[Flow-Aggregator] Add e2e tests for flow aggregator #1628
Conversation
|
Thanks for your PR. The following commands are available:
|
Codecov Report
@@ Coverage Diff @@
## feature/flow-aggregator #1628 +/- ##
==========================================================
Coverage ? 61.82%
==========================================================
Files ? 184
Lines ? 15607
Branches ? 0
==========================================================
Hits ? 9649
Misses ? 4926
Partials ? 1032
Flags with carried forward coverage won't be shown. Click here to find out more. |
2c79e8d to
36f4474
Compare
test/e2e/framework.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| // fmt.Printf("configMap.Data['flow-aggregator.conf']: %+v\n", configMap.Data[flowAggregatorConfName]) |
There was a problem hiding this comment.
probably a stray line from debugging
| @@ -97,12 +98,12 @@ waitForNodes "${pids[@]}" | |||
| echo "Done!" | |||
|
|
|||
| echo "Copying Antrea deployment YAML to every node..." | |||
| scp -F ssh-config $ANTREA_YML $ANTREA_IPSEC_YML k8s-node-master:~/ & | |||
| scp -F ssh-config $ANTREA_YML $ANTREA_IPSEC_YML $FLOW_AGGREGATOR_YML k8s-node-master:~/ & | |||
There was a problem hiding this comment.
I am guessing this is for your local test runs and not CI.
We should probably automate the workflow of enabling flow exporter, deploying Antrea, and deploying Flow Aggregator on the vagrant setup for dev/demo purposes. This can be considered as a future TODO.
There was a problem hiding this comment.
If its not for your CI, please remove this. #1646 can handle this for dev automated workflow.
There was a problem hiding this comment.
Thanks. removed.
test/e2e/fixtures.go
Outdated
| if err := data.deployFlowAggregator(ipStr + ":" + ipfixCollectorPort + ":tcp"); err != nil { | ||
| return data, err | ||
| } | ||
| flowAggregatorIP, err := data.getServiceIP("flow-aggregator", flowAggregatorNamespace) |
There was a problem hiding this comment.
I see e2e test failures on kind setups in this PR.. both for TestFlowExporter and TestFlowAggregator.
Seems like it needs some debugging.
As part of that, could you cherry-pick my commit (#1629) and make changes for e2e tests? You will not need to acquire serviceIP of flow aggregator.
| AntreaProxy enabled (Inter-Node): Flow record from destination Node is ignored, so only flow record from the source Node has its K8s info like in Inter-Node case along with K8s Service info such as destinationClusterIP, destinationServicePort, destinationServicePortName etc. | ||
| */ | ||
|
|
||
| func TestFlowAggregator(t *testing.T) { |
There was a problem hiding this comment.
I think TestFlowAggregator and TestFlowExporter can be consolidated as in both cases, we need an external flow collector and just the checks will be different. This will save some time in deploying and tearing down the external flow collector.
test/e2e/flowaggregator_test.go
Outdated
| @@ -271,7 +267,7 @@ func checkRecordsForFlowAggregator(t *testing.T, data *TestData, srcIP string, d | |||
| } | |||
| } | |||
| t.Logf("Receive template record number: %d, data record number: %d", templateRecords, dataRecordsCount) | |||
| assert.Equal(t, templateRecords, 1, "Flow aggregator should send out 1 template record") | |||
| assert.GreaterOrEqual(t, templateRecords, 1, "Flow aggregator should send out at least 1 template record") | |||
There was a problem hiding this comment.
why not exactly one? Is there any issue with clean up code?
ddfc977 to
f353764
Compare
|
@dreamtalen I still see both flow exporter and flow aggregator e2e tests failing. Is there any current issue that is not resolved yet? |
Yes, these tests failings are related to CI, e2e tests can pass on my local environment, will fix them soon. |
f353764 to
36d52d5
Compare
269eb5e to
6e4ca65
Compare
0cab885 to
a3f0042
Compare
cc37c0a to
048b74f
Compare
|
/test-all |
517852b to
8998511
Compare
0c23c32 to
0f331b9
Compare
8998511 to
bfc6e40
Compare
test/e2e/flowaggregator_test.go
Outdated
| }}, | ||
| }) | ||
| if err != nil { | ||
| t.Fatalf("Error when creating Network Policy: %v", err) |
There was a problem hiding this comment.
Please change fatal message to error as master branch to make sure the test deployments are teared down before exiting. Same for most of the error logs in this file.
There was a problem hiding this comment.
