Hide Forgot
As an OpenShift admin I need a historical record of all pod connections to nonlocal IPs for security audits. I'd like to configure SDN logging to reveal information regarding: {time, ip, port} <--> {pod}. Required info: {time, ip, port} of ant pod that generates a nonlocal connection Requested on behalf of customer.
We are unlikely to add something specifically for this soon; however, you can do this yourself. On each node you can add iptables rules to log the packets for all outgoing pod connections. However, be very careful when working with iptables because OpenShift relies on them being set up correctly, and it is easy to break OpenShift networking by changing the chains too much. If you add a NFLOG entry to the top of the POSTROUTING chain to log all traffic leaving the cluster. You can restrict the source to the pod sdn if you just want to log that traffic. Then you need to run ulogd on each node to gather the logged information, and that can send it to syslog, and then you could have your syslog configured to forward just the packet information to a remote server where you could collect all the info. The problem is that it will be logged by pod IP, so you would need to have something that could translate that back to the pod name. You would need to do that in real-time because the pods come and go, so determining the IP address used at a point in time can be tricky. See also: - Ulogd man page: http://www2.kangran.su/~nnz/pub/nf-doc/ulogd2/ - ULOG vs. NFLOG: http://unix.stackexchange.com/questions/138135/whats-the-difference-between-ulog-and-nflog