►
From YouTube: Antrea Community Meeting 08/15/2022
Description
Antrea Community Meeting, August 15th 2022
A
Hello,
everyone
welcome
to
the
entry
community
meeting.
Salvatore
is
away
today,
so
I'll
be
replacing
him
for
for
this
meeting
again
and
as
far
as
I
know,
we
have
two
things
on
the
agenda
today.
The
first
thing:
the
major
item
is
online.
We
will
present
the
updated
graphene
home
page,
the
customized
graph
graphing
home
page,
that
the
team
has
built
for
the
saya
observability
solution,
and
the
second
item
on
the
agenda
is
chen
will
give
like
a
super
quick
update.
B
B
Okay,
so
I'll
first
talk
about
the
motivation
here.
So,
as
you
might
already
know,
one
of
the
major
feature
of
project
thea
is
is
network
flow
visibility.
For
for
the
for
the
network
for
visibility,
we
are
using
grafana
as
the
as
the
visualization
tool
and
we
are
using
click
house
as
the
data
storage.
B
So
the
workflow
is
like
this
flow.
Aggregator
will
export
flow
records
to
clear
house
data
storage
and
a
graphana.
Will
we're
using
some
sql
query
to
create
to
query
the
click
house,
data
storage
and
get
the
data
and
plot
data
to
some
diagrams
to
visualize
the
networking
metrics
that
we
are
interested
in
the
cluster?
B
B
B
So
these
are
all
the
six
pre-built
dashboards
and
currently
on.
The
issue
we
found
is
is
about
the
home
page.
So,
as
we
can
tell
here
on
top,
it
has
a
welcome
to
graphana
and
some
links
to
the
documentation,
and
then
it
has
some
instructions
about
how
to
use
grafana,
and
here
is
a
a
dashboard
links
panel
and
on
the
right
hand,
side
has
some
latest
from
the
graffana
blog.
B
So
the
main
issue
is
there
is
nothing
relevant
with
project
thea,
and
that
is
the
first
issue.
It's
more
about
a
default
on
graphina
home
page,
and
the
second
issue
is
in
the
dashboard
panel.
We
might
think
we
might
see
some
links
here
linked
to
the
dashboard,
but
if
you
take
a
closer
look,
they
are
under
the
recently
viewed
dashboard,
which
means
if
we
log
in
the
graphana,
without
seeing
any
dashboard
here
will
be
empty
like
like
this
here
here
is
the
home
page,
we'll
see
if
we
first
time
log
in
here.
B
B
B
B
These
are
kind
of
like
a
cluster
overview
and,
on
the
right
hand,
side.
We
have
a
text
panel,
including
a
short
description
of
project
thea.
It
includes
some
documentation,
link
directly
to
the
documentation
part
in
our
apple,
and
I
also
put
a
logo
of
entry
here
and
below
it.
It
has
a
short
short
introduction
of
each
of
the
preview.
Dashboard
basically
introduce
what
is
included
in
each
of
the
dashboard
and
concludes
each
of
them
in
one
sentence.
B
And
on
the
below
here
is
a
a
diagram
showing
the
top
10
active
source
paths.
I
define
the
top
I
define
the
active
by
by
which
pause
send
the
most
bytes
in
the
selected
time
range,
and
here
we
also
have
the
number
of
flow
records
received
per
minute
here.
It
will
show
in
this
minute
there
are
54
flow
records
being
received
and,
on
the
right
hand,
side.
We
have
a
dashboard
links
here.
C
B
Yes,
so
so
it
means
so
I
I
define
it
by
the
flow
and
reason
field
if
the
flow
is
already
ended
and
the
connection
is
already
ended
in
this
selected
time
range.
The
last,
for
example,
here,
is
the
last
30
minutes.
Then
this
count
will
be
the
accumulated
kind
of
the
connections
that
has
has
already
stopped
ac.
C
B
Yes,
that's
true,
so
basically,
it's
counting
like
how
many
distinct
connections
has
stopped
in
this
likely
time
range
and
we
defined
and
stopped
by
querying
the
data
in
the
font,
which
flow
record
have
the
flow
and
reasons
equals
to,
for
example,
three.
That
means
the
connection
is
already:
it's
already
stopped.
