►
From YouTube: GitLab Agent for K8s: Deep Dive into KAS and Agentk connection handling and tunneling requests
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
We
have
a
session
here
where
Mikhail
and
myself
briefly
go
over
or
briefly,
let's
see
how
briefly
we'll
be
I'll,
go
over
how
the
tunnel
Works
in
Cass
and
h,
k
in
a
sense
that
we
want
to
find
out
like
how
is
the
tunnel
registered?
A
How
is
it
on
registered
and
then
in
the
end
like
how
it's
used
by
the
modules
and
yeah
I
think
we
start
with
how
it's
registered,
how
it's
unregistered
and
then
maybe
in
the
next
session,
we
can
find
out
like
how
it's
then
being
used
for
module
like
the
proxying
module
for
kubernetes
API
calls
and
yeah
I
think
it
probably
makes
most
sense.
If
you
share
your
screen
Nicole.
What
do
you
think
and
then
I
think
like
we
can?
A
Maybe
we
can
start
with,
because
that's
also
important,
like
you
know,
if
we
only
have
let's
say
two
cast
instances
without
any
HMK,
they
need
to
register
themselves
as
well,
so
that
in
the
end
we
can
find
tunnels
right,
because
only
one
cast
instance
has
a
tunnel
to
a
specific
H
and
K.
So
whenever
there's
a
request
coming
from
a
user,
we
first
need
to
find
the
Gateway
cast
instance
throughout
for
right.
B
You
know
the
things
already
so
this
is.
There
is
this
document
which
is
yes,
quite
well
high
level.
It
is
up
to
date,
but
on
the
low
level
details
it's
outdated,
yeah,
but
it's
kind
of
the
diagram
that
was
there
from
the
day.
One
and.
C
B
C
B
These
are
these
two
are
connected
to
different
instances
and
actually
One
agent.
One
replica
can
be
connected
to
multiple
cast
instances
as
well,
because
it's
an
implementation
detail
how
TCP,
how
grpc
manages
CP
connections
and
it
can
automatically
PCP
connections
and
the
load
balancer
may
send
those
connections
to
different
custom
instances
so
yeah,
basically
any
number
of
replicas
connected
to
any
number
of
consequences,
or
maybe
to
the
same
one.
A
Yeah
I
mean
I
I,
read
this
document
and
also
there
at
the
at
the
very
bottom
of
this
there's,
also
like
a
more
detailed,
so
here
yeah
here
we
have
a
graph
for
a
call.
But
then,
if
you
go
further
down
even.
C
B
This
is
how,
in
it
any
client
in
this
case
it
says
public
API,
jrpc
server,
and
in
this
case
it's
client
is
Rayos,
because
this
is
only
exposed
to
rails,
but
it
can
be
the
kubernetes
API
proxy.
That's
part
of
cast
talking
to
this
thing,
so
it
accepts
an
HTTP
connection
and
within
the
same
program
talks
to
a
different
server
using
using
grpc,
and
then
all
this
Machinery
is
identical.
B
So,
for
example,
we
could
Implement
a
jrpc
API
on
this
server
to
I.
Don't
know,
make
a
certain
request
to
kubernetes
and
only
make
it
available
to
rails,
and
this
will
this
will
use
the
same
Machinery
as
a
kubernetes
proxy,
but
we
can
expose
them
different
way
or
help
any
logic
on
top
of
that
proxy
layer.
B
Also,
theoretically.
Well,
not.
Theoretically,
we
could
proxy
something
else,
not
necessarily
kubernetes
API
server.
Agent
K
could
talk
to
a
local,
well,
not
local,
to
anything
in
in
the
cluster
or
outside
of
the
cluster.
Maybe
even
and
then
we
can
process
that
and
make
it
accessible
inside
of
cast
and
then
somehow
expose
that
to
rails
or
even
to
develop.
Somehow
you
know.
C
B
If,
if
we
ever
need
this
feature,
that
such
feature
will
use
the
same
Machinery,
so
it's
basically
multiple
I
would
say
maybe
two
logical
layers.
This
reverse
panel
layer.
This
is
the
plumbing,
and
this
document
is
about
that
layer.
But
then
there
is
also
another
document,
and
that
document
is
the
I'm
going
to
just
share
access.
B
It's
the
first
feature
that
you
use
use
the
set
on
the
tunnel.
They
call
it
set
down
on
this
feature,
but
it
just
talks
about
kind
of
product
side
of
things
and
how
it's
how
it
works
from
the
user's
point
of
view,
and
now
here
it's
talk,
it
talks
about,
you
know,
allow
details
and
API
blah
blah
blah
and.
C
B
And
we
can
also
see
this
in
the
module
structure
for
others
who
are
watching
this.
