NETOBSERV-1298: include duplicate list in the exported record

[msherif1234]

Description

create duplicate list which contains interface name and direction pairs so we can
avoid sending duplicate flows

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

[openshift-ci-robot]

@msherif1234: This pull request references NETOBSERV-1298 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

In response to this:

Description

create duplicate list which contains interface name and direction pairs so we can
avoid sending duplicate flows

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (06f4492) 33.38% compared to head (0f53015) 33.62%.

Files	Patch %	Lines
pkg/exporter/proto.go	20.00%	10 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #217      +/-   ##
==========================================
+ Coverage   33.38%   33.62%   +0.24%     
==========================================
  Files          39       39              
  Lines        3463     3494      +31     
==========================================
+ Hits         1156     1175      +19     
- Misses       2241     2251      +10     
- Partials       66       68       +2     

Flag	Coverage Δ
unittests	33.62% <66.66%> (+0.24%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jotak]

Thanks @msherif1234 , sounds good to me on the deduper side!
Then the protobuf will have to be updated accordingly

[github-actions]

New image:
quay.io/netobserv/netobserv-ebpf-agent:8f2f1bc

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=8f2f1bc make set-agent-image

[jotak]

We need to discuss about what's the best model here to have, regarding the loki querying side too

At the moment I don't think our json maps have other value types than strings or numbers, so arrays would be something new here.

In the JIRA description I was suggesting a single field, such as "TraversedInterfaces" for both interface+direction, in the form of ["genev/0", "abc1234/1"], but this isn't perhaps a better solution and is still an array.

Another option could be coma-separated strings instead of arrays, which perhaps would be easier to manipulate in queries with regexp. And also regarding the column displays.

@jpinsonneau any thoughts / preference here?

[jotak]

Also, to avoid ambiguity and redundancy, I think we could remove FlowDirection & Interface (singular) when the plural form is defined? (and vice-versa)

[jpinsonneau]

As soon as we will not need the deduplication mechanism on loki side anymore, we can get rid of FlowDirection label and Interface field indeed.

What would be the issue with JSON arrays for each of these then ?
If the JSON value is:

{
  "FlowDirections": [0,1],
  "Interfaces": ["eth0","br-ex"],
  ...
}

Regexes could be the following:

"Interfaces": \[.*"br-ex".*\]

to match only br-ex interface.

"FlowDirections": \[.*0.*\]

to match only ingress.

I don't think we need to cover exact match here since there is no overlap between Interfaces names or FlowDirection numbers 🤔

[jotak]

I don't know what the problem could be with arrays, I'm asking because I guess new implementation is needed with the configurable fields both for filtering and for column display, whereas I guess we already have this in place for strings

[jpinsonneau]

Yes there is a bit more to manage on query side but that's fine to me.
Internally we already bind arrays to column value function so I'm confident on the web side.

[jotak]

ok ... anyway we can still change that later if we find this isn't ideal on consuming side

[jotak]

/lgtm

[jotak]

/lgtm

[msherif1234]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msherif1234

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [msherif1234]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment