some laws and also the processing the volume and the position value claim.

C

It is also like this, but I think at least even the support bundle just have this redundant information in each object, but if I have two support, bundle, requests I would have to create two collection.

C

Objects and the fill in the same file, server and authentication information right.

F

Yes, currently, yes, yeah.

C

Perhaps we could consider a in the future if this feature is widely used and the people it complains about the redundancy we could consider create. Another object, reused by support bundle, crashing and package sampling to refer to that object to reduce the redundancy. But a FL is not very important and the first stage.

B

Yeah yeah, okay, thank you.

D

Yes, yes thanks I think maybe how you can maybe write down uh to do.

B

Yeah yeah for sure.

D

Sex.

A

All right, so, if we don't have any other question, I will move to the next Topic in the agenda uh waiting a few seconds.

A

Okay, it seems that it might be all for this thanks a lotion for this presentation and thanks a lot for everyone who providing their feedback. So next topic is about uh ant cattle support for VM agency mode and mainly is going to present it. Please go ahead.

A

Foreign.

F

Okay,.

F

Okay, I'd like to share the proposal for uncuttled support on VM agent, and the current status is that uncut hole is not supported for VM agents. So if we run and cuddle on VM agents, it will be treated as uncuttled controller mode and it can cause some unexpected.

F

Output and I have pasted the code script that Huawei designer mode right now, since 4vm agent, we can see that we are not running import and don't have any environment variable here, so it will fill for these checks and fall into the default mode, which is which is mode controller.

F

So if we don't want to introduce any new environment variable for uncuttled specifically, and we will need a way to distinguish the controller mode and the VM agent mode, also a VM agent wheel mode will be like mode agents, but it also have some difference and compared to the to agent mode and VM agent can only support a subset of command lists, because we are now only focused on ensure Network policy.

F

Also, we, the current and cattle agent mode, have some outputs that are designed for pause. For example, I have pasted the output here we can see that get an agent info. We will have field like Port, note, subnet, local pause or the get applied group. We can see the field ports here. They are designed for the ordinary kubernetes node and for part, but not designed for VM agent.

F

So as a result, I awake come to this proposal and my proposal here is to introduce a new Global flag called mode for encato, and the value here can be controller agent flow, aggregator and VM and controller agent and flow aggregator. Other current mode, which we have already supported and the VM mode is the newly added one and when the flag is not set, we will keep identifying mode by using the environment variables or the pole names like what we have done before.

F

But if the global flag mode is set, it will have a higher priority and for VM agent case the flag must be set as VM on which this mode flag. We can also customize the output according to mode, and here is my proposal and I have finished the POC according to the proposal. So if people don't have any um question of according.

F

Sorry.

F

uh So if people don't have any question regarding this proposal, I can show a short demo for what I have done and we- and we can see if there is any comments on regarding this proposal and solution.

F

So.

F

Oh, it's like the import, the previous, the part, the the agent mode that we need we need to. We can see that we will always have a flag called mode on on array and cattle command for running on VM agent.

F

So for version we can get the agent version, the Untitled version, just like the uh you are running and cattle via the agent port. We can see the current command that I have supported in this demo.

F

Here it shows the available commands that I have and finished in this demo.

F

We can see the address group agent info apply to group and network policy. These are the commands that which have already been supported for podcasts and the entity. Interface is a new one that I and added for VM mode specifically and for the uncut holes. Sorry and cuddle support.

F

And for agent info, we can see that it will have the only have the fields that related to VM and for previously I have pasted the results. For here you can see that the port note, subnet and localhost. This fields are not shown on for VR mode.

F

And otherwise other ones like.

F

And there's no change for the network policy output and therefore the apply to group and address group I have adjust a little bit.

F

And previously it will show the fields pause here and for VM mode, the applied to only external entities. So here we only show the external entities instead of pause and for address group.

F

Improve variously for pause, it has column, pod, IPS and node IPS, because the from 2 field of the NP can also be external entity selector for VM case that I add a new One external entity eyepiece here to show the uh to show the IPS for address group.

E

um It should be the same between women, the port right, even for.

F

Yeah, yes, that's true, so the um I I think there is a issue for the current um uncut or Imports as well, because this field are not shown.

E

Okay,.

F

um These are the an entry agent info and the NP related field uh commands, and this one is the newly added one uh you can you. You must remember that we have uncut to get poly interface for the for node age. For the agent case, and here we can.

F

Also, just always remember to have a mode flag VM here for each command, and we can see that it will shown the external entity its corresponding interface and OBS port.

