NETOBSERV-2045: Create packets xlation blog for netobserv #3
Conversation
msherif1234
force-pushed
the
pkt_xlat_blog
branch
from
53c165f to
0e1c70d
Compare
|
|
||
| ## How eBPF Can Help | ||
|
|
||
| eBPF allows you to execute custom programs in the Linux kernel, making it an ideal tool for network observability. |
There was a problem hiding this comment.
| eBPF allows you to execute custom programs in the Linux kernel, making it an ideal tool for network observability. | |
| You can execute custom programs using/with eBPF in the Linux kernel, making it an ideal tool for network observability. Notable benefits of using eBPF include the following: | |
| - Granular Observability: Directly see which pod served a request. | |
| - Low Overhead: Operates in the kernel with minimal impact on performance. | |
| - Dynamic Updates: Respond to changes in Kubernetes without requiring application restarts. | |
| - Simplified Architecture: No need for sidecars or intrusive network plugins. |
There was a problem hiding this comment.
Suggest rephrasing like this to keep this centered on what the user can do and less technology-centric.
Also suggest incorporating that list from the end of this section to here because I think its more valuable up front with the intro than as a summary item, but I leave that up to you.
| Attach eBPF Programs: | ||
| Use eBPF programs to hook into kernel networking events, such as kprobe on functions like `nf_nat_manip_pkt`. | ||
|
|
||
| Enrich Flow Logs: |
There was a problem hiding this comment.
Should these be numbered 🤔 it seems to me like they're sequential steps in the process. Also, I think all these words don't need to be capitalized.
| Attach eBPF Programs: | |
| Use eBPF programs to hook into kernel networking events, such as kprobe on functions like `nf_nat_manip_pkt`. | |
| Enrich Flow Logs: | |
| 1. Attach the eBPF programs: | |
| Use the eBPF programs to hook into kernel networking events, such as kprobe on functions like `nf_nat_manip_pkt`. | |
| 2. Enrich flow logs: |
| Use eBPF programs to hook into kernel networking events, such as kprobe on functions like `nf_nat_manip_pkt`. | ||
|
|
||
| Enrich Flow Logs: | ||
| As network packets are processed, augment flow logs with metadata about the translated endpoint. This can include: |
There was a problem hiding this comment.
Question, does the augmentation happen as the network packets are processed? Or is it something the user manually has to refresh. The wording here makes it seem like the user needs to augment the flow logs with metadata, and if that's the case, maybe a "you can" before the augment would be a good clarification.
There was a problem hiding this comment.
that is what ebpf code will do user doesn't need to do anything
| Benefits of Using eBPF | ||
|
|
||
| Granular Observability: Directly see which pod served a request. | ||
|
|
||
| Low Overhead: Operates in the kernel with minimal impact on performance. | ||
|
|
||
| Dynamic Updates: Respond to changes in Kubernetes without requiring application restarts. | ||
|
|
||
| Simplified Architecture: No need for sidecars or intrusive network plugins. |
There was a problem hiding this comment.
Hmmmm....I wonder about relocating this to the introduction of the How ePBF Helps section. I'll make another comment with this suggestion and see what you think.
|
|
||
| ## How to enable Packet Translation enrichment feature | ||
|
|
||
| To enable packet translation enrichment feature, need to create a flow collector with the following feature enabled |
There was a problem hiding this comment.
| To enable packet translation enrichment feature, need to create a flow collector with the following feature enabled | |
| To enable packet translation enrichment feature, create a `FlowCollector` resource with the following feature enabled |
There was a problem hiding this comment.
You can have "create" as an imperative without saying "need to". Additionally, FlowCollector should be in backticks since its the API
|
|
||
| ## Example | ||
|
|
||
| To demonstrate this feature, let's configure a `CluesterIP` kubernetes service using the following example yaml |
There was a problem hiding this comment.
| To demonstrate this feature, let's configure a `CluesterIP` kubernetes service using the following example yaml | |
| Let's configure a `CluesterIP` Kubernetes service to try this feature! | |
| 1. Configure a `CluesterIP` Kubernetes service using the following example yaml: |
There was a problem hiding this comment.
I think there was an extra whitespace here and also Kubernetes needs a capital K
There was a problem hiding this comment.
Additionally, add a colon to introduce the yaml sample, and I'm wondering what you think about numbering here? I think it helps, especially further down the example, to emphasize the steps.
| type: ClusterIP | ||
| ``` | ||
|
|
||
| check the created service to find the `CluterIP` and `Port` |
There was a problem hiding this comment.
| check the created service to find the `CluterIP` and `Port` | |
| 2. Check the created service to find the `CluterIP` and `Port`: |
There was a problem hiding this comment.
Furthering my numbering suggestion from the previous comment and also adding a colon to introduce the code.
|
|
||
| ``` | ||
|
|
||
| Then we can send traffic to this service IP and check the enriched flows on the netobserv console |
There was a problem hiding this comment.
| Then we can send traffic to this service IP and check the enriched flows on the netobserv console | |
| 3. Next, you can send traffic to this service IP and check the enriched flows on the network observability console: |
There was a problem hiding this comment.
- suggest you vs we to make it more customer-centric.
- I think since we refer to the console here, best to call it network observability since that whole name will be spelled out in the console.
- add a colon to introduce the code.
| $ while true; do oc exec -i -n xlat-test client -- curl 172.30.165.151:80 ; sleep 1; done | ||
| ``` | ||
|
|
||
| from Netobserv console let's filter on Traffic destination `Kind` is `Service` in `xlat-test` namespace |
There was a problem hiding this comment.
| from Netobserv console let's filter on Traffic destination `Kind` is `Service` in `xlat-test` namespace | |
| 4. From the network observability console **Network Traffic** page, click the *Taffic flows* tab and filter on Traffic destination `Kind` is `Service` in the `xlat-test` namespace: |
There was a problem hiding this comment.
I suggest clarifying the exact area of the console where they'll need to be working.
|
|
||
| <img src="{page.image('packets-xlation-enrichment/pkt-xlat-ip-port.png')}" alt="Service Traffic's Packet Translation enrichment using POD's IP and Port"> | ||
|
|
||
| The following shows possible packet translation columns options, currently `zoneid` is the only visible column by default |
There was a problem hiding this comment.
| The following shows possible packet translation columns options, currently `zoneid` is the only visible column by default | |
| The following shows possible packet translation columns options. Currently `zoneid` is the only visible column by default: |
|
|
||
| ## Example | ||
|
|
||
| To demonstrate this feature, let's configure a `CluesterIP` kubernetes service using the following example yaml |
| type: ClusterIP | ||
| ``` | ||
|
|
||
| check the created service to find the `CluterIP` and `Port` |
msherif1234
force-pushed
the
pkt_xlat_blog
branch
from
0e1c70d to
0b491ef
Compare
| Events: <none> | ||
|
|
||
| $oc get pods -n xlat-test | ||
| oc get pods -n xlat-test |
msherif1234
force-pushed
the
pkt_xlat_blog
branch
from
0b491ef to
c18446a
Compare
|
LGTM |
Signed-off-by: Mohamed Mahmoud <[email protected]>
msherif1234
force-pushed
the
pkt_xlat_blog
branch
from
c18446a to
87f38ab
Compare
msherif1234
changed the title
msherif1234
changed the title
|
|
||
| - Destination Port | ||
|
|
||
| - Conntrack Zone ID |
Adding Packets translation blog