antctl support traceflow

[lzhecheng]

Fixed #923

antctl traceflow is on remote mode, inside controller mode and inside agent mode.
It supports yaml and json output. It can return without retrieving results.

$ antctl traceflow -S busybox0 -D busybox1
name: default-busybox0-to-default-busybox1
phase: Succeeded
source: default/busybox0
destination: default/busybox1
noderesults:
- node: antrea-linux-testbed7-2
  role: ""
  timestamp: 1595391265
  observations:
  - component: SpoofGuard
    componentinfo: ""
    action: Forwarded
    pod: ""
    dstmac: ""
    networkpolicy: ""
    ttl: 0
    translatedsrcip: ""
    translateddstip: ""
    tunneldstip: ""
  - component: Forwarding
    componentinfo: Output
    action: Delivered
    pod: ""
    dstmac: ""
    networkpolicy: ""
    ttl: 0
    translatedsrcip: ""
    translateddstip: ""
    tunneldstip: ""

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-whole-conformance: to trigger all conformance tests on linux.
• /skip-whole-conformance: to skip all conformance tests on linux.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-all: to trigger all tests (except whole conformance).
• /skip-all: to skip all tests (except whole conformance).

These commands can only be run by members of the vmware-tanzu organization.

[lzhecheng]

/test-e2e
/test-conformance

[lzhecheng]

/test-e2e

[lzhecheng]

/test-e2e

[lzhecheng]

/test-e2e

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-whole-conformance: to trigger all conformance tests on linux.
• /skip-whole-conformance: to skip all conformance tests on linux.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-windows-networkpolicy: to trigger windows networkpolicy tests.
• /skip-windows-networkpolicy: to skip windows networkpolicy tests.
• /test-all: to trigger all tests (except whole conformance).
• /skip-all: to skip all tests (except whole conformance).

These commands can only be run by members of the vmware-tanzu organization.

[lzhecheng]

/test-e2e

[lzhecheng]

/test-e2e

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-whole-conformance: to trigger all conformance tests on linux.
• /skip-whole-conformance: to skip all conformance tests on linux.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-windows-networkpolicy: to trigger windows networkpolicy tests.
• /skip-windows-networkpolicy: to skip windows networkpolicy tests.
• /test-hw-offload: to trigger ovs hardware offload test.
• /skip-hw-offload: to skip ovs hardware offload test.
• /test-all: to trigger all tests (except whole conformance).
• /skip-all: to skip all tests (except whole conformance).

[lzhecheng]

/test-all

[lzhecheng]

/test-all

[lzhecheng]

/test-e2e

[lzhecheng]

/test-e2e

[lzhecheng]

/test-all

[weiqiangt]

Some nits, otherwise LGTM.

[weiqiangt]

I think the following if blocks can be simplified since the only different is the namespace.
Consider following workflow:

if len == 1 {
    setNameSpace
} else if len == 2 {
    setNameSapce
} else {
   error
}
original codes in `if` blocks.

Also, we can just check isPod one time by using this flow.

[lzhecheng]

Good idea! Updated.

[weiqiangt]

Looks like we only use these constants to construct a map, how about just decalre a map here?

[lzhecheng]

Updated.

[lzhecheng]

/test-all

[weiqiangt]

LGTM.

[tnqn]

Sorry for late review, but I hope the comments can be addressed with a separate PR.

[tnqn]

traceflow can support agent?

[lzhecheng]

antctl traceflow can be run on agent.

[tnqn]

Why are the following setting necessary? for example, I think the kubeconfig should have CAData set?

[lzhecheng]

You are right. I followed code style in support bundle. But it is unnecessary since it is enough for traceflow to have connection to apiserver.

[tnqn]

Pod and service can have same name, I think it's not reliable and clear to determine user's intention by querying runtime state. Maybe we should have an argument or flag to specify the type of the destination object.

[lzhecheng]

Yes. But could you please help check code here: https://github.com/vmware-tanzu/antrea/blob/master/pkg/agent/apiserver/handlers/ovstracing/handler.go#L151-L155
It seems like it is doing the same: find pod first, if not found then service.

[tnqn]

OK, then maybe we could discuss them together later, my personal feeling is it's not deterministic

[tnqn]

Does it really need to use (*pkt)? So do all such cases in this file.

[lzhecheng]

Yes, it is not necessary.

[tnqn]

Can getFieldPortValue just return a map to avoid repeated computation and the following redundant code?
It could be named getPortFields

[lzhecheng]

Good idea.

[tnqn]

The error is not clear

[lzhecheng]

Turned it into "output types should be yaml or json".

[tnqn]

Consider "k8s.io/apimachinery/pkg/util/rand.String" for simplicity.

[tnqn]

Why making this change?

[lzhecheng]

I think 1) it looks clearer and 2) it keeps the same code style like agent/apiserver.

[tnqn]

ok, but I think it's controversial to separate a short function into multiple ones when they are not reused, especially in a PR that is not related. We should focus on the purpose of the PR and leave unrelated style unification to separate PR to save reviewers' effort and avoid controversy.

[lzhecheng]

Make sense. I will pay more attention next time. I used to change some apiserver code in this PR, but such change is dropped with a comment. However, this code remains due to the reason I mentioned above..