Dockershim has added a label `io.kubernetes.docker.type` for at least
four years, where the pause container is of type `podsandbox`. This
should be more reliable than trying to keep up with everyone's name
for the pause container.
Fix a logic error in ECS scale-down button, bad copy/paste in
ActiveControls() and neaten the switch cases in container controls.
Co-Authored-By: Filip Barl <filip@weave.works>
Utility functions to create fake sets of connections for testing, and
then exercising the subset filtering code to check that quantities
come out as expected.
The app will only show one line, regardless of how many connections we
have, so reduce the number to save bandwidth and rendering time.
We filter by choosing a modulus, e.g. send every connection that is a
multiple of 3, or 9, and so on. We avoid multiples of 2 because port
numbers are often a multiple of 2 or 4 for bit-encoding reasons.
The previous code tracked only by four-tuple, which meant that two
connections with same address/port combinations in different namespace
would clash and one would get dropped.
Also previously the tuple was duplicated between the map key and
value, so we remove it from the value.
We only add the namespace in the case that the local address is
loopback, which matches how the rest of Scope treats addresses.
Instead of a whole extra data structure which is quite expensive to
marshal and unmarshal, just send the information in a string. No
clever merging strategy is required - the states are all set in one
place per node type.
It was possible for `t.ebpfTracker` to change underneath this code
while running on a background goroutine, so change it to take
`ebpfTracker` as a parameter.
While we're here, rename the functions to better match what they do.
If we run `getInitialState()` async there is some chance we will see
another ebpf failure and call `useProcfs()` before `getInitialState()`
gets to the last line, whereupon it will crash on nil pointer.
Also it seems pointless to call `performEbpfTrack()` without waiting
for something to feed in, so I suspect this is what the original
author had in mind.
It will slow down this one `Report()` on machines with a lot of
processes or connections, but ebpfTracker restart is supposed to be a
rare event.
The previous code seems to be relying on a 64-bit to 32-bit conversion
working in a certain way; when gopacket was changed to cast the value
explicitly it starts returning immeditely from pcap.
Similar to video compression which uses key-frames and differences
between them: every N publishes we send a full report, but inbetween
we only send what has changed.
Fairly simple approach in the probe - hold on to the last full report,
and for the deltas remove anything that would be merged in from the
full report.
On the receiving side in the app it already merges a set of reports
together to produce the final output for rendering, so provided N is
smaller than that set we don't need to do anything different.
Deltas don't need to represent nodes that have disappeared - an
earlier full node will have that node so it would be merged into the
final output anyway.
This dependency makes it harder to see the structure of the program,
and sometimes complicates compilation.
Mostly just changing the source of strings that are already exported
from the report package. A few new strings have to be moved there,
plus the function `IsPauseImageName()`.
So we save space writing out empty topologies.
Need to fix up `app_client_internal_test.go` to use Scope's
`test/reflect` package that understands empty==nil, so now it doesn't
need a previous workaround.
Remove a similar workaround in `probe_internal_test.go` that isn't
necessary since it's already using that package.
We observe a slow increase in connections reported, and are unable to
find the root cause, so clear down the data every six hours and start
from a clean sheet.
Delay kernel events by up to 0.2ms, to reduce the chance the ebpf
reporter sends them out-of-order, and allow out-of-order events to
happen up to once a minute without giving up on the ebpf reporter.