A
more
almost
all
of
the
functionality
in
the
agent
and
the
agent
and
class
is
split
into
modules,
and
this
is
the
reverse
tunnel
module
the
first
document,
the
lower
layer-
and
this
is
the
communities
API
proxy
that
sits
on
top
of
this
architecture-wise.
You
know.
B
And
if
you
look
at
the
cost
side
of
things
here,
there's
a
like
it
looks
like
a
lot
of
stuff,
but
it's
actually
just
Plumbing
authentication
authorization,
blah
blah
blah
management,
cookies,
together
and
so
on.
But
this
is
the
thing
that
reads
and
sends
data
and
receives
and
responds
and
then.
B
B
B
B
B
This
requirement
is
this:
is
the
kubernetes
API
client
and
it's
we
are
calling
make
request
so,
okay,
what
what
are
we
talking
to?
What
is
the
server?
This
is
the
plan.
What
is
the
server?
Let's
go
there,
okay,
it's
being
passed
here
and
it's
the
factory
and
it's
the
grpc
connection,
clamp
connection
interface
and
okay.
So
where
is
it
connected?
What
is
it
connected
to
it's
coming
from
config,
and
this
is
the
connection
that
can
be
used
to
send
the
request
to
an
agent
K
instance.
B
If
you
need
to
provide
agent
ID
and
some
other
things,
but,
okay,
where
is
it
coming
from
it's
coming
from
agent
internal
server
in
memory
connection?
What
is
this.
B
That's
the
thing:
what
is
this?
It's
a
grpc
connection,
but
it's
connected
to
this
string
doesn't
matter
it's
just
readability
Bible,
because
we
use
a
custom
dialer
and
what
is
this?
It's
a
listener
and
dialer.
So
it's
a
thing
that
is
basically
in
an
in-memory
pipe
between
do
not
well,
it
gives
you
an
accept
as
a
listener
would
and
gives
you
at
the
context
as
a
diagram
would
so
you
have
to
go
routines,
one
except
incoming
requests
to
connect
and
another
one
can
connect.
B
B
C
B
B
What
what
what
is
This
Server?
It's
an
internal
in-memory
server
that
within
used
to
to
some.
B
We
should
use
it
somewhere,
yeah,
okay,
we
use
the
would
use
it
for
request
routing
and
this
is
creating
new
router.
So.
B
B
B
Yeah
here
it's
not
a
user
interface
or
not
side
job,
it's
a
good
love
as
a
plant,
but
they
it's
actually.
You
know
cubicity
or
in
NCI,
for
example,
or
help
or
whatever
UI,
making
a
request
to
kubernetes
and
but
again
here
it's
not
explosive,
realistic.
It's
exposed
us
just
hrpc
endpoint.
That
does
this
certain
thing
yet
list
of
running.
A
C
B
A
B
B
Is
the
server
pass
talk
store,
so
we
have
routing
costs
and
Gateway
cars.
Routing
class
is
the
cast
that
accepts
a
request
from
a
client
which
can
be
that
class
as
well
or
can
be
something
else
doesn't
matter.
It's
the
low
level,
lower
layer,
lower
level
layer,
so
this
crackle
is
something
that
one
stock
says
and
API
endpoint
on
the
agent.
The
whole
purpose
of
this
lower
level
layer
is
to
expose
grp
scene
points
on
the
internal.
C
B
It
does
know
that
it's
actually
talking
to
any
memory
server,
which
is
then
proxied
to
another
cast,
and
then
let's
go
into
the
agent.
So
there's
like
several
hops,
it's
working
with
this
climate,
grpc
client,
as
if
it's
just
working
with
the
agent
directly.
That's
the
whole
point
of
this
to
hide
all
this
routing
complexity.
B
So
internal
server
is
what
accepts
requests
to
be
routed
to
the
agent.
Then
it
sends
them
to
private
JPC
server
on
that
same
Customs
or
on
the
other
past
instance,
but
conceptually
let's,
let's
just
say
there
are
two
separate
instances,
so
we
have
a
routine
class
and
Gateway
cast
and
because
we
have
to
name
them
somehow
right
so.
C
B
A
And
what
does
cancer
mean?
Is
it
just
because,
let's
assume
that
I
have
an
agent
that
has
two
replicas
they're
connected
to
different
kind
of
different
casts
and
both
are
Gateway
cases
they're,
not
the
routing
casts
which
Gateway
Cass
would
it
does
it
prefer
one
of
those
or
does
it
just
connect
to
the
first
one
it
finds
or
how
is
that
working.
B
C
B
It's
called
connection
registry
here,
but
now
I
think
it's
called.
