add support for adding annotations to kubernetes transform

[awprice]

Description

Adds support for adding annotations to the kubernetes transform. Configured using the annotations_prefix field.
Functions similarly to the labels_prefix field.

Adds a unit test for testing the behaviour of both labels_prefix and annotations_prefix.

Fixes typo in labels_prefix documentation.

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

To run a perfscale test, comment with: /test flp-node-density-heavy-25nodes

[openshift-ci]

Hi @awprice. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign oliviercazade for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[awprice]

Would be good to get some guidance on the checklist

[jotak]

Hi @awprice , thanks for your PR, I'm looking into it

Would be good to get some guidance on the checklist

There's no impact on the netobserv operator as far as I can see, so you can ignore it

[jotak]

I've no strong objection with this PR, but from my experience k8s annotations tend to be potentially very verbose, sometimes even containing big json blobs.. So I wonder if there's really a use-case for having all annotations propagated into flows, or if we should rather use an include or exclude list. The same could be done for labels actually. What do you think? What would work in your use case?

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.01%. Comparing base (7b66b85) to head (acac459).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1115      +/-   ##
==========================================
+ Coverage   66.88%   67.01%   +0.13%     
==========================================
  Files         121      121              
  Lines        7573     7594      +21     
==========================================
+ Hits         5065     5089      +24     
+ Misses       2178     2176       -2     
+ Partials      330      329       -1     

Flag	Coverage Δ
unittests	67.01% <100.00%> (+0.13%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
pkg/api/transform_network.go	100.00% <100.00%> (ø)
pkg/pipeline/transform/kubernetes/enrich.go	86.02% <100.00%> (+8.24%)	⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[awprice]

I've no strong objection with this PR, but from my experience k8s annotations tend to be potentially very verbose, sometimes even containing big json blobs.. So I wonder if there's really a use-case for having all annotations propagated into flows, or if we should rather use an include or exclude list. The same could be done for labels actually. What do you think? What would work in your use case?

Thanks for the review! You're right - on second thoughts, for our use case I think we'll definitely benefit from being able to selectively only add certain annotations.

I'll update the PR with include/exclude functionality for both annotations and labels

[awprice]

@jotak PR updated with support for inclusion and exclusion lists for both annotations and labels.

I've kept the default behaviour whereby if only labels_prefix or annotations_prefix is specified all labels or annotations are copied.

The inclusion and exclusion lists can then be used to only include specific labels/annotations or exclude specific labels/annotations.

[jpinsonneau]

Maybe to ensure those are not too verbose we could add extra options such as labels_max_len / annotations_max_len and either truncate or drop the data when exceeded ?

Appart from that it looks good to me 😄

[jotak]

@awprice can you rebase? I've just merge #1117 that should address the linter failure

[awprice]

@awprice can you rebase? I've just merge #1117 that should address the linter failure

👍 done!

[jotak]

cool,
/lgtm

@jpinsonneau 's comment #1115 (comment) still stands, although I don't think it's absolutely mandatory, at this point it's up to you if you want to implement that as a safe-guard against too long data.

BTW I wonder how prometheus handles it if someone has the audacious idea to use that as a metric label, and very long values comes in. I'd say it's the user responsibility to use only well known and bounded keys as prom labels, anyway.

[memodi]

/test ?

[openshift-ci]

@memodi: The following commands are available to trigger required jobs:

/test flp-node-density-heavy-25nodes

/test images

The following commands are available to trigger optional jobs:

/test qe-e2e-tests

Use /test all to run the following jobs that were automatically triggered:

pull-ci-netobserv-flowlogs-pipeline-main-images

pull-ci-netobserv-flowlogs-pipeline-main-qe-e2e-tests

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[memodi]

/test pull-ci-netobserv-flowlogs-pipeline-main-qe-e2e-tests

[openshift-ci]

@memodi: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test flp-node-density-heavy-25nodes

/test images

The following commands are available to trigger optional jobs:

/test qe-e2e-tests

Use /test all to run the following jobs that were automatically triggered:

pull-ci-netobserv-flowlogs-pipeline-main-images

pull-ci-netobserv-flowlogs-pipeline-main-qe-e2e-tests

In response to this:

/test pull-ci-netobserv-flowlogs-pipeline-main-qe-e2e-tests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[awprice]

@jotak / @jpinsonneau No problem to implement the safe guard - just to clarify, this would be a max length on the annotation/label value?

[jpinsonneau]

@jotak / @jpinsonneau No problem to implement the safe guard - just to clarify, this would be a max length on the annotation/label value?

Yes exactly @awprice.

I'm in favor of truncating the values when the max lengh is exceeded with an elipsis at the end. We can make it optionnal to be as flexible as possible.

Thoughts ?

[jotak]

For info the failed test is a known issue not related to this PR

[github-actions]

New image:
quay.io/netobserv/flowlogs-pipeline:c88e6fe

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=c88e6fe make set-flp-image

[openshift-ci]

@awprice: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/qe-e2e-tests	acac459	link	false	/test qe-e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jotak]

hey @awprice ,
I plan to release flowlogs-pipeline 1.10.0 probably today / tomorrow, should I wait for this PR or not?
If not, don't worry we can also re-release a 1.10.1 after it's merged (or perhaps you don't even need a released version)

[awprice]

hey @awprice , I plan to release flowlogs-pipeline 1.10.0 probably today / tomorrow, should I wait for this PR or not? If not, don't worry we can also re-release a 1.10.1 after it's merged (or perhaps you don't even need a released version)

Feel free to make a release, I've yet to find the time to address the feedback, we don't need a release either :)