Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Proposal] Options to limit data generation by plugins #138

Closed
anubhabMajumdar opened this issue Mar 26, 2024 · 0 comments · Fixed by #624
Closed

[Proposal] Options to limit data generation by plugins #138

anubhabMajumdar opened this issue Mar 26, 2024 · 0 comments · Fixed by #624
Assignees
@nddq
Labels
area/ebpf area/metrics area/plugins type/enhancement New feature or request

Comments

@anubhabMajumdar
Copy link
Contributor

Is your feature request related to a problem? Please describe.

Retina currently lacks sufficient options to control how many events we generate from the plugins. This impact the scale at which retina can operate.

Describe the solution you'd like

  • Provide an option for users to control what and how much events the plugins generate
  • The option should be generic enough - shouldn't expose plugin implementational details
  • Provide reasonable number of options that differ from each other in key aspects, but not overwhelm the user

Mechanisms

List of ways to reduce events:

  • Less bpf programs: Simply attach fewer bpf programs
  • Sampling: Not all events may be needed, sampling can cut down events at userspace level
  • Filter: Let the bpf code filter packets in the bpf and decide if needed by userspace
  • Protocol specific: Not all packets of a protocol is needed. Example - only interested in TCP drops and TCP connect

Plugin Modes

Annotate

All Drops, All DNS, All TCP/UDP for annotated NS/pods (both at stack and network)

Verbosity

  • No L34 - All Drops and All DNS
  • All - All Drops, All DNS, All TCP/UDP for everything
  • Medium - All Drops, All DNS, only packets sent/received(?) by pods at a configurable(?) sampling rate
  • Low - All Drops, All DNS, only TCP connect request to Pods

Additional context

Implementational Details

  • We shouldn't push down configurations to plugins. The managers or upper level should make decisions based on configuratiosn
  • Existing configurations should be refactored to support above configurations
@anubhabMajumdar anubhabMajumdar changed the title Options to limit data generation by plugins [Proposal] Options to limit data generation by plugins Mar 26, 2024
@nddq nddq self-assigned this Mar 26, 2024
@rbtr rbtr moved this to Accepted in Retina Triage Board Apr 2, 2024
@nddq nddq mentioned this issue Apr 17, 2024
Closed
11 tasks
@rbtr rbtr moved this from In Progress to Accepted in Retina Triage Board May 2, 2024
@nddq nddq mentioned this issue Jul 24, 2024
Merged
7 tasks
github-merge-queue bot pushed a commit that referenced this issue Aug 6, 2024
@nddq
feat: add data aggregation level (#556)
37d8401 
# Description

This PR introduced the config map option for data aggregation. More
details can be found in the docs.
## Related Issue
#138

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [x] I have updated the documentation, if necessary.
- [x] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed
- Added unit tests for parsing data aggregation level from config file
- Deploy on cluster with different data aggregation level, verified that
on `high`, `packetparser` doesn't attach bpf program to eth0
## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

---------

Signed-off-by: Quang Nguyen <[email protected]>
@nddq nddq linked a pull request Aug 29, 2024 that will close this issue
feat(conntrack): conntrack integration with packetparser #624
Merged
7 tasks
@nddq nddq closed this as completed in #624 Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nddq nddq

Labels
area/ebpf area/metrics area/plugins type/enhancement New feature or request
Projects
Retina Triage Board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(conntrack): conntrack integration with packetparser microsoft/retina
2 participants
@anubhabMajumdar @nddq