I am new to Kubernetes NetworkPolicy and the Network plugin calico.
I have successfully implemented calico in my Kubernetes cluster:
[root@node1 ~]# kubectl get po --all-namespaces -o wide | grep calico
kube-system calico-kube-controllers-5d8b5bc986-sllmk 1/1 Running
kube-system calico-node-4wk8f 1/1 Running
kube-system calico-node-5kz99 1/1 Running
kube-system calico-node-bfk9w 1/1 Running
kube-system calico-node-f2tb2 1/1 Running
kube-system calico-node-hrcf4 1/1 Running
kube-system calico-node-wvh8d 1/1 RunningI have also configured relevant network policies and they work perfectly fine.
The only only I am concerned about is logging. I am unable to find any logs that could tell me whether some request is being accepted or blocked.
Ive tried checking the logs of the calico-nodes-* pods but they do not provide any reasonable logs.
Are there any others logs that I can look at ?
You can inspect calico-node containers logs across your Kubernetes cluster within this path /var/log/calico, or it can be modified via --log-dir parameter used in calicoctl node run command, as described in this link.
However, if you want to observe logs along CNI Network, please visit this page.
I found it very helpful to log out events from Calico CNI using kubelet as target point and then collect them via systemd, besides you can specify a value for log_level parameter.
Kubernetes NetworkPolicy doesn't support logging, but Calico's native NetworkPolicy supports a "log" action that allows you to log packets to the system log.
Tigera's (disclaimer: I work for Tigera) commercial product, CNX, which is built on Calico offers additional auditing and compliance features so you might want to check that out.