Yeah.
D
B
C
And
then
another
question
is
about
the
data
transmitted
and
all
those
throughput.
Do
you
think
that
value?
If
we
add
a
data
transmitted
and
throughput
about
cluster
to
external
connections,
feel
people
may
may
be
more
interested
in
that
kind
of
data,
because
that
can
show
how
this
cluster
communicate
with
each
other
with
the
bandwidth
and
how
many,
how
many
data
they
they
have
chance?
They
have
translated.
B
B
C
C
D
C
D
D
D
B
D
D
B
A
B
A
B
A
A
C
Yeah
thanks
antoni
for
until
1.8.
Currently
we
have
three
parts
left
of
there
are
about
the
issues
found
in
the
last
release.
The
first
one
had
been
uploaded
about
only.
I
think
I
couldn't
much
it
after
the
test
succeeded
and
there's
this
there's
another
one.
I
found
in
the
last
minute
after
merging
the
pr
for
supporting
auditor
logging
for
kubernetes
network
policies.
C
Oh
sorry,
there's
no!
No,
not
that
one
after
merging
the
pr
that
supports
name
spaced
group
for
anti-narrow
policy.
I
found
that
if
we
use
net
policies,
if
we
use
nested
groups
for
internal
policy,
there's
no
validation
to
to
to
disallow
the
the
this
parent
group
referring
to
a
child
group
which
select
a
namespace
in
in
which
sex
ports
in
other
name
spaces.
So
this
internal
policy,
even
though
it
is
a
name
space
scope,
it
can
apply
to
ports
in
in
other
name
spaces.
C
So
it's
a
security
whole.
So
I
think
this
is
the
must
to
fix
in
this
release.
I
already
work,
I'm
already
working
on
a
patch
to
fix
this,
but
the
pr
will
need
to
based
on
the
refactoring
pr.
So
I
should.
I
should
push
a
pr
for
review
later
today
and
if
everything
goes
well,
we
should
merge
this
tomorrow
and
another
is
a
minor
one.
This
this
issue
already
existed
for
several
releases.
I
think,
but
we
just
found
it
this
month.
C
C
C
But
this
pr
removes
this
clean
up,
so
I'm
not
sure
whether
it
is
safe
to
just
merge
it
and
we
are
still
working
on
fig
figuring
out
how
the
glues
are
cleaned
up
and
whether
it
is
safe
to
modulate
this
change.
But
since
this
issue
already
existed
for
several
releases-
and
this
is
the
first
time
we
found
it-
I
think
maybe
it
is
risky-
we
could
have
have
a
patch
release
for
this
fix
later
after.
We
feel
it
is
safe
to
merge
the
patch,
but
we
we
we
must
have
this.
E
I
try
and
I
was
just
just
trying
to
mention
that
for
402.8
I
was
having
some
minor
comments:
they're
they're,
pretty
they're,
basically
just
needs.
I
do
apologize.
I
couldn't
find
time
earlier
today
to
to
review
it,
but
I
think
for
that
one.
If
all
tests
has
passed,
you
can
basically
address
my
comments
in
the
next
pr
that
you're
about
to
open.
That's
totally
fine
by
me.
C
D
C
C
C
B
D
D
B
A
F
Actually
because
you
know
that
in
1.7
we
have
multi-class
gateway
support
and
it
allows
cross-cluster
traffic
to
go
through
the
tunnel
and
there.
So
the
different
cluster
can
access
a
remote
service.
But
in
current
implementation
we
allow
the
user
to
annotate
one
node
to
become
become
a
gateway
or
it
can.
They
can
annotate
multiple
nodes,
but
the
only
the
last
created
one
will
be
the
active
getaway
and
if
the
node
is
filled,
we
didn't
take
any
action
for
that,
which
means
that
we
didn't
support
the
high
availability
of
a
gateway
of
in
1.7.
F
F
If
you
fear
we
have
a
a
more
you
know,
strong,
strong
way
to
support
a
tree
yeah
and
for
now,
as
I
just
mentioned,
that
we
didn't
detect
the
node
failure
when
the
gateway
is
notice,
maybe
it's
stopped
or
just
not
ready
in
the
kubernetes,
but
we
may
not
check
that
information
to
recreate
the
gateway.
