Skip to content

Commit

Permalink
Add Log Label to Audit Logging
Browse files Browse the repository at this point in the history 
Antrea native policies support firewall rule logs. Adding a rule
label to the log allows convenient post-processing of the logs
like grepping the same log labels.

This feature adds a field "logLabel" to the CRDs, which will be
printed in the logs and exported to flow records. "logLabel"
defaults to empty value.

Fixes #4652

Signed-off-by: Qiyue Yao <yaoq@vmware.com>
  • Loading branch information
@qiyueyao
qiyueyao committed May 17, 2023
1 parent 27543af commit 3278d6c
Show file tree
Hide file tree
Showing 38 changed files with 658 additions and 308 deletions.
6 changes: 6 additions & 0 deletions build/charts/antrea/crds/clusternetworkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -645,6 +648,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
6 changes: 6 additions & 0 deletions build/charts/antrea/crds/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -559,6 +562,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1023,6 +1026,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1877,6 +1883,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2110,6 +2119,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea-crds.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -754,6 +754,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1016,6 +1019,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1858,6 +1864,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2091,6 +2100,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea-eks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1023,6 +1026,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1877,6 +1883,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2110,6 +2119,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea-gke.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1023,6 +1026,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1877,6 +1883,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2110,6 +2119,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea-ipsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1023,6 +1026,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1877,6 +1883,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2110,6 +2119,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
12 changes: 12 additions & 0 deletions build/yamls/antrea.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -1023,6 +1026,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down Expand Up @@ -1877,6 +1883,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
egress:
type: array
items:
Expand Down Expand Up @@ -2110,6 +2119,9 @@ spec:
type: string
enableLogging:
type: boolean
logLabel:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$"
status:
type: object
properties:
Expand Down
Loading

0 comments on commit 3278d6c

Please sign in to comment.