►
From YouTube: Antrea Community Meeting 08/15/2022
Description
Antrea Community Meeting, August 15th 2022
A
Hello,
everyone
welcome
to
the
entry
community
meeting.
Salvatore
is
away
today,
so
I'll
be
replacing
him
for
for
this
meeting
again
and
as
far
as
I
know,
we
have
two
things
on
the
agenda
today.
The
first
thing:
the
major
item
is
online.
We
will
present
the
updated
graphene
home
page,
the
customized
graph
graphing
home
page,
that
the
team
has
built
for
the
saya
observability
solution,
and
the
second
item
on
the
agenda
is
chen
will
give
like
a
super
quick
update.
A
I
think
on
the
entria,
the
1.8
release,
which
should
come
out
in
the
next
couple
of
days
so
and
then,
if
you're
ready
just
just
start,
whenever
you
want.
B
Yeah
sure
thanks
anthony
for
the
intro,
so
so
the
main
purpose
of
the
discussion
is
to
to
gather
more
feedbacks
on
the
customized
graphina
homepage.
Let
me
share
my
school.
B
Okay,
so
I'll
first
talk
about
the
motivation
here.
So,
as
you
might
already
know,
one
of
the
major
feature
of
project
thea
is
is
network
flow
visibility.
For
for
the
for
the
network
for
visibility,
we
are
using
grafana
as
the
as
the
visualization
tool
and
we
are
using
click
house
as
the
data
storage.
B
So
the
workflow
is
like
this
flow.
Aggregator
will
export
flow
records
to
clear
house
data
storage
and
a
graphana.
Will
we're
using
some
sql
query
to
create
to
query
the
click
house,
data
storage
and
get
the
data
and
plot
data
to
some
diagrams
to
visualize
the
networking
metrics
that
we
are
interested
in
the
cluster?
B
B
It
includes
the
count
of
flow
records
currently
in
the
cluster,
and
it
also
has
the
the
details
of
each
of
the
flow
records
like
the
content
of
each
of
the
field.
This
is
the
flow
record
dashboard
and
we
also
have
paw
to
paw
dashboard.
B
B
So
these
are
all
the
six
pre-built
dashboards
and
currently
on.
The
issue
we
found
is
is
about
the
home
page.
So,
as
we
can
tell
here
on
top,
it
has
a
welcome
to
graphana
and
some
links
to
the
documentation,
and
then
it
has
some
instructions
about
how
to
use
grafana,
and
here
is
a
a
dashboard
links
panel
and
on
the
right
hand,
side
has
some
latest
from
the
graffana
blog.
B
So
the
main
issue
is
there
is
nothing
relevant
with
project
thea,
and
that
is
the
first
issue.
It's
more
about
a
default
on
graphina
home
page,
and
the
second
issue
is
in
the
dashboard
panel.
We
might
think
we
might
see
some
links
here
linked
to
the
dashboard,
but
if
you
take
a
closer
look,
they
are
under
the
recently
viewed
dashboard,
which
means
if
we
log
in
the
graphana,
without
seeing
any
dashboard
here
will
be
empty
like
like
this
here
here
is
the
home
page,
we'll
see
if
we
first
time
log
in
here.
B
B
B
B
These
are
kind
of
like
a
cluster
overview
and,
on
the
right
hand,
side.
We
have
a
text
panel,
including
a
short
description
of
project
thea.
It
includes
some
documentation,
link
directly
to
the
documentation
part
in
our
apple,
and
I
also
put
a
logo
of
entry
here
and
below
it.
It
has
a
short
short
introduction
of
each
of
the
preview.
Dashboard
basically
introduce
what
is
included
in
each
of
the
dashboard
and
concludes
each
of
them
in
one
sentence.
B
And
on
the
below
here
is
a
a
diagram
showing
the
top
10
active
source
paths.
I
define
the
top
I
define
the
active
by
by
which
pause
send
the
most
bytes
in
the
selected
time
range,
and
here
we
also
have
the
number
of
flow
records
received
per
minute
here.
It
will
show
in
this
minute
there
are
54
flow
records
being
received
and,
on
the
right
hand,
side.
We
have
a
dashboard
links
here.
B
C
Hello,
the
home
page,
looks
good
to
me.
I
have
a
few
questions.
The
first
is
about
the
number
of
stoppage
connections.
What
does
it
mean?
It
means
the
cumulative
connections,
the
cluster
error
added
or
something
else.
B
Yes,
so
so
it
means
so
I
I
define
it
by
the
flow
and
reason
field
if
the
flow
is
already
ended
and
the
connection
is
already
ended
in
this
selected
time
range.
The
last,
for
example,
here,
is
the
last
30
minutes.
Then
this
count
will
be
the
accumulated
kind
of
the
connections
that
has
has
already
stopped
ac.
C
So
if
user
change
the
time
window,
it
will
even
count
the
the
the
counter
for
started.
Connection
of
a
large
window
like
one
day.
B
Yes,
that's
true,
so
basically,
it's
counting
like
how
many
distinct
connections
has
stopped
in
this
likely
time
range
and
we
defined
and
stopped
by
querying
the
data
in
the
font,
which
flow
record
have
the
flow
and
reasons
equals
to,
for
example,
three.
That
means
the
connection
is
already:
it's
already
stopped.
Yeah.
D
D
Are
closed
due
to
any
reason,
that's
my
feeling
because
stop
sounds
like
it's
stored
by
by
something
like
mad
policy
or.
B
C
And
then
another
question
is
about
the
data
transmitted
and
all
those
throughput.
Do
you
think
that
value?
If
we
add
a
data
transmitted
and
throughput
about
cluster
to
external
connections,
feel
people
may
may
be
more
interested
in
that
kind
of
data,
because
that
can
show
how
this
cluster
communicate
with
each
other
with
the
bandwidth
and
how
many,
how
many
data
they
they
have
chance?
They
have
translated.
B
B
C
B
B
Yeah,
but
I
do
think
like
do
you
think
it
would
be
better
if
we
make
it
clearer
like
saying
it
is
the
vice
and
from
source
to
destination,
and
we
have
another
another
statistic
here:
showing
the
reverse
spice.
C
D
Now,
alan,
so
what
we
buy
by
one
direction,
I
think
you
mean
that
we,
we
compute
water
baths
from
sender
to
receiver.
Right
yes
for
train
you
you're
saying
we
should
you're
saying
we
should
also
have
have
a
mattress
for
the
how
many
bars
is
saved
by
receivers.
That's
what
I
mean.
C
No,
I
mean,
for
example,
if
one
one
client
request
one
server
and
the
request
is
very
small.
It's
just
a.
D
D
D
B
Currently,
for
such
a
connection,
we're
only
we're
only
do
the
summation
for
the
bystand
from
the
source
to
destination.
If
we,
if
we
also
want
to
count
the
bytes
received
by
the
source,
then
we
can
also
add
the
reverse
of
the
delta
account
here.
D
D
D
D
Yeah,
I
think
that
is
a
little
misleading
in
my
mind,
I
think
if
you
see
a
data
transmitted,
probably
we
should
count
both
the
traffic
will
come
to
a
server
and
the
the
reply
from
server
to
account.
B
Yeah,
I
can
count
both
in
the
query
here.
I
can
count
both,
but
I'm
just
saying
currently,
if
we
using
this
query,
it
only
comes
the
bytes
from
source
to
destination,
but
I
can
change
it.
D
B
Maybe
I
can,
I
can
put
the
conflict
page
of
it
in
the
zoom
chat.
If
you.
A
B
A
I
don't
think
it's
publicly
accessible.
A
Yeah,
but
I
don't
think
the
confluence
page
would
be
accessible
if
someone
is
watching
the
recording
of
the
meeting
and
tries
to
access
those
pages,
because
it's
an
internal
vmware
service.
