box/kube-iptables-tailer box/kube-iptables-tailer

  • Stars
    star
    538
  • Rank 79,362 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 5 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
box/kube-iptables-tailer
github

box

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A service for better network visibility for your Kubernetes clusters.

kube-iptables-tailer

Project Status Build Status

kube-iptables-tailer is a service that gives you better visibility on networking issues in your Kubernetes cluster by detecting the traffic denied by iptables and surfacing corresponding information to the affected Pods via Kubernetes events.

kube-iptables-tailer itself runs as a Pod in your cluster, and it keeps watching changes on iptables log file mounted from the host. If traffic from/to a Pod is denied by your iptables rules, iptables will drop the packet and record a log entry on the host with relevant information. kube-iptables-tailer is able to detect these changes, and then it will try locating both the senders and receivers (as running Pods in your cluster) by their IPs. For IPs that do not match any Pods in your cluster, a DNS lookup will be performed to get subjects involved in the packet drops.

As the result, kube-iptables-tailer will submit an event in nearly real-time to the Pod located successfully inside your cluster. The Pod owners can thence be aware of iptables packet drops simply by running the following command:

$ kubectl describe pods --namespace=YOUR_NAMESPACE

...
Events:
  FirstSeen   LastSeen    Count   From                    Type          Reason          Message
  ---------   --------	  -----	  ----                    ----          ------          -------
  1h          5s          10      kube-iptables-tailer    Warning       PacketDrop      Packet dropped when receiving traffic from example-service-2 (22.222.22.222) on port 5678/TCP.

  3h          2m          5       kube-iptables-tailer    Warning       PacketDrop      Packet dropped when sending traffic to example-service-1 (11.111.11.111) on port 1234/TCP.

NOTE: Content under the sections From, Reason, and Message showing in the above output can be configured in your container spec file. Please refer to the corresponding environment variables below for a more detailed explanation.

Requirements

Installation

Download the source code package:

$ git clone [email protected]:box/kube-iptables-tailer.git

Build the container from the source code (make sure you have Docker running):

$ cd <path-to-the-source-code>
$ make container

Usage

Setup iptables Log Prefix

kube-iptables-tailer uses log-prefix defined in your iptables chains to parse the corresponding packet dropped logs. You can set up the log-prefix by executing the following command (root permission might be required):

$ iptables -A CHAIN_NAME -j LOG --log-prefix "EXAMPLE_LOG_PREFIX: "

Any packets dropped by this chain will be logged containing the given log prefix: 2019-02-04T10:10:12.345678-07:00 hostname EXAMPLE_LOG_PREFIX: SRC=SOURCE_IP DST=DESTINATION_IP ... For more information on iptables command, please refer to this Linux man page.

Mounting iptables Log File

The parent directory of your iptables log file needs to be mounted for kube-iptables-tailer to handle log rotation properly. The service could not get updated content after the file is rotated if you only mount the log file. This is because files are mounted into the container with specific inode numbers, which remain the same even if the file names are changed on the host (usually happens after rotation). kube-iptables-tailer also applies a fingerprint for the current log file to handle log rotation as well as avoid reading the entire log file every time when its content get updated.

Container Spec

We suggest running kube-iptables-tailer as a Daemonset in your cluster. An example of YAML spec file can be found in demo/.

Environment Variables

Required:

  • IPTABLES_LOG_PATH or JOURNAL_DIRECTORY: (string) Absolute path to your iptables log file, or journald directory including the full path.
  • IPTABLES_LOG_PREFIX: (string) Log prefix defined in your iptables chains. The service will only handle the logs matching this log prefix exactly.

