-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Flowlogs: make calico-node to fetch flow logs from a node #10144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 16 commits
Commits
Show all changes
38 commits
Select commit
Hold shift + click to select a range
d98f9ed
first commit
mazdakn 914c030
first prototype
mazdakn f6675fa
udapte
mazdakn 813a16d
Add more
mazdakn 1b4462b
update
mazdakn 0a91e70
more
mazdakn 71437b5
Cleanup
mazdakn 71e3bd2
Fix linter
mazdakn c20ee50
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn 57cae89
remove goldmane server mock
mazdakn 2013ced
Fix FVs
mazdakn 7c21315
clean up
mazdakn 8524f88
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn 744bc25
some more change
mazdakn fd1c83d
more
mazdakn e6e3ebf
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn d6d9c71
Add FV
mazdakn f4931da
Final cleanup
mazdakn 5b8fc24
Update Fv
mazdakn 95af41d
update comment
mazdakn f931e41
Fix FVs
mazdakn c479545
improve FV
mazdakn dfbd71c
Update node/cmd/calico-node/main.go
mazdakn a2c0168
Update felix/collector/goldmane/node_server.go
mazdakn 37b3f55
markup
mazdakn a4967ae
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn fe90de6
Fix node
mazdakn fc08717
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn 4b71e40
use a felixconfig
mazdakn 2ae5a5e
few changes
mazdakn 37376a6
update
mazdakn f5cb375
update
mazdakn 0cc4e5a
change config option
mazdakn a87bd9a
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn 9f3e845
change names
mazdakn 0ce48d9
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn d361089
rename to local socket
mazdakn 19c43e1
Merge remote-tracking branch 'open-source/master' into tool-flowlog
mazdakn File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,194 @@ | ||
| // Copyright (c) 2025 Tigera, Inc. All rights reserved. | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package goldmane | ||
caseydavenport marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
| "net" | ||
| "os" | ||
| "path" | ||
| "sync" | ||
| "time" | ||
|
|
||
| "github.com/sirupsen/logrus" | ||
| "google.golang.org/grpc" | ||
|
|
||
| "github.com/projectcalico/calico/goldmane/pkg/server" | ||
| "github.com/projectcalico/calico/goldmane/pkg/types" | ||
| ) | ||
|
|
||
| const ( | ||
| NodeSocketDir = "/var/log/calico/flowlogs" | ||
mazdakn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| NodeSocketName = "goldmane.sock" | ||
| ) | ||
|
|
||
| var ( | ||
| NodeSocketPath = path.Join(NodeSocketDir, NodeSocketName) | ||
| NodeSocketAddress = fmt.Sprintf("unix://%v", NodeSocketPath) | ||
| ) | ||
|
|
||
| type flowStore struct { | ||
| lock sync.RWMutex | ||
| flows []*types.Flow | ||
| } | ||
|
|
||
| func newFlowStore() *flowStore { | ||
| return &flowStore{} | ||
| } | ||
|
|
||
| func (s *flowStore) Receive(f *types.Flow) { | ||
| s.lock.Lock() | ||
| defer s.lock.Unlock() | ||
| s.flows = append(s.flows, f) | ||
| } | ||
|
|
||
| func (s *flowStore) List() []*types.Flow { | ||
| s.lock.RLock() | ||
| defer s.lock.RUnlock() | ||
| return s.flows | ||
| } | ||
|
|
||
| func (s *flowStore) Flush() { | ||
| s.lock.Lock() | ||
| defer s.lock.Unlock() | ||
| s.flows = nil | ||
| } | ||
|
|
||
| func (s *flowStore) ListAndFlush() []*types.Flow { | ||
| s.lock.Lock() | ||
| defer s.lock.Unlock() | ||
| flows := s.flows | ||
| s.flows = nil | ||
| return flows | ||
| } | ||
|
|
||
| type NodeServer struct { | ||
| store *flowStore | ||
| grpcServer *grpc.Server | ||
| once sync.Once | ||
|
|
||
| // In Calico node, the address of unix socket is always /var/log/calico/flowlogs/goldmane.sock. | ||
| // However, NodeServer is also used by Felix FVs, where the code is executed outside of Calico Node. In this case, | ||
| // unix socket is created in host filesystem, and instead mounted at the mentioned path in Felix containers. | ||
| dir string | ||
| } | ||
|
|
||
| func NewNodeServer(dir string) *NodeServer { | ||
| nodeServer := NodeServer{ | ||
| dir: dir, | ||
| grpcServer: grpc.NewServer(), | ||
| store: newFlowStore(), | ||
