antrea
antrea copied to clipboard
Add netpolicy rule name field to netpolicy logs
Currently we can give names to the rules inside a netpolicy spec. Eg:
apiVersion: crd.antrea.io/v1alpha1
kind: ClusterNetworkPolicy
metadata:
name: test-rule
spec:
priority: 1
tier: Emergency
appliedTo:
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
egress:
- name: allow-inside-same-namespace <<<<<<<<<<<<<<<< NAME
action: Allow
enableLogging: true
to:
- namespaces:
match: Self
- name: allow-dns-out <<<<<<<<<<<<<<< NAME
action: Allow
enableLogging: true
to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- protocol: UDP
port: 53
But in netpolicy logs, that name is not used at all
2022/07/08 22:41:36.346434 AntreaPolicyEgressRule AntreaClusterNetworkPolicy:test-rule Allow 54960 10.111.2.20 42626 8.8.8.8 53 UDP 60
It would be pretty useful if we had the rule name too. Sometimes one has a big spec file with several rules and it is hard to know which one matched that traffic.
@qiyueyao any thoughts on this? :)