How to add iptables logging rules using calico ?

[codecap]

Hi Guys,

nice project! I would like to try it out in my environment, but have now troubles configuring iptables LOG rule.

We use calico for networking, calico default setting are to insert iptables rules before any host ones and to check it regularly, so after we configure needed rules manually, calico pushes them to the end or even removes the rules... anyways nothing is being logged.

So how should iptables logging rules be added using calico?

It might be a good idea to better document it ?

Kind regards,
Vlad

[mtparet]

Hi Codecap,

We had same questions and we built a helm chart which ease the installation/configuration.
https://github.com/honestica/lifen-charts/blob/master/kube-iptables-tailer/README.md

This chart include setup for calico loggin https://github.com/honestica/lifen-charts/blob/master/kube-iptables-tailer/templates/networkpolicy-loggin-calico.yml

If you have any questions, do not hesitate to open isssue and contribute :)

[codecap]

nice @mtparet 👍,

why not to merge your work into the parent repository?

[mtparet]

Yes if @dilyar85 wish also to maintain the chart, we could merge into the parent repository.

[dilyar85]

Hi @mtparet,

Honestly I am not an expert to Helm, but feel free to push a PR with your chart. I would love to review it and merge to this repo if it helps people like @codecap to set up calico logging easily. Thanks in advance.