But
if
you
do
have.
B
A
You
do
have
a
github
issue
in
the
cr
repository.
It
may
be
a
good
idea
to
share
the
link
and
to
put
the
screenshots
there
yeah.
A
All
right
thanks
andland,
so
lan
actually
has
a
topic
she
wants
to
bring
for
discussion,
but
I
think
we
will
have
enough
time
at
the
end
of
the
meeting,
because
I
think
chan
is
only
going
to
give
like
a
quick
update.
So
chen,
are
you
ready.
C
Yeah
thanks
antoni
for
until
1.8.
Currently
we
have
three
parts
left
of
there
are
about
the
issues
found
in
the
last
release.
The
first
one
had
been
uploaded
about
only.
I
think
I
couldn't
much
it
after
the
test
succeeded
and
there's
this
there's
another
one.
I
found
in
the
last
minute
after
merging
the
pr
for
supporting
auditor
logging
for
kubernetes
network
policies.
C
Oh
sorry,
there's
no!
No,
not
that
one
after
merging
the
pr
that
supports
name
spaced
group
for
anti-narrow
policy.
I
found
that
if
we
use
net
policies,
if
we
use
nested
groups
for
internal
policy,
there's
no
validation
to
to
to
disallow
the
the
this
parent
group
referring
to
a
child
group
which
select
a
namespace
in
in
which
sex
ports
in
other
name
spaces.
So
this
internal
policy,
even
though
it
is
a
name
space
scope,
it
can
apply
to
ports
in
in
other
name
spaces.
C
So
it's
a
security
whole.
So
I
think
this
is
the
must
to
fix
in
this
release.
I
already
work,
I'm
already
working
on
a
patch
to
fix
this,
but
the
pr
will
need
to
based
on
the
refactoring
pr.
So
I
should.
I
should
push
a
pr
for
review
later
today
and
if
everything
goes
well,
we
should
merge
this
tomorrow
and
another
is
a
minor
one.
This
this
issue
already
existed
for
several
releases.
I
think,
but
we
just
found
it
this
month.
C
Leading
to
the
agent
not
working
but
still
showing
a
show
as
running,
so
we
had
a
pr
to
fix
it,
but
the
problem
is
during
the
review.
I
found
some
confusing,
I'm
not
sure
whether
it's
it
will
currently,
I'm
still
not
sure
whether
the
problem
is
but
me
show
you
the
code.
C
C
But
this
pr
removes
this
clean
up,
so
I'm
not
sure
whether
it
is
safe
to
just
merge
it
and
we
are
still
working
on
fig
figuring
out
how
the
glues
are
cleaned
up
and
whether
it
is
safe
to
modulate
this
change.
But
since
this
issue
already
existed
for
several
releases-
and
this
is
the
first
time
we
found
it-
I
think
maybe
it
is
risky-
we
could
have
have
a
patch
release
for
this
fix
later
after.
We
feel
it
is
safe
to
merge
the
patch,
but
we
we
we
must
have
this.
E
I
try
and
I
was
just
just
trying
to
mention
that
for
402.8
I
was
having
some
minor
comments:
they're
they're,
pretty
they're,
basically
just
needs.
I
do
apologize.
I
couldn't
find
time
earlier
today
to
to
review
it,
but
I
think
for
that
one.
If
all
tests
has
passed,
you
can
basically
address
my
comments
in
the
next
pr
that
you're
about
to
open.
That's
totally
fine
by
me.
A
Yeah,
for
for
the
first
issue,
will
will
we
need
to
backport
the
back
portion
fix
to
previous
releases,
or
is
this
something
that's
new
in
in
this
release?.
C
D
If
I
actually,
I
want
to
ask
the
same
question
for
the
risk
condition.
One
do
you
think
that
is
seriously
now
we
need
to
back
portal
well.
C
It
has
a
chance
to
reproduce,
but
I
only
found
several
failures
since
from
the
test
on
the
tests,
and
then
I
never
heard
a
real
complaint
about
the
issue
or
any
real
issue
caused
by
this.
