K
Q

Logging all TCP connections to kubelet. How?

11/18/2019

I'd like to see all connections made to kubelet VM.

I have a Service Type=NodePort installed in GKE cluster, and this particular node port exposed in my firewall. The service is working perfectly fine. Now, I want to gather logs about TCP connections made to the service. In particular, I'm interested in auditing IPs of clients who connect to it.

According to "Firewall Rules Logging overview", I've enabled the logging using gcloud:

gcloud compute firewall-rules update my-firewall-rule --enable-logging

After forcing a TCP connection to the port and fetching the logs (via command below), I don't see any TCP connections listed – I only see two logged operations, both related to me running gcloud command above:

gcloud logging read 'resource.type="gce_firewall_rule"' --format=json

Am I missing anything?

Update. Some further details:

  • "GCE Subnetwork" in "Logging > Logs ingestion" is enabled

  • Looking under VM logs doesn't reveal any logs either:

    gcloud logging read 'resource.type="gce_instance" resource.labels.instance_id="0000000000000000000"' --format=json

    (all zeros is not a real ID here)

  • I am not using a legacy network

-- gmile
firewall
google-compute-engine
google-kubernetes-engine
logging

Similar Questions

How to configure multiple telegraf.service file to run multiple telegraf instances
while i'm trying to run below yaml file,i got one error as " mapping values are not allowed in this context at line 10 column 14"
Define ingress without the wildcard subdomain assigned to the Ingress Controller
How do I check if Velero is installed in my cluster?
Usage of command variable in Kubernetes Pod object

1 Answer

11/20/2019

It seems you want to see the logs for the firewall. So you can use the "gce_subnetwork" as the resource type:

$gcloud beta logging read 'resource.type="gce_subnetwork"

-- Jason
Source: StackOverflow