E

Here are a quick one here, um if you want to call this model, where maybe you should just say, VM interface,.

F

On this one right, I.

E

Mean that.

F

Yes, okay, okay,.

E

And even for the calling police you think about uh what sound should we use when, instead of externality or not.

F

Okay, okay, also this one um okay.

E

uh I didn't think soon, the uh just a general comment fully. You should think about uh each column.

F

One by one.

E

I'm not sure columns or just some a subset of the columns two grams.

F

Okay sure.

F

Any other comments do.

D

You like this idea, uh I had a question about the mode of permitted to be support. Reading the environment, yes,.

F

Yes, so far for the Untitled running, import or or controller mode, if you don't specify this one, it will. It will work as what we have done previously, but for VM, because you must have this mode, but if you are running a controller mode or agent mode, you can also specify this mode parameter.

D

But I mean I mean it's better to support, uh allow user to set an environment variable. Then they don't have to input these parameter in the command line. I mean yeah.

F

I I discussed the this solution with saying that, um generally, we don't want the answer to to write uh the environment variable for uncato to read yeah, because if I I mean my first version, I have think about this. One I write I write them like the as a type, the mode, the environment variable via the entire agent that, after discussed with weighing, we don't think it's a good way for for enter agent to to write any environment variable, but but I'd.

D

Like to know I mean I didn't mean to use the anacato to sell the environment, I mean a user, for example, when you run Commander, sometimes you will see the seller one environment variable. Then you reuse it in the following Command right.

F

I I think we can support I mean you can comment.

G

Yeah, uh sorry, sorry for interrupt um actually learn. um We have some offline discussions uh to to choose whether we should introduce a environment. Variable I'll use a parameter in antarctal command lines to specify the the mode um we firstly choose the parameter, because that's for for them case.

G

um The difference is uh the agent is running around the VMS and we do not have something like the Pod or containers which can inject some environment variables automatically by the other modules like Cube cards, cubecutes or something like lights, so for for them case. If we want to introduce the environmental variables, it means that we may require an additional user steps to set the the the the verbals and women require the user to initialize the environmental variables inside in the in the Machine level.

G

Not only the shell level, um so I don't think it is a simple step for the user.

D

To go to a point: I didn't mean you have to choose one or another way: I just mean that you can have this parameter in the meanwhile, you can have the environment variable rights, just like the the group config parameter, I, think when we didn't impose a parameter with the value it will read from the environment right.

G

I just want to confirm you mean you mean those two solutions: I expected.

D

Yeah yeah I mean that's you. We can have this small parameter and the EXP allow user to set it explicitly right.

D

If we usually want to use the environment variable and the light to remove this parameter, just a sales tab in each command, then it's maybe that's it I just mean you can do it like the Google config way.

C

Perhaps more explicit and use a friendly way is to have a command a sub command, to set a mode or for ankato and persisted the config in a standard and CTO tasks like the the dot and the CTR file under the home directory of the user like a cubeconfig, so that a user could switch mode at one time one time and don't have to specify the mode for the following commands.

C

When setting up the environment, we could use unsaterial set mode with M and just is killed it once. Then, we write this mode into the configure file and then use it on how to specify the mode for the following commands and if they want to switch to connect to a kubernetes cluster, they could change the mode like a set mode uh uh remote or something like that.

C

Yeah yeah, I.

D

Agree with sure that would be better and a better way to do this, and we can extend in the future in this way, yeah yeah.

C

Environment, the problem of environmental variable is, is to implement.

G

Implicit.

C

uh We either want to know that without looking at our document carefully- and it's not persist at the.

D

Opening.

C

Another terminal.

F

Okay, mixes yeah, okay, I will add a command called set mode, and then we can use this one to the center mode and don't need to answer this mode flag. Every time.

E

The status mode flag right.

F

Yeah yeah I I think song.

A

I was just asking if there is any other question for you: Mandy.

F

Yeah I don't have any any other thing to show. So if there's no question I'll stop sharing.

A

Okay sounds good: let's wait a few more seconds for additional questions.

A

And it appears that it might be all for many details thanks a lot for for this presentation and uh we added to very good presentations today, which was a very great, a very good meeting, and since we have still some time, uh if there is any other topic that you would like to bring up, please go ahead.

A

Waiting a few more seconds, unfortunately, I, don't have anything to bring up for myself and well. It looks like that it may be all for today, so I would like to thank everyone for attending and, most importantly, thanks for hang and Mindy for the presentations and see you in two weeks time for the next instance of the community meeting thanks again and I wish everyone a good afternoon or a good night thanks.

A

Bye, bye.