Support antctl in the flow aggregator

[yanjunz97]

This commit supports antctl in the flow aggregator pod. It supports three commands only running locally inside the flow-aggregator container.

1. Showing or changing log verbosity level: The antctl get log-level command works the same as the one in antrea-agent or antrea-controller.
2. Dumping flow records: The antctl get flowrecords [-o json] command can dump all matched flow records. The command provides a compact display of the flow records in the default table output format. Using the json or yaml antctl output format can print more information of the flow records. The command supports the 5-tuple flow key or a subset of 5-tuples as a filter. A 5-tuple flow key contains Source IP, Destination IP, Source Port, Destination Port and Transport Protocol. If the filter is empty, all flow records will be dumped.
   Example outputs of dumping flow records:

$ antctl get flowrecords --srcip 10.10.0.1 --srcport 50497 -o json
[
  {
    "destinationClusterIPv4": "0.0.0.0",
    "destinationIPv4Address": "10.10.1.2",
    "destinationNodeName": "k8s-node-worker-1",
    "destinationPodName": "coredns-78fcd69978-x2twv",
    "destinationPodNamespace": "kube-system",
    "destinationServicePort": 0,
    "destinationServicePortName": "",
    "destinationTransportPort": 53,
    "egressNetworkPolicyName": "",
    "egressNetworkPolicyNamespace": "",
    "egressNetworkPolicyRuleAction": 0,
    "egressNetworkPolicyRuleName": "",
    "egressNetworkPolicyType": 0,
    "flowEndReason": 3,
    "flowEndSeconds": 1635546893,
    "flowStartSeconds": 1635546867,
    "flowType": 2,
    "ingressNetworkPolicyName": "",
    "ingressNetworkPolicyNamespace": "",
    "ingressNetworkPolicyRuleAction": 0,
    "ingressNetworkPolicyRuleName": "",
    "ingressNetworkPolicyType": 0,
    "octetDeltaCount": 99,
    "octetDeltaCountFromDestinationNode": 99,
    "octetDeltaCountFromSourceNode": 0,
    "octetTotalCount": 99,
    "octetTotalCountFromDestinationNode": 99,
    "octetTotalCountFromSourceNode": 0,
    "packetDeltaCount": 1,
    "packetDeltaCountFromDestinationNode": 1,
    "packetDeltaCountFromSourceNode": 0,
    "packetTotalCount": 1,
    "packetTotalCountFromDestinationNode": 1,
    "packetTotalCountFromSourceNode": 0,
    "protocolIdentifier": 17,
    "reverseOctetDeltaCount": 192,
    "reverseOctetDeltaCountFromDestinationNode": 192,
    "reverseOctetDeltaCountFromSourceNode": 0,
    "reverseOctetTotalCount": 192,
    "reverseOctetTotalCountFromDestinationNode": 192,
    "reverseOctetTotalCountFromSourceNode": 0,
    "reversePacketDeltaCount": 1,
    "reversePacketDeltaCountFromDestinationNode": 1,
    "reversePacketDeltaCountFromSourceNode": 0,
    "reversePacketTotalCount": 1,
    "reversePacketTotalCountFromDestinationNode": 1,
    "reversePacketTotalCountFromSourceNode": 0,
    "sourceIPv4Address": "10.10.0.1",
    "sourceNodeName": "",
    "sourcePodName": "",
    "sourcePodNamespace": "",
    "sourceTransportPort": 50497,
    "tcpState": ""
  }
]

3. Flow records metrics: The antctl get recordmetrics command can print all metrics related to the Flow Aggregator. The metrics include number of records received by the collector process in the Flow Aggregator, number of records exported by the Flow Aggregator, number of active flows that are being tracked, number of exporters connected to the Flow Aggregator

Fixes: #1966

[codecov-commenter]

Codecov Report

Merging #2878 (7c797d5) into main (ca264d3) will decrease coverage by 0.15%.
The diff coverage is 39.21%.