It's
called
I'm
not
register
something
like
that.
So.
A
B
B
B
This
routing
class
is
also
a
Gateway
class.
Yes,
so
first
thing
it
does:
it
actually
connects
to
it
its
own
private,
JPC
server.
That's
what
is
this
thing
does
and
then
well,
there's
like
if
you
need
automatic
here.
Basically
that
goes
through
different
transitions,
but
it
it
tries
different
because
instances
and
it
also
keeps
sporting
radius
for
new
URLs
to
connect
to
for
this
agent,
ID,
okay
and
then
eventually,
well,
not
eventually,
but
it
connects
to
one
and
it
can
immediately
reply.
I
have
no
ton
of
this
agent
ID,
but
I
will
keep
looking.
B
A
C
C
B
All
right
and
how
many
TCP
connections
are
used
is
up
to
grpc.
Okay,
I
think
it's
actually
typically
just
one
connection
to
a
single
IP
but
I
guess
if
we
had
more
IPS
exposed
because
the
club
casket
lab.com
is
behind
cloudflare,
so
you
always
kept
a
single
IP
with
the
Cloud
Player
as
far
as
I
know,
and
because
of
that
I
guess,
because
JPC
just
opens
a
single
HP
connection
because
it
just
doesn't
need
more
connections,
but
if
we
had
more
IPS,
maybe
it
would
do
more.
B
C
B
It's
logics
at
least
once
yeah,
so
this
is
the
where
we
in
a
separate
Gore
routine,
try
to
connect,
be
with
back
off,
to
connect
to
to
cast
this
particular
URL
and
then
open
a
new
stream
and
yeah
wait
wait
for
a
reply
either.
It's
not
no
tunnel
message
say
this:
basically,
a
way
for
the
gate
request
to
tell
this
articles
that,
but
he
immediately
that
hey
you're
asking
about
this
I,
don't
know
you're
asking
if
I
have
a
tunnel
with
this
agent
ID,
but
I
have
no
talents
right
now,
but
assistant.
B
Or
that
tunnel
has
been
used
already
or
any
other
reason,
but
it
just
says:
I
have
no
connection
right
now
at
this
very
second,
but
once
it
gets
a
connection
if
it
ever
gets
that
connection
from
an
agent
it
will.
This
is
still
this.
One
is
still
waiting
here,
so
it
will
immediately
say:
hey
I,
have
it
done
already
so.
C
B
B
Yeah
not
one,
but
first
this
or
that
okay,
because
you
see,
if
we
get
done
already,
we
return
that
Sentinel
error
value.
So
here
if
we
see
that
same
thing
value,
we
just
know
that
this
was
just
returned
from
here,
so
that
this
visit
returns
from
the
call.
Basically,
it's
a
way
to
make
it
exit
that's
visible,
and
then
we
just
fall
through
because
it's
unexpected
error.
We
do
this
on
purpose.
C
B
B
B
Actually,
grab
a
local
mutex
check
that
we
are
the
first.
If
some
other
girl
routine,
has
already
started
streaming
to
a
different
class
instance,
then
this
would
be
set
already
if
it,
if
it
is
that
we
will
return
if
it's
not
set,
then
we
still
we're
still
holding
in
the
Box
here
below
we
send
the
connection.
Send
the
message
saying:
I'm
starting
streaming
to
you,
like
routing
cost,
sends
a
message
here
from
the
internal
server
to
this
private
server.
Saying
I'm
I'm
going
to
send
you
the
real
request,
yeah.
B
And
in
that,
when
this
receives
it,
it
actually
starts
changing
data
to
that
to
Agent
K
via
that
reverse
tunnel,
because
before
that
it
didn't
actually
use
anything,
no
data
has
been
sent
to
Agent
K.
It
just
said
it
just
took
the
connection
from
the
pool
that
establish
a
tunnel.
He
took
it
from
the
pool
it
it
was.
It
said,
I
have
one
for
you,
but
then
this
can
just
abort
right
because
it's
it
found
the
connection
somewhere
else
already.
B
C
B
B
B
C
B
Whichever
response
first
yeah,
we
will
use
that,
but
we
don't
immediately
connect
to
all
of
them.
That
would
be
wasteful.
Like
imagine,
you
have
I
mean
we
are
running
18
instances
of
caste
in
production
before
each
request.
We
connect
to
all
class
instances
that
will
be
70
dollars,
yeah.
Basically,
so
that's
why
we
have
already
seen
the
first
place
with
pass
URLs
per
agent
ID
so
that
we
look
up
which
class
instances
have
a
tunnel
right
now
for
this
agent
age,
and
then
we
connect
only
to
well.
B
B
Mean
just
it's
two
objects
in
memory:
ones
writing
another
one.
Taking
that
data
and
doing
something
with
reaching
it.
You
know
and
doing
something
else,
so
we
are
connecting
all
to
our
to
our
own
private
server
always,
but
then
we
wait
for
like
a
state
machine
here
we
wait
for
No
tunnel
and
then
it
tries
next
class,
so
we
yeah.
This
is
the
cash
list
of
URLs
that
we
know
for
this
agent,
ID,
yes,
and
so
we
we
try
the
next
one,
and
this
is
where
we
are
starting.
B
Go
routines
for
this
URL
we
will
start
ever
go
routing
for
the
zero
if
we
haven't
started
aggregate
for
it
already,
and
this
thing
is
what
I
just
showed
you.
This
method
that
is
in
a
loop
tries
to
connect,
because
sometimes
you
can't
even
connect
right
and
then
once
you
have
connected
you're
waiting
here.
C
B
Here
we
are
also
boiling
it's
in
a
separate
growth
in
somewhere
here
yeah,
if
not
satin,
bowling
we're
also
starting
polling.
This
that's
a
separate
goroutine
and.
C
B
C
B
Where
is
it
this?
We
are
going
to
see
if
we
need
to
try
another
Customs
yeah.
C
A
Okay
and
the
red
is
like
you
know
connecting
through
this-
is
implemented
in
this
tunnel
querier,
like
that's
the
only
point
where
we
yeah
yeah
here
and
then
the
polling,
which
will
populate
the
urls,
where,
like
for.
A
B
Out
we
assign
it
to
this
variable
this
variable,
it's
just
a
list
of
strings
with
three
arrows
and
we
use
that
variable.
You
see,
we
don't
Define
a
new
variable
here.
We
are
mutating
rest
area
assigning
this
variable
and
this
closure
uses
that
here
and
we
are
looking
through
it
and
seeing
if
we
are
connected
to
it
already
then
continue.
If
we
are
not
connected,
we
are
trying
it
and
return
from
log.
B
A
And
this
is
we
only
like
this
code
here
is
per
request
that
we
want
to
make.
B
A
B
B
B
A
What's
the
period
period
is
that
like
seconds
or
minutes
or.
A
And
if,
like
you
know,
if,
if
one
connection
is
ending
up
here
and
like,
is
this
expiration
date
being
updated
by
someone
in
case,
the
tunnel
is
still
active
or
does
it
always
expire?
And
we
always
have
to
like
recreate.
B
It
well,
we
have
used
up
the
tunnel,
there
is
no
more
tunnel
if
we
picked
it
up,
sent
the
request
and
got
the
reply
and
closed
everything.
That's
it
I
know
it's
done.
The
agent
establishes
a
new
one.
Well,
it
has
up
to
five
hundred
thousands
of
them.
Those
ensures
that
it
has
a
at
least
some
number
open.
B
B
B
Surprisingly,
what
kind
of
aggregation
imagine
you
have
as
it
typically
is?
How
and
or
maybe
Cube
still
that
does
Discovery
concurrently
and
that's
dozens
of
concurrent
requests
on
the
same
agent
I
did
and
if
we
don't
have
it
in
the
cache,
what
is
going
to
happen?
We
are
going
to
start
I,
don't
know
20
polling
guarantines
and
they
will
eventually
find
the
title
and
everything
but
whiteboard
already.
B
You
know
20
from
20
gold
routines.
If
you
can
only
actually
need
this
data
one
time
right.
So
that's
what
it
does.
It
duplicates
the
data
and
the
polling.
Basically
that's
what
this
that's,
why
it's
called
maybe
start
boiling
and
maybe
stop
boiling
because
yeah.
If
we
are
the
first
to
look
for
this
agent
ID,
we
will
start
polling
and
if
you
are
the
last,
we
will
stop
boiling
and
once
we
get
data
we
call
the
Callback
but
the
polling.
Actually
you
see
it
gets
a
listener
object
for
this
agent
ID.
B
B
So
so
far
we
saw
how
we
looked
at
the
proxy.
Just
to
recap,
we
looked
at
the
community
by
proxy,
which
uses
the
JPC
client
JPC
client
to
talk
to
well,
this
diagram
doesn't
apply.
It
uses
the
client
to
talk
to
internal
here.
I
was
imagining
that
we
will
use
the
chair,
PC
server
and
the
PC
client
to
like
real
stocks
to
that
class
to
do
make
a
request,
but
ins.
Instead
of
that
we
have
an
HTTP
server
here,
and
this
is
let's
say:
Cube
CTL.
C
B
Cube
CTL
back
into
HTTP
server,
and
that
is
the
HTTP
server.
