initial support for labels #447
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #447 +/- ##
==========================================
+ Coverage 66.03% 66.11% +0.08%
==========================================
Files 94 94
Lines 6921 6948 +27
==========================================
+ Hits 4570 4594 +24
- Misses 2092 2094 +2
- Partials 259 260 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
docs/api.md
Outdated
| @@ -148,6 +148,7 @@ Following is the supported API format for network transformations: | |||
| type: (enum) one of the following: | |||
| add_regex_if: add output field if input field satisfies regex pattern from parameters field | |||
| add_if: add output field if input field satisfies criteria from parameters field | |||
| add_label_if: add output field to list of labels if input field satisfies criteria from parameters field | |||
There was a problem hiding this comment.
It's something we should have raised earlier as it also concerns "add_regex_if" and "add_if", but this doesn't look like a network-specific transformation, shouldn't that rather go in generic_transform?
There was a problem hiding this comment.
@jotak Should we do this in a separate PR? We would move add_if, add_regex_if, add_label_if to generic transform.
There was a problem hiding this comment.
yeah no problem with me to do that later
There was a problem hiding this comment.
@KalmanMeth if you can open an issue so we will not forget? This will be a "Breaking changes" one
There was a problem hiding this comment.
@KalmanMeth I see that the way you set the value in the code is labels[rule.Output] = rule.c --- can you extend the text to explain that output =key and Assignee=value
|
The code looks good, but is that part of the changes needed for multi-cloud? I don't really see how that will be used, can you elaborate on that? |
| labelsString := "" | ||
| for key, value := range labels { | ||
| tmpString := fmt.Sprintf("%s=%s,", key, value) | ||
| labelsString += tmpString | ||
| } |
There was a problem hiding this comment.
It may be more efficient to use strings.Builder for string concatenation.
See here for example:
https://stackoverflow.com/a/47798475
|
I think I get the intent finally but I'm not sure this is an optimal approach: basically (and correct if I'm wrong), what we'll need to do is to label every flow with some static labels (e.g: "siteid=foo") - I wasn't sure at first why it is "AddLabelIf, but I guess it must be conditional and set only if the source/destination is known to be in cluster - which, after k8s enrichment, can boil down to checking if a field such as SrcK8S_Name is set or unset. How would we configure this feature for that? {Type: api.OpAddLabelIf, Input: "SrcK8S_Name", Parameters: `!=""`, Output: "SrcK8S_Labels", Assignee: staticLabels},First thing - I haven't dig a lot in the evaluation library - the Second thing that is more a concern to me, is the performance impact implied by this evaluation library compared to a more specific implementation. Running some microbenchmarks calling To be honest I don't know how big of a difference that would be at scale, but given this rule would be applied on every flow I think we must try to optimize anyway. |
Do you think we should add a cache so we only have to perform each evaluation once, and then future identical comparisons will be obtained from the cache? |
|
@KalmanMeth at the moment I still don't see how that's going to be used in the context of k8s metadata labels, so it's hard for me to review/ answer. Especially I don't get what's going to be set in the "If" part of that filter. Can you provide an example? What I said in my previous comment was invalidated by this PR since it shows that we're adding cluster info unconditionally, hence without using this filter |
There was a problem hiding this comment.
@jpinsonneau @KalmanMeth The main question and value proposition for this "labels" approach is if we can search a subset of the key=value labels from the list using some Loki query capabilities. @KalmanMeth did you check that manually somehow? @jpinsonneau @jotak any inputs from your POV on that ( one thing I thought about was the wrap the labels with json curly brachets, but I am not sure if this is needed or will help )
docs/api.md
Outdated
| @@ -148,6 +148,7 @@ Following is the supported API format for network transformations: | |||
| type: (enum) one of the following: | |||
| add_regex_if: add output field if input field satisfies regex pattern from parameters field | |||
| add_if: add output field if input field satisfies criteria from parameters field | |||
| add_label_if: add output field to list of labels if input field satisfies criteria from parameters field | |||
There was a problem hiding this comment.