| } | ||
| col := server.NewFlowCollector(nodeServer.store) | ||
| col.RegisterWith(nodeServer.grpcServer) | ||
| return &nodeServer | ||
| } | ||
|
|
||
| func (s *NodeServer) Run() error { | ||
| var err error | ||
| err = ensureNodeSocketDirExists(s.dir) | ||
| if err != nil { | ||
| logrus.WithError(err).Error("Failed to create goldmane node socket") | ||
| return err | ||
| } | ||
|
|
||
| s.once.Do(func() { | ||
| var l net.Listener | ||
| sockAddr := s.Address() | ||
| l, err = net.Listen("unix", sockAddr) | ||
| if err != nil { | ||
| return | ||
| } | ||
| logrus.WithField("address", sockAddr).Info("Running goldmane node server") | ||
| go func() { | ||
| err = s.grpcServer.Serve(l) | ||
| if err != nil { | ||
| return | ||
mazdakn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| } | ||
| }() | ||
| }) | ||
| return nil | ||
| } | ||
|
|
||
| func (s *NodeServer) Watch(ctx context.Context, num int, processFlow func(*types.Flow)) { | ||
| infinitLoop := num < 0 | ||
mazdakn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| var count int | ||
| logrus.Debug("Starting to watch goldmane node socket") | ||
| for { | ||
| if ctx.Err() != nil || | ||
| (!infinitLoop && count >= num) { | ||
| logrus.Debug("Stopped watching goldmane node socket") | ||
| return | ||
| } | ||
|
|
||
| flows := s.ListAndFlush() | ||
| for _, f := range flows { | ||
| processFlow(f) | ||
| } | ||
| count = count + len(flows) | ||
| time.Sleep(time.Second) | ||
| } | ||
| } | ||
|
|
||
| func (s *NodeServer) Stop() { | ||
| cleanupNodeSocket(s.Address()) | ||
| s.grpcServer.Stop() | ||
| } | ||
|
|
||
| func (s *NodeServer) List() []*types.Flow { | ||
| return s.store.List() | ||
| } | ||
|
|
||
| func (s *NodeServer) Flush() { | ||
| s.store.Flush() | ||
| } | ||
|
|
||
| func (s *NodeServer) ListAndFlush() []*types.Flow { | ||
mazdakn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| return s.store.ListAndFlush() | ||
| } | ||
|
|
||
| func (s *NodeServer) Address() string { | ||
| return path.Join(s.dir, NodeSocketName) | ||
| } | ||
|
|
||
| func ensureNodeSocketDirExists(dir string) error { | ||
| logrus.Debug("Checking if goldmane node socket exists.") | ||
| if _, err := os.Stat(dir); os.IsNotExist(err) { | ||
| logrus.WithField("directory", dir).Debug("Goldmane node socket directory does not exist") | ||
| err := os.MkdirAll(dir, 0o600) | ||
| if err != nil { | ||
| logrus.WithError(err).WithField("directory", dir).Error("Failed to create node socket directory") | ||
| return err | ||
| } | ||
| logrus.WithField("directory", dir).Debug("Created goldmane node socket directory") | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| func cleanupNodeSocket(addr string) { | ||
| if NodeSocketExists() { | ||
| err := os.Remove(addr) | ||
| if err != nil { | ||
| logrus.WithError(err).WithField("address", addr).Errorf("Failed to remove goldmane node socket") | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func NodeSocketExists() bool { | ||
| _, err := os.Stat(NodeSocketPath) | ||
| // In case of any error, return false | ||
| return err == nil | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How much work would it be to lift this out of the Goldmane reporter and into its own Reporter, and then adding the ability to run multiple reporters + dynamically add / remove them?
It seems to me that we are going to want the ability to have multiple Reporters running at once - it would be cool to be able to use this e.g., even if Goldmane wasn't configured.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not much! Collector already supports multiple reporters.
But if we want to be able to run this without goldmane enabled, we should introduce a config option to enabled/disable it. Something like
FlowLogsGoldmaneNodeServerwithEnabledandDisabledvalues. WDYT?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That seems like a preferrable route to me, if it's not too much work. A new
LocalFlowSocket: Enabledor something would make sense as the config option name probably?