It's
currently
pay
proxy
and
it
makes
a
request
to
the
internal
server
and
use
that
plant.
That
thing
looks
for
air
cast
instance,
that
has
a
tunnel
with
this
agent
IGN
A1.
That
actually
has
that
service
and
the
method
implemented,
which
is
grpc's
servicing
method
yeah.
But
we
only
have
one
for
this
for
this
one,
which
is.
B
This
is
the
governance
API
that
agent
exposes,
and
it
has
only
one
well.
This
is
called
service
and
this
is
called
method,
so
it's
got
only
one
method
with
that
accepts
a
stream
of
requests.
Well,
it's
a
single
request,
but
it's
just
contains
multiple
consists
of
multiple
messages
like
headers
body
body
and
then
trailers
or
an
error
yeah.
So
it's
a
stream
of
messages
and
then
the
stream
of
responses
as
well.
B
And
so,
basically,
when
we
are
looking
for
the
agent
connection,
the
tunnel,
we
are
not
only
looking
for
the
agent
age,
we
are
also
looking
for
the
service
and
method,
and
this
filtering
is
done
somewhere.
I,
don't
remember
where,
but
it
yeah
it
stands
somewhere
in
the
router.
Probably,
why
is
this
important?
It
is
important
because
suppose
you
want
to
add
a
new
new
method
here
to
I,
don't
know
or.
B
B
B
Android
piece
API
or
HTTP,
socket
members
or
whatever
two
rails
or
two,
an
external
consumer.
B
B
B
So
this
is
the
module
for
the
reverse
tunnel,
the
agent
module
for
the
reverse
tunnel.
So.
C
B
C
B
B
B
It's
a
list
of
services
and
each
service
has
a
name
and
a
list
of
Methods.
At
least
each
method
has
a
name
yeah
I
thought
we
can
add
more
views
here.
So
that's
why
it's
a
separate
message.
This
is
just
a
list
of
strings
yeah
again,
if
you
later
want
to
attach
some
net
information
we
can
but
yeah.
This
is
what
is
sent
with
each
tunnel
to
cast
and.
A
C
B
A
C
B
So,
first
things:
first,
we
start
the
minimum
number
why
the
connections?
What
do
we
need-
and
it's
just
definitely
basically
that
ensures
that
there
is
at
least
minimum
number
of
Connections
in
a
mobile
number
minimum
number
of
connections
in
the
idle
State
yeah
and
it
switches
switches
them
between
either
active
radioactive
and
then
stopped,
and
this
just
transitions
in
that
automata.
Basically
on
idle
transitions
from
that
to
that,
and
so
on
and.
B
To
detect
incorrect
code
and
to
detect
incorrect
usage
of
the
API.
Well,
it's
the
same
thing,
but
also.
B
And
that's
that
was
the
best
way
to
do
this,
to
just
duplicate
it
like
that.
Okay-
and
this
is
the
connection
manager,
but
it
doesn't
know
anything
about
the
connection.
Apart
from
it,
manages
the
number
of
connections
yes
and
it
gives
a
connection
which
is.
C
B
A
B
A
B
Oh
okay:
let's
look
at
that
connection,
so
so
it's
That's
The,
Connection
Manager.
It
accepts
a
factory
and
that's
the
fact
that
it's
just
a
function
that
creates
that
connection
and
that
connection
has
a
run
and
there's
a
loop
with
back
off
and
it
drives.
B
And
then,
if
there
was
no
error,
it
continues
immediately.
So
immediately
makes
another
attemptive
connection
has
successfully
processed
request
or
whatever.
Oh
it's
all
good.
We
continue
immediately.
If
there
was
cancellation
or
timeout
will
continue
immediately.
Anything
else.
Any
other
error
we
back
off.
So
we
stop,
we
don't
have
our
class.
Basically,
if
we
get
an
error,
we
slow
down.
A
B
I
know
on
the
server
side
like
conceptually
the
grpc
request
stream
is,
is
done,
there's
no
more
stream.
There
is
no
matano
yeah.
So
this
can
this
connection.
Object
is
still
there.
Yes
and
it's
it's
gonna,
try
again
so
I
guess
there
is
a
difference,
makes
this
grpc
request,
which
is
by
the
way
we
can
look
at
the
product
definition.
All
this
thing,
you
see
it's
quite
quite
big.
C
B
B
A
B
B
C
A
Okay,
but.
C
I
100.
A
Sure,
if
I
understood
correctly
about
this,
when
a
tunnel
is
being
close,
so
he
said,
there's
a
limit
of
500
connections
or
tunnels,
and
if
you
know
in
the
beginning,
we
have
two
tunnels,
then
two
are
being
used.
We
scale
up
by
10
and
then
no
more
tunnels
are
being
used
or
all
the
you
know.
The
connections
have
been
finished.
A
I
I
before
I
saw
this
code.
I
thought
I
thought
that
it
will
go
back
to
two,
but
that
doesn't
seem
to
be
the
case
right.
It
will
stay
up
at
you
know
whatever
it's
scaled
up
to
and
eventually
it
will
reach
500
and
never
scale
back
down.
Basically,
is
that
correct.
A
A
B
On
maybe
one
more
TCP
connections-
I,
don't
know
how
many
interpreci
happens.
So
what
is
that
33
in.
B
B
We
started
in
a
go
routine,
but
then
we
give
it
two
contexts.
Yeah.
C
B
B
A
B
B
B
A
B
Okay
makes
sense,
yeah,
so
I
do
to
idle
transition,
it
means
we
are
idle
and
then
we
are
either
again
and
and
time
has
passed
already
and
we
cancel
polling
here.
So
this
is
executed.
Synchronously
here,
I
didn't
differ
and
that
attempt
goes
out
of
the
loop
here
continue
immediately,
but
Paul
will
check
the
context
and
we
have
just
canceled
it.
So
this
is
here
continuing
the
jumps
to
this
Loop
and
it
checks
the
done
so
this
will
immediately
exit.
C
A
C
A
C
A
B
C
C
B
The
future
we
could
add
more
information
here
if
we
need
to
yeah
like
not
just
that
we
do
not
have
any
versioning
information,
so
we
cannot
make
break
backwards
compatibility,
but
we
can
always
introduce
new
methods
or
extend
existing
methods
in
the
backwards
compatible
way
yeah,
and
we
can
always.
B
It
is
safe
to
call
a
method,
and
then
this
all
this
Machinery
will
handle
the
case
where
the
method
is
not
present,
nothing
will
blow
up.
We
will
just
wait
until
an
agent
shows
up
with
with
that
method,
implemented
yeah.
If
the
customer
is
running
an
old
version
that
doesn't
have
this
method
well,
they
will
get
them
there.
They
can't
do
anything
but
yeah.
B
A
B
A
A
Yeah,
if
you
have
to
call
this
connection,
the
struct
here
tunnel
then
like
what
is
yeah.
A
B
Yes,
we
just
wait
for
cast
to
send
us
the
request
before
and
that
will
contain
the
information
at
that
stage.
We
transition
to
active,
because
we
got
a
request
that
we
need
to
proxy,
no,
not
proxy,
sent
to
it's.
Also
an
internal
grpc
server.
How
to
internal
grpc
servers,
one
task
and
one
in
agent.
They
are
not
the
same
thing.
Obviously
it's
here
right,
so
we
here
we
we
got
a
request
and
we
need
to
make
that
request
to
that
server.
A
B
So
this
is
a
client
connection.
Well,
as
you
can
see,
do
this
in
terms
of
your
business
or
it
is
also
in
a
memory
similar
to
what
I
showed
you
Pro,
identical
to
what
I
showed
you
in
incast.
This
is
the
same
same
thing
in
a
memory
pipe
between
the
client
and
the
grpc
server
and
we
yeah.
We
are
making
an
RPC
through
that
pipe.
C
B
C
B
C
B
These
are
callbacks
or
the
mess
in
a
one-off
field.
Let's
just
look
at
the
concrete.
B
This
it's
a
state
machine
recorded
in
the
these
are
called
annotations.
I.
Think
sorry,
let's
look
at
the
request
we
have.
First
is
the
descriptor
second
header.
This
is
everything
that
the
last
standard
thing.
B
C
B
C
B
B
So
visitor
basically
goes
through
messages
a
few
in
that
one
of
and
cause
these
callbacks,
depending
on
which
one
which
field
is
set
in
one
of
so,
if
it's
the
first
field,
which
is
the
request
before
requested
for
number
one
number
one,
this
callback
is
called
with
that
requested
before
you
can
also
see
the
types
here.
B
It
was
really
really
convenient
to
have
all
that
I
mean
the
purpose
of
this
whole
stream,
visitor
is
to
enforce
the
correct
Behavior.
So
we
we
Define
what
messages
can
can
go
in
what
order
and
in
the
protofile
using
this
automata,
and
then
it
is
enforced
by
that
visitor.
Basically,
when
reading
from
the
Stream-
and
this
visitor
is
used
not
only
here
in
a
lot
of
places
actually
and
it's
it's
defined
in.
C
B
B
C
B
Yeah,
it
was
very
convenient
from
the
beginning
to,
instead
of
in
each
Place
tracking,
the
state
of
okay.
