[Flow Visibility] Add data retention methods for in-memory Clickhouse deployment #3244
Conversation
Codecov Report
@@ Coverage Diff @@
## main #3244 +/- ##
===========================================
- Coverage 65.56% 48.27% -17.30%
===========================================
Files 268 345 +77
Lines 26909 48810 +21901
===========================================
+ Hits 17643 23562 +5919
- Misses 7354 22983 +15629
- Partials 1912 2265 +353
Flags with carried forward coverage won't be shown. Click here to find out more.
|
yanjunz97
force-pushed
the
clickhouse
branch
2 times, most recently
from
989108b to
35ea5e7
Compare
|
Thanks Yanjun, could you move your monitor files under For the dockerfile, I think |
Thanks Yongming for reviewing. I've moved the monitor files as suggested. The dockerfile is still kept at the original place to be consistent with the octant one as we discussed in the meeting. |
yanjunz97
force-pushed
the
clickhouse
branch
2 times, most recently
from
96c3f75 to
1abd279
Compare
yanjunz97
force-pushed
the
clickhouse
branch
from
1abd279 to
72420b6
Compare
|
Hi @yanjunz97 , you may also want to make the corresponding changes:
|
Thanks Anlan! Updated. |
yanjunz97
force-pushed
the
clickhouse
branch
2 times, most recently
from
494a9ed to
bc22847
Compare
|
Hi @antoninbas @salv-orlando Could you take a look at this PR? |
| name: clickhouse-monitor | ||
| --- | ||
| apiVersion: batch/v1 | ||
| kind: CronJob |
There was a problem hiding this comment.
why does this run as CronJob which I think will schedule a new Pod each time, instead of as an additional container in the Clickhouse Pod?
There was a problem hiding this comment.
As Cronjob is scheduled by Kubernetes, we think in terms of lifecycle, it provides better management.
We also consider to deploy the Clickhouse cluster in future which may have multiple Clickhouse pods, but we only need one monitor for the whole Clickhouse cluster.
There was a problem hiding this comment.
@yanjunz97 I agree on your point about not running the monitor in the clickhouse pod. On the other hand @antoninbas also correctly brings up that a cronjob has the additional overhead of creating/destroying a pod every time it's executed.
Personally, I'm ok with the cronjob - as making a change will also have impact on monitor impl - but I also think it might be ok to have the monitor as a continuously running pod in the future.
There was a problem hiding this comment.
I see the consideration of the overhead. We do have some discussions in the previous team meeting about the plan to use linux crontab in a continuously running pod.
We think the Cronjob might be more reliable. For example, when the continuously running pod goes wrong, the monitor won't work any more. But with Cronjob each pod runs separately thus the failure of one pod does not affects the others. This might be more important when the cluster is large. I'm still no sure whether we should reconsider the crontab design.
There was a problem hiding this comment.
Having some more discussions with @salv-orlando offline, I understand the reliability and saving of overhead with the single continuously running pod monitor solution. I plan to switch the current Cronjob monitor to a continuously running pod in a follow up PR.
There was a problem hiding this comment.
Agreed. The current implementation assumes something like a cronjob is running, so it's better to keep the using it. We can iterate over it in the next release (with the caveat that we will need to find a way to terminate the cronjob or document it must be terminated)
.github/workflows/build.yml
Outdated
| @@ -182,3 +182,20 @@ jobs: | |||
| run: | | |||
| echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |||
| docker push antrea/flow-aggregator:latest | |||
|
|
|||
| build-flow-visibility-clickhouse-monitor: | |||
| needs: check-changes | |||
There was a problem hiding this comment.
I don't think you should use the same check-changes step here to determine if you need to build the image.
You should look for changes in plugins/flow-visibility/clickhouse-monitor/ instead IMO.
There was a problem hiding this comment.
Thanks Antonin for reviews! I think the changes I need to look for are
- plugins/flow-visibility/clickhouse-monitor/
- build/images/Dockerfile.clickhouse.monitor.ubuntu
It seems has-changes accepts the excluded paths instead of the include ones. I try to exclude most of the paths, but not sure if it is enough, or whether there is a better way to do this.
| spec: | ||
| containers: | ||
| - name: clickhouse-monitor | ||
| imagePullPolicy: IfNotPresent |
There was a problem hiding this comment.
I am simply curious about why we force imagePullPolicy to IfNotPresent in "dev" mode...
There was a problem hiding this comment.
I think it is because in development we prefer to use the image which is built locally instead of the one from repo.
| name: clickhouse-monitor | ||
| --- | ||
| apiVersion: batch/v1 | ||
| kind: CronJob |
There was a problem hiding this comment.
@yanjunz97 I agree on your point about not running the monitor in the clickhouse pod. On the other hand @antoninbas also correctly brings up that a cronjob has the additional overhead of creating/destroying a pod every time it's executed.