@@            Coverage Diff             @@
##             main    #2878      +/-   ##
==========================================
- Coverage   61.06%   60.91%   -0.16%     
==========================================
  Files         289      292       +3     
  Lines       24548    24698     +150     
==========================================
+ Hits        14991    15045      +54     
- Misses       7938     8015      +77     
- Partials     1619     1638      +19     

Flag	Coverage Δ
kind-e2e-tests	48.16% <45.66%> (-0.03%)	⬇️
unit-tests	40.14% <6.25%> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/antctl/antctl.go	66.66% <ø> (ø)
pkg/antctl/client.go	1.29% <0.00%> (-0.10%)	⬇️
pkg/antctl/command_definition.go	51.97% <0.00%> (-2.01%)	⬇️
pkg/antctl/transform/common/transform.go	0.00% <0.00%> (ø)
...gregator/apiserver/handlers/flowrecords/handler.go	23.63% <23.63%> (ø)
...egator/apiserver/handlers/recordmetrics/handler.go	44.44% <44.44%> (ø)
pkg/antctl/command_list.go	47.69% <50.00%> (+0.07%)	⬆️
pkg/flowaggregator/apiserver/apiserver.go	65.21% <65.21%> (ø)
pkg/flowaggregator/flowaggregator.go	68.19% <100.00%> (+0.63%)	⬆️
pkg/ipfix/ipfix_intermediate.go	89.47% <100.00%> (+0.58%)	⬆️
... and 10 more

[lgtm-com]

This pull request introduces 2 alerts when merging 579433b into 4d0eea7 - view on LGTM.com

new alerts:

• 2 for Incorrect conversion between integer types

[dreamtalen]

Thanks Yanjun working on this.

[srikartati]

Add this separately for Flow Aggregator, as the support version number is different

[yanjunz97]

Updated. Use 1.4 for now, if it does not catch up the release 1.4, will update to later version.

[yanjunz97]

@antoninbas @srikartati Would you like to take another look at this PR before I upgrade go-ipfix to a new version? Thanks a lot!

[srikartati]

It looks good to me @yanjunz97

[antoninbas]

I think it is unfortunate that we have to setup everything just for this small test, then tear it down. Can we merge this test with the other FlowAggregator e2e tests instead, so we only do the set up once?

[yanjunz97]

I have tried to merge the tests by using setupTestWithIPFIXCollector for all antctl test, but noticed some of the testAntctlControllerRemoteAccess may fail when using coverage on CI. Still looking for the reason.

[yanjunz97]

solved

[antoninbas]

it's not really what I had in mind. We are still calling setupTestWithIPFIXCollector twice (once for antctl tests and once for the Flow Aggregator tests). We should try to call it once IMO, and move the antctl tests for the Flow Aggregator to test/e2e/flowaggregator_test.go.

[yanjunz97]

Got it, thanks. Updated.

[antoninbas]

2 small comments, otherwise LGTM

Suggestions for follow-up PRs:

• ability to filter based on K8s names instead of network header fields
• use Prometheus to export FlowAggregator metrics and leverage that instead in the CLI if possible
• for the FlowAggregator antctl e2e tests, write some "real" tests instead of just calling the commands without arguments. In particular we can call antctl get flowrecords -o json and check that the contents are as expected.

[antoninbas]

please use this function in the implementation of gracefulExitFlowAggregator to avoid code duplication

[yanjunz97]

Done

[antoninbas]

maybe call it something more specific to avoid potential name collisions in the future

for example testFlowAggregatorAntctl

[yanjunz97]

Done

[antoninbas]

/test-all

[yanjunz97]

/test-all-features-conformance
/test-integration

[yanjunz97]

All tests passed. This PR can be merged together with #2909 if no other comment.

[antoninbas]

@yanjunz97 I merged #2909 but looks like you have to rebase now

[yanjunz97]

/test-all
/test-integration

[yanjunz97]

/test-integration

[yanjunz97]

/test-integration

[yanjunz97]

@yanjunz97 I merged #2909 but looks like you have to rebase now

Thanks! Rebased and passed the tests