Fix FlowExporter memory bloat when export process is dead

[wsquan171]

When flow exporter is enabled, but failed to connect to downstream IPFIX collector, connections added to the priority queue inside flow exporter won't be expired and removed from queue, causing memory to bloat. Furthermore, connection store polling will remove conn from its connections map when the flow is no longer in conntrack, but not the related items in priority queue. When a new flow with same flow key is reestablished, a duplicated item with same key will be added to the queue, while the reference to the old one is lost, essentially causing memory leak.

This change addresses above issue in the following aspects:

1. Connection store polling removes stale conn from both connections map and the priority queue. Since CS polling is independent of exporting process liveness, this allows clean up to be done without connection to collector.
2. Fixes init of Connection.LastExportTime to be connection start time to make sure CS polling logic works properly when the exporting process is dead. Previously LastExportTime will only be filled by exporting process at the time of export, causing zero value to be compare in certain cases.
3. Adds guards in priority queue to prevent having two Connections with same connection key in the heap.

Benchmark test BenchmarkExportConntrackConns did not show observable difference before and after change.

Fixes item 1 and 2 in #3972. Severity of item 3 is lower, which will be addressed in a later change.

[codecov]

Codecov Report

Merging #3994 (16e4907) into main (33e175b) will increase coverage by 0.67%.
The diff coverage is 96.42%.

@@            Coverage Diff             @@
##             main    #3994      +/-   ##
==========================================
+ Coverage   64.39%   65.06%   +0.67%     
==========================================
  Files         295      295              
  Lines       43781    44037     +256     
==========================================
+ Hits        28191    28654     +463     
+ Misses      13304    13113     -191     
+ Partials     2286     2270      -16     

Flag	Coverage Δ
e2e-tests	41.27% <0.00%> (?)
kind-e2e-tests	51.66% <96.42%> (+0.79%)	⬆️
unit-tests	44.29% <57.14%> (+0.05%)	⬆️

Impacted Files	Coverage Δ
...agent/flowexporter/connections/deny_connections.go	81.72% <87.50%> (+18.50%)	⬆️
.../flowexporter/connections/conntrack_connections.go	81.42% <100.00%> (+4.46%)	⬆️
.../agent/flowexporter/priorityqueue/priorityqueue.go	93.33% <100.00%> (+0.92%)	⬆️
pkg/controller/externalippool/controller.go	84.82% <0.00%> (-6.25%)	⬇️
pkg/apiserver/storage/ram/watch.go	90.66% <0.00%> (-2.67%)	⬇️
pkg/agent/proxy/endpoints.go	78.57% <0.00%> (-2.39%)	⬇️
...lowaggregator/clickhouseclient/clickhouseclient.go	81.41% <0.00%> (-1.58%)	⬇️
pkg/agent/cniserver/ipam/antrea_ipam_controller.go	79.45% <0.00%> (-1.37%)	⬇️
pkg/controller/ipam/antrea_ipam_controller.go	75.10% <0.00%> (-1.32%)	⬇️
pkg/agent/openflow/pipeline.go	73.26% <0.00%> (+0.18%)	⬆️
... and 27 more

[wsquan171]

/test-e2e

[wsquan171]

/test-networkpolicy

[wsquan171]

/test-conformance

[antoninbas]

only small comments, LGTM

[antoninbas]

I think we could just call this WriteItemToQueue.

[wsquan171]

/test-conformance
/test-e2e
/test-networkpolicy

[heanlan]

Thanks Shawn. LGTM

[heanlan]

I think denyConnStore.AddOrUpdateConn has already taken care of assigning value to LastExportTime?

[wsquan171]

/test-conformance
/test-e2e
/test-networkpolicy

[antoninbas]

@wsquan171 I assume that this should be backported? Could you take care of it?