I
got
this
message
now
that
next
valid
one
would
be
this
or
that
and
imagine
doing
that
in
in
all
the
places
or
just
trusting
the
client.
That
client
runs
on
the
customer
machine.
It
can
send
you
garbage
and
I,
don't
know,
correction
code
if
your
code
is
not
defensive,
so
this
is
bulletproof
defensive.
B
B
A
B
So
if
we
have
the
ideas
that
once
we
have
started
handling
a
request,
you
don't
want
seek
term
to
the
agent
to
start
on
the
you
know,
abort
everything
we
want
this
request
to
finish
gracefully.
Then
we
exit.
B
It
just
starts
to
go
routine
that
listens
to
to
that
context,
but
if,
if
we
were
told
to
stop
so
if
context
is
canceled,
it
propagates
the
cancellation
to
that
internal
thing.
But
if
we
stop
the
algorithm
stops
and
it
stops
propagation,
it
doesn't
cancel.
The
other
context
is
it's
a
way
to
connect
to
contacts
and
break
the
connection?
If
you
want
to
break
the
connection
between
them,.
C
A
A
B
Yes,
let's
go
and
look
for
where
this
is
coming
from.
It's
coming
from
the
factory
factory
got
it
from
here,
and
here
we
got
it
from
here
internal
server
connection,
and
here
we
got
it
from
there.
B
Comes
from
this
file
up
internal
server,
and
that
is
that
con
and
again
you
see
this
the
same
pattern.
We
have
that
listener.
That
is
both
a
dialer
and
a
listener.
We
use
in
the
client
Construction
again
pipe
as
the
dialer
and
we
use
that
listener
here
as
a
listener,
and
we
use
it
as
a
listener
for
that
server
and
that
server
is
this
this
server,
so
we
have
a
client
connected
to
the
server
via
any
memory
pipe
and
that
server
that
server
we
put
it
in
that
field.
Here,
oh,
that's
track!
B
A
Think
I'm
missing
is
we're
like
we
sent
the
information
about
the
like
the
agent
descriptor
with
the
service
name
and
the
method
name.
Where
does.
B
C
C
B
B
Click
the
wrong
thing
here:
this
is
the
Cuban
CPI
agent
Factory,
and
that's
what
it
does
it
registers
that
server
on
that
server.
B
B
B
Communities
API
server.
B
All
right,
let's
keep
that
again.
Client
climbed
yeah
she's,
doing
that
even
CPA
client
make
request
here
in
this
file
in
the
server
module
on
the
agent.
But
it's
it's
calling
this
fun
this
method
in
the
agent.
Basically,
all
of
that
Machinery
is
to
call
that
function
somewhere
on
a
different
computer,
basically
yeah,
and
what
this
function
does.
A
Okay,
I
think
I
think
it's
it's
clear
so
far,
I
think
the
only
major
thing
that
we
haven't
touched
on
is
how
an
agent
is
being
registered
or
persisted
to
read
this,
and
these
you
know
the
this
tunnel
registry
code.
I
think
it
is
that
you
know
once
we
connect
it
to
once
a
connection
or
tunnel
from
h.
K
connects
to
Cass
Cass
will
persist
that
in
redis
and.
C
B
That
is
the
agent
descriptor
again,
it's
good
to
wrap
messages
like
this
because
sensibility,
we
cannot
think
so
yeah
yeah
and
then
that
descriptor
goes
into
that
tunnel
and
then
we
register
Tana.
B
By
the
way,
this
is
where
we
are
looking
for
requests
that
are
looking
for
a
tunnel
to
this
agent.
Id
find
the
requests
by
agent
agency.
If
we
have
an
out
an
incoming
requests
where
some
other
classes
waiting
for
a
tunnel
for
this
agent
engine
and
this
agent
ID
satisfies
that
request.
It
supports
the
servicing
method.
B
B
B
C
C
B
A
B
B
This
panel
register
uses
another
right
and
right
interface,
register
and
unregister
mutative
operations
and
the
router
uses
the
read
interface
when
it's
looking
for
us
looking
for
panels,
looking
focus
with
the
planners,
so
we
have
two
interfaces
implemented
by
a
single
thing
and
it
has
all
the
state
and
memory,
but
also
it
has
it
uses
that
tracker
too.
B
Yeah,
this
is
what
we
were
looking
at
yeah.
This
is
yeah,
what's
used
to
register
data
in
radius
register
tunnel,
and
this
is
again
Reds.
So
this
was
done
now
registry,
and
this
is
a
registracker.
C
C
B
B
So
we
don't
have
sets,
we
have
well.
Actually
it
does
have
sales,
but
we
have
a
hash
Implement
implemented
with
the
garbage
collection
and
this
expiration.
