Logging all TCP connections to kubelet. How?

11/18/2019

I'd like to see all connections made to kubelet VM.


I have a Service Type=NodePort installed in GKE cluster, and this particular node port exposed in my firewall. The service is working perfectly fine. Now, I want to gather logs about TCP connections made to the service. In particular, I'm interested in auditing IPs of clients who connect to it.

According to "Firewall Rules Logging overview", I've enabled the logging using gcloud:

gcloud compute firewall-rules update my-firewall-rule --enable-logging

After forcing a TCP connection to the port and fetching the logs (via command below), I don't see any TCP connections listed – I only see two logged operations, both related to me running gcloud command above:

gcloud logging read 'resource.type="gce_firewall_rule"' --format=json

Am I missing anything?

Update. Some further details:

  • "GCE Subnetwork" in "Logging > Logs ingestion" is enabled

  • Looking under VM logs doesn't reveal any logs either:

    gcloud logging read 'resource.type="gce_instance" resource.labels.instance_id="0000000000000000000"' --format=json 

    (all zeros is not a real ID here)

  • I am not using a legacy network

-- gmile
firewall
google-compute-engine
google-kubernetes-engine
logging

1 Answer

11/20/2019

It seems you want to see the logs for the firewall. So you can use the "gce_subnetwork" as the resource type:

$gcloud beta logging read 'resource.type="gce_subnetwork"

-- Jason
Source: StackOverflow