@KalmanMeth if you can open an issue so we will not forget? This will be a "Breaking changes" one
| @@ -81,6 +83,17 @@ func (n *Network) Transform(inputEntry config.GenericMap) (config.GenericMap, bo | |||
| } | |||
| outputEntry[rule.Output+"_Evaluate"] = true | |||
| } | |||
| case api.OpAddLabelIf: | |||
There was a problem hiding this comment.
@KalmanMeth this is an "expensive" operation and I envision that we will also want to add "static" labels so can you add another operation that is not with "if" but just a simple AddLabel operation?
docs/api.md
Outdated
| @@ -148,6 +148,7 @@ Following is the supported API format for network transformations: | |||
| type: (enum) one of the following: | |||
| add_regex_if: add output field if input field satisfies regex pattern from parameters field | |||
| add_if: add output field if input field satisfies criteria from parameters field | |||
| add_label_if: add output field to list of labels if input field satisfies criteria from parameters field | |||
There was a problem hiding this comment.
@KalmanMeth I see that the way you set the value in the code is labels[rule.Output] = rule.c --- can you extend the text to explain that output =key and Assignee=value
|
@eranra @KalmanMeth : Initially, here's how I would have seen a label mapper: Something that is part of kube enrichment, configured like that: - name: enrich
transform:
type: network
network:
rules:
- input: SrcAddr
output: SrcK8S
type: add_kubernetes
labelMap:
fromNode:
- match: "topology\.kubernetes\.io/.*"
output: NodeLabels
fromPod:
- match: ".*"
output: PodLabelsand for instance when applied to a pod that is running on a node that has the following labels: ... it would result in json: But tbh, while I think it would be nice to have that, I also see that it would come at a higher cost than labels statically added from the operator when they are supposed to be constant in a given cluster, such as the |
|
ie using the same "add_field_if_doesnt_exist" like here: https://github.com/netobserv/network-observability-operator/pull/386/files#diff-c761638f65b982f9ecf3717616920a5a3c0bb1670fd8ee7e9ab51afc4f166581R578-R580 ... but containing a string expression of some chosen labels instead of the cluster id |
KalmanMeth
force-pushed
the
add-labels
branch
from
d60fcfc
to
9f27b00
Compare
KalmanMeth
changed the title
|
I moved the add_labels to transform_filter, now that we have also moved the add_if etc to transform_filter. |
| RemoveEntryIfDoesntExist string `yaml:"remove_entry_if_doesnt_exist" json:"remove_entry_if_doesnt_exist" doc:"removes the entry if the field does not exist"` | ||
| RemoveEntryIfEqual string `yaml:"remove_entry_if_equal" json:"remove_entry_if_equal" doc:"removes the entry if the field value equals specified value"` | ||
| RemoveEntryIfNotEqual string `yaml:"remove_entry_if_not_equal" json:"remove_entry_if_not_equal" doc:"removes the entry if the field value does not equal specified value"` | ||
| AddField string `yaml:"add_field" json:"add_field" doc:"adds (input) field to the entry; overrides previous value if present (key=input, value=value)"` | ||
| AddFieldIfDoesntExist string `yaml:"add_field_if_doesnt_exist" json:"add_field_if_doesnt_exist" doc:"adds a field to the entry if the field does not exist"` | ||
| AddFieldIf string `yaml:"add_field_if" json:"add_field_if" doc:"add output field set to assignee if input field satisfies criteria from parameters field"` | ||
| AddRegExIf string `yaml:"add_regex_if" json:"add_regex_if" doc:"add output field if input field satisfies regex pattern from parameters field"` | ||
| AddLabel string `yaml:"add_label" json:"add_label" doc:"add (input) field to list of labels with value taken from Value field (key=input, value=value)"` | ||
| AddLabelIf string `yaml:"add_label_if" json:"add_label_if" doc:"add output field to list of labels with value taken from assignee field if input field satisfies criteria from parameters field"` |
There was a problem hiding this comment.
nitpick: some doc strings are written in imperative mood "add (input) field...", and some in present simple "adds (input) field...". Which is preferred?
No description provided.