IBM Cloud Docs
Enabling Flow Logs for VPC cluster components

Enabling Flow Logs for VPC cluster components

Virtual Private Cloud

You can configure IBM Cloud Flow Logs for VPC to gather information about the traffic entering or leaving your VPC cluster worker nodes. Flow logs are stored in an IBM Cloud Object Storage instance and can be used for troubleshooting purposes, adhering to compliance regulations, and more. For more information about Flow Logs for VPC, see Flow logs use cases.

When you use Flow Logs for VPC with a Kubernetes Service VPC cluster, you can enable flow logs at the VPC level, or at the VPC subnet or VPC load balancer level. You cannot specify which worker nodes to gather flow logs for. However, you can review the flow log output to identify information that is specific to the worker nodes you want to investigate.

Configuring a flow log collector

To configure flow logs at the VPC, VPC subnet, or VPC load balancer level, see Creating a flow log collector in the VPC documentation.

To enable flow logs, you must have an IBM Cloud Object Storage instance with a single-region bucket that is in the same region as the VPC resource you are monitoring.

Viewing worker node flow logs

Your Flow Logs for VPC gathers information from the VPC, VPC subnet, or VPC load balancer level. However, you can use the flow logs to gather information that is specific to your worker nodes. Separate flow log files are created for ingress and egress traffic.

  1. In the CLI, find the ibm-cloud.kubernetes.io/instance-id label value for the worker node.
    kubectl describe node <worker_node_ip> | grep instance-id
    
    Example output
    ibm-cloud.kubernetes.io/instance-id=1010_a1aa1010-a1a0-1010-a1aa-aa1a1-a1-aa1
    
  2. In the IBM Cloud UI, click your IBM Cloud Object Storage instance in the Resource list.
  3. Click the bucket where your flow logs are collected.
  4. Download and decompress the flow log object.
  5. Open the file and navigate through the file directory until you reach directories that begin with instance-id=.
  6. Find the file directory that contains the instance ID found in the first step. The ID is included at the end of the file directory name. Example.
    `instance-id=crn%3AV1%...%3Ainstance%3A1010_a1aa1010-a1a0-1010-a1aa-aa1a1-a1-aa1
    
  7. In the instance=id= directory, locate the record-type=ingress and record-type=egress files. Your ingress and egress traffic logs are located here.