I
think
it's
not
very
easy
to
reproduce.
C
C
Yeah
yeah,
we
could
also
blackpool
it,
but
since
this
in
this
release,
we
made
a
lot
of
change
to
narrow
policy.
It
may
also
need
some
code
change
when
just
the
cherry
pick
cherry
picked,
the
pr
may
have
many
conflicts
yeah,
but
I
can
still
work
on
it.
B
D
Okay,
got
it
yeah,
I
just
mean
if
it's
too
big,
I
personally
have
failed.
Okay,
we
don't
fake,
saying
one
dot
right.
You.
D
B
A
F
F
Actually
because
you
know
that
in
1.7
we
have
multi-class
gateway
support
and
it
allows
cross-cluster
traffic
to
go
through
the
tunnel
and
there.
So
the
different
cluster
can
access
a
remote
service.
But
in
current
implementation
we
allow
the
user
to
annotate
one
node
to
become
become
a
gateway
or
it
can.
They
can
annotate
multiple
nodes,
but
the
only
the
last
created
one
will
be
the
active
getaway
and
if
the
node
is
filled,
we
didn't
take
any
action
for
that,
which
means
that
we
didn't
support
the
high
availability
of
a
gateway
of
in
1.7.
F
You
know
if
there's
any
gateway,
no
failure,
then
we
can
detect
it
and
make
sure
that
we
can
use
another
getaway
candidates
to
support
the
mud
cluster
feature,
and
we
do
have
a
discussion
in
this
in
this
com
issue
and
but
for
after
a
few
discussion
we
like
to
you,
know
for
the
first
phase
we
like
to
do
a
simple
one,
considering
that
we
have
a
few
more
other
candidates
which
will
be,
you
know,
to
support
the
multi-class
feature.
F
F
If
you
fear
we
have
a
a
more
you
know,
strong,
strong
way
to
support
a
tree
yeah
and
for
now,
as
I
just
mentioned,
that
we
didn't
detect
the
node
failure
when
the
gateway
is
notice,
maybe
it's
stopped
or
just
not
ready
in
the
kubernetes,
but
we
may
not
check
that
information
to
recreate
the
gateway.
So
for
now,
in
this
first
phase
we
did.
We
actually
didn't
change
any
crd
and
but
just
some
a
few
process,
so
we
changed
in
different
controllers.
F
The
from
user
perspective,
the
same
as
before
user
need
to
annotate
the
nodes
with
annotation
this
annotation,
and
as
long
as
the
nodes
has
this
annotation.
We
think
this
is
a
gateway
candidates,
so
it
can
become
a
active
gateway,
but
only
when
the
node
is
ready.
You
know
that's
when
we
create
the
node
so
inside
the
kubernetes.
F
It
may
not
ready
when,
even
when
you
already
annotate
the
note,
so
we
as
a
matte
class
controller
will
watch
the
node
readiness
and
make
sure
that
the
first
writing
note
with
this
annotation
will
be,
will
be
the
gateway
and
when
this
nodes
would
be
in
the
gateway,
then
the
gateway
cr
will
be
created
by
the
controller.
The
gateway
will
be
like
this
one,
and
so
there's
no
difference
as
before,
and
the
nodes
will
be.
F
The
the
gateways
name
will
be
the
same
as
a
node
name,
and
there
are
few
refinements
for
the
node
controller
and
the
gateway
controller.
The
first
part
is
we.
We
will
refine
the
note
controller
to
watch.
You
know
that.
Will
already
watch
the
note
event,
but
we
will
also
check
the
notes,
readiness
information
to
make
sure
that
we
will
take
different
actions
based
on
the
node
readiness.
F
So
when
suppose,
there
is
only
one
node
with
a
annotation,
then
the
controller
and
the
node
will
is
also
ready.
Then
controller
will
create
the
gateway
and
they
get.
You
will
see
the
gateway
cr
in
the.