Thanks, addressed.
There was a problem hiding this comment.
I agree with @srikartati - these tests (exporter & aggregator) need to be consolidated.
I didn't look into the details, but I see a lot of copy-paste and a lot of code doing exactly the same thing (e.g. to validate records).
| // Do not export the flow records of connections whose destination is local | ||
| // Pod and source is remote Pod. We export flow records only from source node, | ||
| // where the connection originates from. This is to avoid duplicate copies | ||
| // of flow records at flow collector. This restriction will be removed when | ||
| // flow aggregator is implemented. We miss some key information such as | ||
| // destination Pod info, ingress NetworkPolicy info, stats from destination | ||
| // node etc. | ||
| // TODO: Remove this when flow aggregator that correlates the flow records | ||
| // is implemented. | ||
| if !srcFound && dstFound { | ||
| conn.DoExport = false | ||
| } |
There was a problem hiding this comment.
That's a big change IMO so I am surprised to find it in an unrelated PR with no mention in the PR description?
There was a problem hiding this comment.
Sorry, added related PR and commit information in this PR's description.
test/e2e/fixtures.go
Outdated
| @@ -168,6 +168,44 @@ func setupTestWithIPFIXCollector(tb testing.TB) (*TestData, error, bool) { | |||
| return data, nil, isIPv6 | |||
| } | |||
|
|
|||
| func setupTestWithFlowAggregator(tb testing.TB) (*TestData, error) { | |||
| data := &TestData{} | |||
There was a problem hiding this comment.
Why do we need a brand new TestData instance instead of using the existing one, which already has an initialized K8s client?
The same question applies to setupTestWithIPFIXCollector
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/fixtures.go
Outdated
| @@ -168,6 +168,44 @@ func setupTestWithIPFIXCollector(tb testing.TB) (*TestData, error, bool) { | |||
| return data, nil, isIPv6 | |||
| } | |||
|
|
|||
| func setupTestWithFlowAggregator(tb testing.TB) (*TestData, error) { | |||
There was a problem hiding this comment.
can't setupTestWithIPFIXCollector and setupTestWithFlowAggregator be unified with an extra boolean parameter? we just keep adding more code to do pretty much the same thing
There was a problem hiding this comment.
Thanks, addressed.
bfc6e40 to
e499e94
Compare
e499e94 to
b144b6b
Compare
Thanks for your comments, Antonin. Will try to combine the flow exporter and aggregator e2e test. |
4cdf3f5 to
9f95ec1
Compare
There was a problem hiding this comment.
did a detailed review, looks much better than before
Lots of typos in the commit, use following:
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector.
The existing "flow exporter" tests (where the agents export to and external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed.
Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, #1268.
test/e2e/fixtures.go
Outdated
| tb.Logf("Creating K8s clientset") | ||
| if err := data.createClient(); err != nil { | ||
| if err := testData.createClient(); err != nil { | ||
| return nil, err, isIPv6 | ||
| } |
There was a problem hiding this comment.
should not be needed - the clientset in testdata has already been configured in testMain
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/fixtures.go
Outdated
| @@ -130,42 +129,42 @@ func setupTest(tb testing.TB) (*TestData, error) { | |||
| } | |||
|
|
|||
| func setupTestWithIPFIXCollector(tb testing.TB) (*TestData, error, bool) { | |||
| data := &TestData{} | |||
| // TODO: remove this hardcoding IPv4 setting after flow aggregator supports IPv6 | |||
There was a problem hiding this comment.
| // TODO: remove this hardcoding IPv4 setting after flow aggregator supports IPv6 | |
| // TODO: remove hardcoding to IPv4 after flow aggregator supports IPv6 |
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/flowaggregator_test.go
Outdated
| // Single iperf resulting in two connections with separate ports. Suspecting second flow to be control flow to exchange | ||
| // stats info. As 5s is export interval and iperf traffic runs for 10s, we expect about 4 records exporting to the flow aggregator. |
There was a problem hiding this comment.
That's correct, iperf uses a "control" connection
suugestion: Single iperf run results in two connections with separate ports (control connection and actual data connection).