Personally, I'm ok with the cronjob - as making a change will also have impact on monitor impl - but I also think it might be ok to have the monitor as a continuously running pod in the future.
| @@ -0,0 +1 @@ | |||
| # placeholder | |||
There was a problem hiding this comment.
Is this file needed for this PR? Not a big deal, I just don't fully understand why it's needed in the first place
There was a problem hiding this comment.
It seems it works without this file, but I just add it to keep consistence with the flow aggregator and antrea patches.
| // Checks the k8s log for the number of rounds to skip. | ||
| // Returns true when the monitor needs to skip more rounds and log the rest number of rounds to skip. | ||
| func skipRound() bool { | ||
| logString, err := getPodLogs() |
There was a problem hiding this comment.
@antoninbas , @yanjunz97 I think that if we move away from CronJob we will need to reconsider this logic, and probably that might not be trivial. I think we should do that, but perhaps as a follow-up to this PR.
There was a problem hiding this comment.
Sure, if we adopt the cronjob solution, we may use a logic to read cronlog instead of the K8S log.
There was a problem hiding this comment.
I think this is actually an argument in favor of not using a CronJob in the first place. If your logic needs some state (which is the case here), it is better to just have a long-running Pod.
There was a problem hiding this comment.
I see. Is it fine to have a follow up PR to switch it to a long-running Pod targeting at next release?
There was a problem hiding this comment.
Fine by me... I think doing that will require a bit of refactoring...
| // Clickhouse configuration | ||
| userName := os.Getenv("CH_USERNAME") | ||
| password := os.Getenv("CH_PASSWORD") | ||
| host, port := os.Getenv("SVC_HOST"), os.Getenv("SVC_PORT") |
There was a problem hiding this comment.
nit: In the clickhouse client PR (#3196 ) the DB URI is being passed entirely whereas in this PR is being built from host and port. Not sure if we want to consider a common approach. (this is not something we have to necessarily address in this PR, it's just a suggestion which can be ignored or taken for future work)
There was a problem hiding this comment.
Thanks Salvatore for reviews! It makes sense for me to use DB URI. Updated the env variables in the monitor.
| if err != nil { | ||
| klog.ErrorS(err, "Failed to connect to Clickhouse") | ||
| } | ||
| if err := connect.Ping(); err != nil { |
There was a problem hiding this comment.
just a curiosity: is the ping operation necessary to assess the connection is healthy?
There was a problem hiding this comment.
This is suggested by the clickhouse-go examples.
|
Hi @antoninbas @salv-orlando Could you take another look at this PR? Thanks! |
| var ( | ||
| // The name of the table to store the flow records | ||
| tableName = os.Getenv("TABLE_NAME") | ||
| // The names of the materialized views | ||
| mvNames = strings.Split(os.Getenv("MV_NAMES"), " ") | ||
| // The namespace of the Clickhouse server | ||
| namespace = os.Getenv("NAMESPACE") | ||
| // The clickhouse monitor label | ||
| monitorLabel = os.Getenv("MONITOR_LABEL") | ||
| ) |
There was a problem hiding this comment.
it would be good to fail early in main() if one of the required environment variables is missing. What do you think?
There was a problem hiding this comment.
Added a check at the beginning of main()
| // Checks the k8s log for the number of rounds to skip. | ||
| // Returns true when the monitor needs to skip more rounds and log the rest number of rounds to skip. | ||
| func skipRound() bool { | ||
| logString, err := getPodLogs() |
There was a problem hiding this comment.
I think this is actually an argument in favor of not using a CronJob in the first place. If your logic needs some state (which is the case here), it is better to just have a long-running Pod.
| name: clickhouse-monitor | ||
| --- | ||
| apiVersion: batch/v1 | ||
| kind: CronJob |
There was a problem hiding this comment.
Agreed. The current implementation assumes something like a cronjob is running, so it's better to keep the using it. We can iterate over it in the next release (with the caveat that we will need to find a way to terminate the cronjob or document it must be terminated)
| // Checks the k8s log for the number of rounds to skip. | ||
| // Returns true when the monitor needs to skip more rounds and log the rest number of rounds to skip. | ||
| func skipRound() bool { | ||
| logString, err := getPodLogs() |
There was a problem hiding this comment.
Fine by me... I think doing that will require a bit of refactoring...
|
/test-all |
|
Thanks @salv-orlando for reviews. Just squashed and rebased the code. Would like to have @antoninbas taking another look. |
Signed-off-by: Yanjun Zhou <zhouya@vmware.com>
|
Fixed a bug in the retry logic. Run tests again. |
|
/test-e2e |
|
All tests passed. This PR can be merged if no other comment. |
This PR updates the Clickhouse in memory deployment with restricted memory storage. It adds the TTL mechanism and an independent monitor as strategies to ensure data retention.
The TTL mechanism is provided by Clickhouse MergeTree Engine which deleted expired data periodically. The monitor is designed to deal with the burst in the data insertion. It runs periodically by a Kubernetes cronjob, which deletes records when the Clickhouse server memory usage is larger than the threshold.