If
you
use
a
couple
to
list
the
gateway
and
if
there's
any
new
nodes
becomes
a
gateway,
I
mean,
if
it
has
new
annotation
with
a
gateway
annotation,
then
it
will
become
the
gateway
candidates.
F
We
will.
The
controller
will
save
this
information
in
memory,
which
means
controller,
will
keep
these
candidates
and
understand
what
which
con,
which
should
how
many
nodes
will
be,
will
be
a
gateway
if
any,
no,
if
any,
existing
getaway
field.
F
So
if
the
new
nodes
becomes
a
gateway
candidate,
so
the
controller
may
may
didn't
take
any
action
to
adjust
the
save
like
as
like
gateway
candidates.
F
Wouldn't
the
you
know
that
we
have
a
gateway
cr
here
and
if
this
gateway
is
filled
and
it
becomes
not
ready,
then
our
controller
will
delete
the
existing
gateway
cr
and
it
depends
on
the
it
depends
on
the
gateway
candidates.
It
will
take
different
action
first,
if
the
gateway
candidate
is
not
empty,
then
our
controller
will
check
the
candidates
and
check
the
notes.
F
Readiness,
if
the
note
is
ready-
and
it
will
be
pick
the
first
one-
it
will
be
in
alpha
if
alphabetic
order-
and
it
will
pick
the
first
ready
one
to
create
the
new
gateway,
cr
and
yeah,
but
if
there's
no
gateway,
which
means
in
current
environment,
you
may
have
only
one
node
with
this
annotation
and
as
this
node
becomes
not
ready,
then
the
controller
after
the
controller
deletes
the
existing
gateway
cr.
The
controller
will
take
no
action
here,
because
there's
no
longer
available
nodes
to
be
the
gateway,
then
the
gateway
controller.
F
Then,
if
there's
any
empathy
update,
then
the
controller
will
just
update
it's
correspondingly,
for
example
the
notice
external
ip
or
internal
ip
changed.
Then
we
need
to
reflect
this
information
in
the
in
the
resource
export
in
the
later
cluster
and
when
the
gateway
is
delete
deleted,
then
the
gateway
controller
will
just
delete
this
kind
of
resource
exporting
the
lead
cluster.
F
So
it
will
be
simpler
than
current
implementation,
because
in
current
implementation
we
allow
multiple
gateway
being
created.
Then
we-
and
we
pick
up
the
last-
created
one
and
exported
the
last
graded
one
and
yeah
the
class
information
kind
of
resource
exports.
Actually
we
didn't
do
any
change
here,
so
it
will
kept
kept.
F
So
we
can
make
sure
that
we
only
have
one
active
gateway.
As
long
as
the
multi-class
controller
is
running,
it
will
check
that
if
there
are
any
new
getaway
creation
events
coming
to
make
sure
that,
if
there's
any
existing
gateway,
then
it
will
deny
the
request
to
create,
which
means
any
creation
will
be
filled.
F
F
A
Thanks,
it
all
makes
sense
to
me
it's
great
to
be
working
on
this.
Thank
you.
A
E
Right,
I
just
have
a.
I
just
have
a
quick
question:
is
there
going
to
be
any
traffic
breakage
in
terms
of
when,
when
actually
happens
like
when
one
node
dies
and
we
change
the
gateway
to
another?
What
what
about
you
know,
traffic
breakage?
How
do
we
handle
this.
F
E
Yeah
that
makes
total
sense
to
me.
I
guess
my
question
was
just
that
is
it
you
know
after
the
aha
takes
place
and
the
the
new
gateway
comes
up,
the
traffic
will
automatically
resume
working
in
that,
in
that
specific
case,
is
that.
A
All
right,
thanks
yank,
if
that's
all,
I
think
we
can
stop
the
meeting
here
and
I'd
like
to
thank
everyone
for
joining
and
I'd
like
to
thank
yanlan,
chan
and
nan
for
other
presentations
and
I'll
see
everyone
in
two
weeks.