antrea icon indicating copy to clipboard operation
antrea copied to clipboard

Published 20 hours ago verified publisher icon antrea-io

Add netpolicy rule name field to netpolicy logs

Open jsalatiel opened this issue 1 year ago • 1 comments

Currently we can give names to the rules inside a netpolicy spec. Eg:

apiVersion: crd.antrea.io/v1alpha1
kind: ClusterNetworkPolicy
metadata:
  name: test-rule
spec:
    priority: 1
    tier: Emergency
    appliedTo:
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: kube-system
    egress:
    - name: allow-inside-same-namespace <<<<<<<<<<<<<<<< NAME
      action: Allow
      enableLogging: true
      to:
      - namespaces:
          match: Self

    - name: allow-dns-out        <<<<<<<<<<<<<<< NAME
      action: Allow
      enableLogging: true
      to:
      - ipBlock:
          cidr: 0.0.0.0/0
      ports:
      - protocol: UDP
        port: 53

But in netpolicy logs, that name is not used at all

2022/07/08 22:41:36.346434 AntreaPolicyEgressRule AntreaClusterNetworkPolicy:test-rule Allow 54960 10.111.2.20 42626 8.8.8.8 53 UDP 60

It would be pretty useful if we had the rule name too. Sometimes one has a big spec file with several rules and it is hard to know which one matched that traffic.

jsalatiel avatar Jul 08 '22 22:07 jsalatiel

@qiyueyao any thoughts on this? :)

jsalatiel avatar Aug 05 '22 08:08 jsalatiel