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/flowaggregator_test.go
Outdated
| expectedNumTemplateRecords = 1 | ||
| // Single iperf resulting in two connections with separate ports. Suspecting second flow to be control flow to exchange | ||
| // stats info. As 5s is export interval and iperf traffic runs for 10s, we expect about 4 records exporting to the flow aggregator. | ||
| // Since flow aggregator will aggregate records based on 5-tuple connection key, so we expect 2 records. |
There was a problem hiding this comment.
| // Since flow aggregator will aggregate records based on 5-tuple connection key, so we expect 2 records. | |
| // Since flow aggregator will aggregate records based on 5-tuple connection key, we expect 2 records. |
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/flowaggregator_test.go
Outdated
| // Flow exporter can't connect with flow aggregator service if proxy disabled. | ||
| skipIfProxyDisabled(t, data) |
There was a problem hiding this comment.
That doesn't sound right to me, could you elaborate?
Ability to connect to the flow aggregator should be independent of whether AntreaProxy is enabled.
There was a problem hiding this comment.
Thanks, addressed.
Yes you're right, only LocalServiceAccess and RemoteServiceAccess testcases neet to be skipped.
test/e2e/flowaggregator_test.go
Outdated
| t.Errorf("Records with dstIP does not have Pod name") | ||
| if isIntraNode { | ||
| if !strings.Contains(record, "perftest-a") { | ||
| t.Errorf("Records with srcIP does not have Pod name") |
There was a problem hiding this comment.
| t.Errorf("Records with srcIP does not have Pod name") | |
| t.Errorf("Record with srcIP does not have Pod name") |
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/flowaggregator_test.go
Outdated
| t.Errorf("Records with dstIP does not have Pod name") | ||
| } | ||
| } else { | ||
| // Flow record comes from destination node may contain incomplete pod name information | ||
| if !strings.Contains(record, "perftest-a") && !strings.Contains(record, "perftest-b") { | ||
| t.Errorf("Records does not have source and destination Pod name") |
There was a problem hiding this comment.
s/Records/Record in log messages
There was a problem hiding this comment.
Thanks, addressed.
test/e2e/flowaggregator_test.go
Outdated
| t.Errorf("Records with dstIP does not have Pod name") | ||
| } | ||
| } else { | ||
| // Flow record comes from destination node may contain incomplete pod name information |
There was a problem hiding this comment.
s/Flow record comes/Flow record coming
However, I thought that the aggregator ensures no incomplete information in records? @srikartati
There was a problem hiding this comment.
May be this comment was copied from Flow Exporter code. We should have complete information with flow aggregator.
There was a problem hiding this comment.
Actually I added this if-condition because sometimes aggregator doesn't have complete information in the Kind cluster e2e test. Not sure go-ipfix v0.4.2 solved this issue or not, will try again after PR #1676 merged.
There was a problem hiding this comment.
go-ipfix v0.4.2 should resolve this.. we introduced readyToSend field in aggregator process to wait until we receive the records from source and destination node.
test/e2e/flowaggregator_test.go
Outdated
| @@ -253,17 +252,47 @@ func checkRecordsForFlows(t *testing.T, data *TestData, srcIP string, dstIP stri | |||
| } | |||
| } | |||
| } | |||
| // Check the aggregation results in infra tests | |||
| if !strings.Contains(record, fmt.Sprintf("%s: %s", "destinationPodNamespace", testNamespace)) { | |||
| t.Errorf("Records does not have correct destinationPodNamespace") | |||
There was a problem hiding this comment.
s/Records does not have/Record does not have
here and in all the error messages below
There was a problem hiding this comment.
Thanks, addressed.
fb93299 to
4ad13ca
Compare
test/e2e/flowaggregator_test.go
Outdated
| egressNetworkPolicyName = "test-flow-aggregator-networkpolicy-egress" | ||
| collectorCheckDelay = 1 * time.Second | ||
| expectedNumTemplateRecords = 1 | ||
| // Single iperf run results in two connections with separate ports (control connection and actual data connection). Suspecting second flow to be control |
There was a problem hiding this comment.
you can remove "Suspecting second flow to be control flow to exchange stats info." now
There was a problem hiding this comment.
Thanks, addressed.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
4ad13ca to
95246f6
Compare
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector. The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed. Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, PR#1268.
In this commit, we add e2e tests for the flow aggregator. For these tests, we setup an environment where the flow exporters in antrea agents export flow records to the flow aggregator. The flow aggregator will run the collecting, aggregating jobs and will export records to the external IPFIX collector.
The existing "flow exporter" tests (where the agents export to the external collector directly) are replaced with "flow aggregator" tests, as we assume that the aggregator is always deployed.
Also, we removed the configuration in the agents causing flow records to only be exported from the source node since we now have the aggregator to correlate and de-duplicate flows. Related commit and PR are b44fd78, #1268.