Make --namespace flag more intuitive and allow both --namespace and --pod flag
#1279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
chancez
approved these changes
Nov 2, 2023
kaworu
added
⌨️ area/cli
maintainer-s-little-helper
bot
added
ready-to-merge
glrf
force-pushed
the
feat/improve-ns-flag
branch
from
7462354 to
d4e8731
Compare
aditighag
removed
the
ready-to-merge
|
Removing the ready-to-merge label, as @kaworu's review is still pending. |
glrf
force-pushed
the
feat/improve-ns-flag
branch
from
d4e8731 to
55e17a4
Compare
kaworu
approved these changes
Nov 9, 2023
maintainer-s-little-helper
bot
added
the
ready-to-merge
maintainer-s-little-helper
bot
removed
ready-to-merge
glrf
force-pushed
the
feat/improve-ns-flag
branch
3 times, most recently
from
1003570 to
0005970
Compare
kaworu
added
breaking-change
needs-rebase
Instead of treating the `--namespace` flag as an alias for filtering for any pod in the namespace, we now treat the `--namespace` flag as a modifier for the `--pod` and `--service` flag. This means `hubble observe --namespace foo --pod bar` will filter for flows from or to pod `bar` in namespace `foo`, instead of filtering for flows to or from pod `bar` in the namespace `default` and `foo` (which never resulted in any flows) There are a few edgecases: * If we provide multiple namespace and/or pods/services we build the crossproduct of the provided values. * If we don't provide any pod or service flags, i.e. `hubble observe -n foo`, we use the old behaviour of filtering for any pods in that namespace. * We don't allow mixing `--namespace` and `--to-pod` or similar as it isn't clear what should happen in that case. Signed-off-by: Fabian Fischer <[email protected]>
glrf
force-pushed
the
feat/improve-ns-flag
branch
2 times, most recently
from
c0b2a2e to
6bb1479
Compare
We catch some common mistakes when querying for namespaces. * We return an error if the pod and service flags request different namespaces, as this will never yield any flows. * We return an error if the namespace and the pod and/or service flags request flow from different namespace, as it is not clear what for example `hubble observe -n foo --pod bar/buzz --pod blub` should do. Signed-off-by: Fabian Fischer <[email protected]>
glrf
force-pushed
the
feat/improve-ns-flag
branch
from
6bb1479 to
071b371
Compare
maintainer-s-little-helper
bot
added
the
ready-to-merge
kaworu
removed
the
needs-rebase
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR essentially implements @kaworu's proposal in #359 (comment) .
This means instead of treating the
--namespaceflag as an alias for filtering for any pod in the namespace, we now treat the--namespaceflag as a modifier for the--podand--serviceflag. We also try to catch namespace inconsistencies in flags and fail early.There where a few edgecases that were not considered in the initial proposal:
If we provide multiple namespace and/or pods/services we build the crossproduct of the provided values.
For example
hubble observe -n foo -n bar --pod buzzwill return any flows from or to pods in namespacefooorbarnamedbuzzIf we don't provide any pod or service flags, i.e.
hubble observe -n foo, we use the old behaviour of filtering for any pods in that namespace.We don't allow mixing
--namespaceand--to-podor similar as it isn't clear what should happen in that case.We return an error if the namespace and the pod and/or service flags request flows from different namespace, as it is not clear what for example
hubble observe -n foo --pod bar/buzz --pod blubshould do.This PR also doesn't implement the proposed
--all-namespacesflag, as it requires server side changes. Will add this separately.This technically introduces a breaking change. We no longer allow using both
--namespaceand--from-serviceor--to-service.Before this change
hubble observe --namespace foo --to-service buzz/barshowed flows flows that either start at a pod in namespacefooand go to servicebarin namespacebuzz, or come from anywhere and go to servicebuzz/barand a pod in namespacefoo(which does not show any flows as long asfoo != buzz)If you want to replicate the old behavior you can use
hubble observe --pod foo/ --to-service buzz/barcloses #359