Set up NetworkPolicies logging
Duration: 5 min | Persona: Platform Admin
In this section, you will set up the NetworkPolicies
logging in order to get more insights about the logs generated by the denied or allowed requests controlled by NetworkPolicies
thanks to the GKE Dataplane V2 feature.
Define variables:
WORK_DIR=~/
source ${WORK_DIR}acm-workshop-variables.sh
Define Network Policy logging
cat <<EOF > ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/networkpolicies-logging.yaml
kind: NetworkLogging
apiVersion: networking.gke.io/v1alpha1
metadata:
name: default
spec:
cluster:
allow:
log: false
delegate: false
deny:
log: true
delegate: false
EOF
Deploy Kubernetes manifests
cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/
git add . && git commit -m "NetworkPolicies logging" && git push origin main
Check deployments
List the Kubernetes resources managed by Config Sync in GKE cluster for the GKE cluster configs repository:
Run this command and click on this link:
echo -e "https://console.cloud.google.com/kubernetes/config_management/packages?project=${TENANT_PROJECT_ID}"
Wait until you see the Sync status
column as Synced
and the Reconcile status
column as Current
.
Run this command:
gcloud alpha anthos config sync repo describe \
--project $TENANT_PROJECT_ID \
--managed-resources all \
--sync-name root-sync \
--sync-namespace config-management-system
Wait and re-run this command above until you see "status": "SYNCED"
.
List the GitHub runs for the GKE cluster configs repository:
cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME && gh run list