Skip to main content
Version: 3.19 (latest)

calicoctl captured-packets

This section describes the calicoctl captured-packets command.

Read the calicoctl command line interface user reference for a full list of calicoctl commands.

Displaying the help text for 'calicoctl captured-packets' command

Run calicoctl captured-packets --help to display the following help menu for the command.

Usage:
calicoctl captured-packets ( copy | clean ) <NAME>
[--config=<CONFIG>] [--namespace=<NS>] [--all-namespaces] [--dest=<DEST>]

Examples:
# Copies capture files for packet capture from default namespace in the current directory.
calicoctl captured-packets copy my-capture
# Delete capture files for packet capture from default namespace still left on the system
calicoctl captured-packets clean my-capture

Options:
-n --namespace=<NS> Namespace of the packet capture.
Uses the default namespace if not specified. [default: default]
-a --all-namespaces If present, list the requested packet capture(s) across all namespaces.
-d --dest=<DEST> If present, uses the directory specified as the destination. [default: .]
-h --help Show this screen.
-c --config=<CONFIG> Path to the file containing connection configuration in
YAML or JSON format.
[default: /etc/calico/calicoctl.cfg]

Description:
Commands for accessing Capture related information.

See 'calicoctl captured-packets <command> --help' to read about a specific subcommand.

Configure RBAC for calicoctl

To authorize users to copy/clean captures files via calicoctl captured-packets, the following cluster role and cluster role binding can be used:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: calicoctl-captured-packets
rules:
- apiGroups: ['crd.projectcalico.org']
resources: ['felixconfigurations']
verbs: ['get', 'list']
- apiGroups: ['']
resources: ['pods']
verbs: ['get', 'list']
- apiGroups: ['']
resources: ['pods/exec']
verbs: ['create']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calicoctl-captured-packets
subjects:
- kind: User
name: dave
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: calicoctl-captured-packets
apiGroup: rbac.authorization.k8s.io

Examples of 'calicoctl captured-packets' command

  1. Copy capture files generated by PacketCapture my-capture from namespace default.

    calicoctl captured-packets copy my-capture

    Results indicate that capture files generated by default/my-capture were successfully copied to the current directory.

    Copy capture files for default/my-capture to .
  2. Copy capture files generated by PacketCapture my-capture from namespace default to /tmp.

    calicoctl captured-packets copy my-capture --destination /tmp

    Results indicate that capture files generated by default/my-capture were successfully copied to /tmp directory.

    Copy capture files for default/my-capture to /tmp
  3. Copy capture files generated by PacketCapture my-capture from namespace my-namespace.

    calicoctl captured-packets copy my-capture --namespace my-namespace

    Results indicate that capture files generated by my-namespace/my-capture were successfully copied to the current directory.

    Copy capture files for my-namespace/my-capture to .
  4. Copy capture files generated by PacketCapture my-capture from all namespaces.

    calicoctl captured-packets copy my-capture --all-namespaces

    Results indicate that capture files generated by my-namespace/my-capture and default/my-capture were successfully copied to the current directory.

    Copy capture files for my-namespace/my-capture to .
    Copy capture files for default/my-capture to .
  5. Clean capture files generated by PacketCapture my-capture from namespace my-namespace.

    calicoctl captured-packets clean my-capture --namespace my-namespace

    Results indicate that capture files generated by my-namespace/my-capture were successfully deleted.

    Clean capture files for my-namespace/my-capture
  6. Clean capture files generated by PacketCapture my-capture from all namespaces.

    calicoctl captured-packets clean my-capture --all-namespaces

    Results indicate that capture files generated by my-namespace/my-capture and default/my-capture were successfully cleaned.

    Clean capture files for my-namespace/my-capture to .
    Clean capture files for default/my-capture to .

Setting the log level

  -l --log-level=<level>  Set the log level (one of panic, fatal, error,
warn, info, debug) [default: panic]
calicoctl -l debug captured-packets copy my-capture

Options

  -n --namespace=<NS>      Namespace of the packet capture.
Uses the default namespace if not specified. [default: default]
-a --all-namespaces If present, list the requested packet capture(s) across all namespaces.
-d --dest=<DEST> If present, uses the directory specified as the destination. [default: .]

General options

  -h --help                Show this screen.
-c --config=<CONFIG> Path to the file containing connection configuration in
YAML or JSON format.
[default: ` + constants.DefaultConfigPath + `]

See also