So
for
now,
in
this
first
phase
we
did.
We
actually
didn't
change
any
crd
and
but
just
some
a
few
process,
so
we
changed
in
different
controllers.
F
The
from
user
perspective,
the
same
as
before
user
need
to
annotate
the
nodes
with
annotation
this
annotation,
and
as
long
as
the
nodes
has
this
annotation.
We
think
this
is
a
gateway
candidates,
so
it
can
become
a
active
gateway,
but
only
when
the
node
is
ready.
You
know
that's
when
we
create
the
node
so
inside
the
kubernetes.
F
It
may
not
ready
when,
even
when
you
already
annotate
the
note,
so
we
as
a
matte
class
controller
will
watch
the
node
readiness
and
make
sure
that
the
first
writing
note
with
this
annotation
will
be,
will
be
the
gateway
and
when
this
nodes
would
be
in
the
gateway,
then
the
gateway
cr
will
be
created
by
the
controller.
The
gateway
will
be
like
this
one,
and
so
there's
no
difference
as
before,
and
the
nodes
will
be.
F
The
the
gateways
name
will
be
the
same
as
a
node
name,
and
there
are
few
refinements
for
the
node
controller
and
the
gateway
controller.
The
first
part
is
we.
We
will
refine
the
note
controller
to
watch.
You
know
that.
Will
already
watch
the
note
event,
but
we
will
also
check
the
notes,
readiness
information
to
make
sure
that
we
will
take
different
actions
based
on
the
node
readiness.
F
So
when
suppose,
there
is
only
one
node
with
a
annotation,
then
the
controller
and
the
node
will
is
also
ready.
Then
controller
will
create
the
gateway
and
they
get.
You
will
see
the
gateway
cr
in
the.
If
you
use
a
couple
to
list
the
gateway
and
if
there's
any
new
nodes
becomes
a
gateway,
I
mean,
if
it
has
new
annotation
with
a
gateway
annotation,
then
it
will
become
the
gateway
candidates.
F
F
Wouldn't
the
you
know
that
we
have
a
gateway
cr
here
and
if
this
gateway
is
filled
and
it
becomes
not
ready,
then
our
controller
will
delete
the
existing
gateway
cr
and
it
depends
on
the
it
depends
on
the
gateway
candidates.
It
will
take
different
action
first,
if
the
gateway
candidate
is
not
empty,
then
our
controller
will
check
the
candidates
and
check
the
notes.
F
Readiness,
if
the
note
is
ready-
and
it
will
be
pick
the
first
one-
it
will
be
in
alpha
if
alphabetic
order-
and
it
will
pick
the
first
ready
one
to
create
the
new
gateway,
cr
and
yeah,
but
if
there's
no
gateway,
which
means
in
current
environment,
you
may
have
only
one
node
with
this
annotation
and
as
this
node
becomes
not
ready,
then
the
controller
after
the
controller
deletes
the
existing
gateway
cr.
The
controller
will
take
no
action
here,
because
there's
no
longer
available
nodes
to
be
the
gateway,
then
the
gateway
controller.
F
Then,
if
there's
any
empathy
update,
then
the
controller
will
just
update
it's
correspondingly,
for
example
the
notice
external
ip
or
internal
ip
changed.
Then
we
need
to
reflect
this
information
in
the
in
the
resource
export
in
the
later
cluster
and
when
the
gateway
is
delete
deleted,
then
the
gateway
controller
will
just
delete
this
kind
of
resource
exporting
the
lead
cluster.
F
So
it
will
be
simpler
than
current
implementation,
because
in
current
implementation
we
allow
multiple
gateway
being
created.
Then
we-
and
we
pick
up
the
last-
created
one
and
exported
the
last
graded
one
and
yeah
the
class
information
kind
of
resource
exports.
Actually
we
didn't
do
any
change
here,
so
it
will
kept
kept.
F
So
we
can
make
sure
that
we
only
have
one
active
gateway.
As
long
as
the
multi-class
controller
is
running,
it
will
check
that
if
there
are
any
new
getaway
creation
events
coming
to
make
sure
that,
if
there's
any
existing
gateway,
then
it
will
deny
the
request
to
create,
which
means
any
creation
will
be
filled.