So
we
use
that
here-
and
this
is
where
this
is,
what
it
is
expiring
hash
and
it's
a
by
agent
IG
we'll
we
look
up.
It's
actually
not
a
single
level
hash.
It's
a
two
level
hash
right.
So
we
look
up
the
correct
hash.
Internet
is
by
agent
ID
and
inside
of
that
hash.
B
B
We
could
actually
have
used
enough
stats,
but
we
already
have
expiration
implemented
for
the
hash
and
we
use
Flash
in
other
places.
So
we
just
use
the
hash
here
with
an
empty
value,
which
is
the
same.
Basically
as
I
said,
and
as
an
optimization
this
field.
What
is
it
for?
It
counts.
The
number
of
times
register
was
called
for
this
agent
ID.
C
B
B
So
we
just
only
need
to
put
it
there.
One
time
doesn't
matter
how
many
times
we
have.
We
just
need
to
put
it
there,
one
time
to
say:
I
have
tunnels
for
this
agent.
Id
send
me
requests
and
that's
why
we
have
that
optimization.
We
it
used
to
actually
track
every
panel
in
radius.
That's
we
don't
need
that.
It's
it's
a
waste
of
CPU
and
network
and
memory.
You
just
need
to
register
a
PC
URL
or
this
ID
one
time
and
unregister
it
one
time
when
there's
zero.
So
that's
what
you're
doing
incremented!
B
Just
decrements
it
and
yeah
and
the
real
interface,
which
is
which,
which
is
what
we
saw
in
the
router,
remember
it
has
the
Euros
by
agent
ID
yeah
it
just
scans
that
hash
and
for
for
keys
in
the
hash.
Look,
it
doesn't
look
at
the
valley
at
all.
You
see
this
cover
doesn't
use
that.
C
B
B
A
A
B
It
for,
let
me
explain,
let
me
explain
so
when
an
agent
came
a
replica,
iPod
starts
it
well,
it
always
has
the
get
configuration
connection,
no
cost
yeah.
Each
replica
has
only
one
get
configuration
connection,
so
by
counting
get
configuration
we
can
count
the
number
of
connected
ports,
and
this
is
actually
a
metric
that
we
use.
We
also
have
another
method
that
bounce
unique
agent
IDs
by
using
has
some
radius
and
reading
that
from
the
hash
we
have
that
on
the
dashboard.
So
this
agent
tracker
is
what
registers
such
Connections
in
the
radius.
B
I,
don't
remember
what
what
this
is
for,
but
when
we,
when
you
go
to
the
UI
and
open
the
agents
list,
you
see
that
some
are
green
and
summer.
Read
connect
not
connected
a
UI
asks
rails
about
connected
agents
and
rails
asks
cast
by
calling
one
of
his
via
RPC,
because
we
have
that
server
here
yeah.
So
this
is
called
by
cast
to
find
find
out
which
one
is
connected
to
which
one
is
not.
So
we
need
to
rework
that
to
send
more
information
and
we
should
stop
up
using
the
get
connection.
C
B
C
C
B
C
A
Okay
and
in
terms
of
like
TCP
connections
or
you
know,
grpc
connections,
if
you
know
this,
this
module
here
is
open.
Opening.
This
get
configuration
call
so
there's
like
one
Connection
open
the
reverse
tunnel.
You
know
it
does
another
one.
A
Yeah
this
one
not
but
I
mean
in
general
or
if
the
you
know,
the
get
Ops
repo
is
opening
a
connection
to
Cass
to
fetch
updates
of
objects.
Do
they
use
separate
like
TCP
connections,
or
is
this
all
the
same
connection
from
an
agent.
A
A
One
agent
replica
has
one
crpc
connection,
which
may
in
many
modules
may
use
this
like
the
reverse
tunnel,
DHL
tracker,
whatever
okay,
yes,
okay,.
B
Somewhere
construct
class
connection
here
we
go
options,
blah
blah
blah,
and
then
we
either
wrap
it
in
web
sockets
or
not
and
surprised
our
context.
That's
what
establishes
that
connection
yeah
and
it
it
returns.
Client
con.
C
B
C
B
C
C
A
Okay,
cool
yeah
I
learned
a
lot
from
this.
It
was
quite.
C
B
A
Yeah
very
nice,
very
nice
I'll
check
the
docs
once
again
to
see
if
anything
doesn't
match
to
what
we've
seen
in
the
last.
You
know,
I,
don't
know
how
long
it
was
an
hour
or
more
almost
two
hours
and
update
the
docs
if
there's
anything
wrong,
yeah
cool.
A
Me
it's,
we
can
stop
here.