Optional:

  • KUBE_API_SERVER: (string) Address of the Kubernetes API server. By default, the discovery of the API server is handled by kube-proxy. If kube-proxy is not set up, the API server address must be specified with this environment variable. Authentication to the API server is handled by service account tokens. See Accessing the Cluster for more info.
  • KUBE_EVENT_DISPLAY_REASON: (string, default: PacketDrop) A brief and UpperCamelCase formatted text showing under the Reason section in the event sent from this service.
  • KUBE_EVENT_SOURCE_COMPONENT_NAME: (string, default: kube-iptables-tailer) A name showing under the From section to indicate the source of the Kubernetes event.
  • METRICS_SERVER_PORT: (int, default: 9090) Port for the service to host its metrics.
  • PACKET_DROP_CHANNEL_BUFFER_SIZE: (int, default: 100) Size of the channel for existing items to handle. You may need to increase this value if you have a high rate of packet drops being recorded.
  • PACKET_DROP_EXPIRATION_MINUTES: (int, default: 10) Expiration of a packet drop in minutes. Any dropped packet log entries older than this duration will be ignored.
  • REPEATED_EVENTS_INTERVAL_MINUTES: (int, default: 2) Interval of ignoring repeated packet drops in minutes. Any dropped packet log entries with the same source and destination will be ignored if already submitted once within this time period.
  • WATCH_LOGS_INTERVAL_SECONDS: (int, default: 5) Interval of detecting log changes in seconds.
  • POD_IDENTIFIER: (string, default: namespace) How to identify pods in the logs. name, label, namespace or name_with_namespace are currently supported. If label, uses the value of the label key specified by POD_IDENTIFIER_LABEL.
  • POD_IDENTIFIER_LABEL: (string) Pod label key with which to identify pods if POD_IDENTIFIER is set to label. If this label doesn't exist on the pod, the pod name is used instead.
  • PACKET_DROP_LOG_TIME_LAYOUT: (string) Golang Time layout used to parse the log time
  • LOG_LEVEL: (string, default: info) Log level. debug, info, warn, error are currently supported.

Metrics

Metrics are implemented by Prometheus, which are hosted on the web server at /metrics. The metrics have a name packet_drops_count and counter with the following tags:

  • src: The namespace of sender Pod involved with a packet drop.
  • dst: The namespace of receiver Pod involved with a packet drop.

Logging

Logging uses the zap library to provide a structured log output.

Contribution

All contributions are welcome to this project! Please review our contributing guidelines to facilitate the process of your contribution getting mereged.

Support

Need to contact us directly? Email [email protected] and be sure to include the name of this project in the subject.

Copyright and License

Copyright 2019 Box, Inc. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

spout

Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
PHP
4,194
star
2

t3js

DEPRECATED - A minimal component-based JavaScript framework
JavaScript
1,560
star
3

Anemometer

Box SQL Slow Query Monitor
JavaScript
1,369
star
4

kube-applier

kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
Go
627
star
5

box-ui-elements

React Components for Box's Design System and Pluggable Components
JavaScript
532
star
6

box-python-sdk

Box SDK for Python
Python
407
star
7

mojito

An automation platform that enables continuous localization.
Java
354
star
8

flaky

Plugin for nose or pytest that automatically reruns flaky tests.
Python
347
star
9

viewer.js

A viewer for documents converted with the Box View API
JavaScript
335
star
10

stalker

A jQuery plugin allowing elements to follow the user as they scroll a page.
JavaScript
227
star
11

boxcli

A command line interface for interacting with the Box API.
JavaScript
197
star
12

box-windows-sdk-v2

Windows SDK for v2 of the Box API. The SDK is built upon .NET Framework 4.5
C#
186
star
13

ClusterRunner

ClusterRunner makes it easy to parallelize test suites across your infrastructure in the fastest and most efficient way possible.
Python
180
star
14

box-node-sdk

A Javascript interface for interacting with the Box API. You can find the node package at
JavaScript
177
star
15

augmented_types

A PHP extension to enforce parameter and return type annotations
C++
166
star
16

bart

A collection of our critical PHP tools
PHP
163
star
17

box-java-sdk

The Box SDK for Java.
Java
153
star
18

memsniff

A tool for recording and displaying statistics on memcached traffic written in golang.
Go
143
star
19

genty

Genty, pronounced "gen-tee", stands for "generate tests". It promotes generative testing, where a single test can execute over a variety of input.
Python
119
star
20

box-ios-sdk

iOS SDK for the Box Content API
Swift
117
star
21

kube-exec-controller

An admission controller service and kubectl plugin to handle container drift in K8s clusters
Go
109
star
22

RainGauge

RainGauge
JavaScript
107
star
23

leche

DEPRECATED - Testing extensions for Mocha and Sinon
JavaScript
103
star
24

box-content-preview

JavaScript library for rendering files stored on Box
JavaScript
100
star
25

box-openapi

OpenAPI 3.0 Specification for the Box APIs
JavaScript
92
star
26

rotunicode

Python library for converting between a string of ASCII and Unicode chars maintaining readability
Python
77
star
27

brainy

A faster, safer templating library for PHP
PHP
66
star
28

mysqlutilities

Box's MySQL Utilities
Shell
65
star
29

samples

Code snippets and samples to demonstrate how to get the most out of the Box platform & API
JavaScript
64
star
30

box-android-sdk

Java
62
star
31

box-android-apptoapp-sdk

This SDK supports Box OneCloud integrations on Android that handle file ‘roundtrips’. That is, it enables file open-edit-save scenarios between the Box app and partner apps without the need for partner apps to authenticate a Box user independently.
Java
57
star
32

box-salesforce-sdk

This is the Salesforce SDK for integrating with the Box Platform.
Apex
53
star
33

fast_assert

PHP
37
star
34

StatusWolf

Configurable operations dashboard designed to bring together the disparate datasources that operations teams need to manage and present them in a flexible and beautiful way.
PHP
36
star
35

shmock

SHorthand for MOCKing in PHPUnit
PHP
34
star
36

Makefile.test

A makefile used for running test executables
Python
32
star
37

error-reporting-with-kubernetes-events

A demonstration of how Box utilizes Kubernetes CustomResourceDefinitions and Events
Go
32
star
38

box-skills-kit-nodejs

Official toolkit library and boilerplate code for developing Box Skills.
JavaScript
27
star
39

shalam

DEPRECATED - A friendly tool for CSS spriting
JavaScript
25
star
40

developer.box.com

Box Developer Documentation - Content & Configuration
JavaScript
23
star
41

box-ios-browse-sdk

Objective-C
18
star
42

wavectl

Command Line Client For Wavefront
Python
18
star
43

box-ios-preview-sdk

Box iOS Preview SDK
Swift
17
star
44

clusterrunner-javascript-sdk

ClusterRunner JavaScript SDK that works in both node and browsers
HTML
16
star
45

box-ui-elements-demo

Demo react app for UI Elements
JavaScript
14
star
46

box-python-sdk-gen

Repository for generated Box Python SDK
Python
14
star
47

sdks

SDKs, CLI and other tools for using Box Platform
14
star
48

box-android-preview-sdk

Box Android Preview SDK
Java
13
star
49

box-android-browse-sdk

Java
12
star
50

hdrCompressor

Tool for saving HDR file as RGBM, RGBD, RGBE or LogLuv TGA file.
C
12
star
51

box-typescript-sdk-gen

Repository for generated Box TS SDK
TypeScript
11
star
52

box-annotations

JavaScript library for annotations on files rendered with Box Content Preview
TypeScript
11
star
53

etcdb

Etcd PEP 249 driver.
Python
10
star
54

box-content-preview-demo

Demo React App using the Preview UI Element
JavaScript
8
star
55

box-postman

The official Box Postman Collection
JavaScript
7
star
56

verold.github.io

Verold developer docs and tutorials
JavaScript
5
star
57

box-ios-share-sdk

Objective-C
4
star
58

box-windows-metadata-sdk-v2

Box Metadata C# SDK Plugin
C#
4
star
59

box-dotnet-sdk-gen

Repository for Box .NET autogenerated SDK
C#
4
star
60

uploaders

Write your own custom uploader to send 3D models/textures to Verold Studio.
4
star
61

homebrew-mojito

Homebrew tap for Box/mojito
Ruby
3
star
62

box-developer-changelog

Box Developer Changelog
JavaScript
3
star
63

box-java-sdk-samples

Sample apps for the Box Java SDK.
Java
2
star
64

box-languages

Languages used by other box projects
JavaScript
2
star
65

box-android-share-sdk

Java
2
star
66

puppet-clusterrunner

Installs ClusterRunner using Puppet
Puppet
2
star
67

cla

Landing page for CLA Agreements
1
star