calicoctl captured-packets

This section describes the calicoctl captured-packets command.

Read the calicoctl command line interface user reference for a full list of calicoctl commands.

Displaying the help text for 'calicoctl captured-packets' command

Run calicoctl captured-packets --help to display the following help menu for the command.

Usage:
  calicoctl captured-packets ( copy | clean ) <NAME>
                [--config=<CONFIG>] [--namespace=<NS>] [--all-namespaces] [--dest=<DEST>]

Examples:
  # Copies capture files for packet capture from default namespace in the current directory.
  calicoctl captured-packets copy my-capture
  # Delete capture files for packet capture from default namespace still left on the system
  calicoctl captured-packets clean my-capture

Options:
  -n --namespace=<NS>      Namespace of the packet capture.
                           Uses the default namespace if not specified. [default: default]
  -a --all-namespaces      If present, list the requested packet capture(s) across all namespaces.
  -d --dest=<DEST>         If present, uses the directory specified as the destination. [default: .]
  -h --help                Show this screen.
  -c --config=<CONFIG>     Path to the file containing connection configuration in
                           YAML or JSON format.
                           [default: /etc/calico/calicoctl.cfg]

Description:
  Commands for accessing Capture related information.

  See 'calicoctl captured-packets <command> --help' to read about a specific subcommand.

Configure RBAC for calicoctl

To authorize users to copy/clean captures files via calicoctl captured-packets, the following cluster role and cluster role binding can be used:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: calicoctl-captured-packets
rules:
  - apiGroups: ['crd.projectcalico.org']
    resources: ['felixconfigurations']
    verbs: ['get', 'list']
  - apiGroups: ['']
    resources: ['pods']
    verbs: ['get', 'list']
  - apiGroups: ['']
    resources: ['pods/exec']
    verbs: ['create']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: calicoctl-captured-packets
subjects:
  - kind: User
    name: dave
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: calicoctl-captured-packets
  apiGroup: rbac.authorization.k8s.io

Examples of 'calicoctl captured-packets' command

1. Copy capture files generated by PacketCapture my-capture from namespace default.

   calicoctl captured-packets copy my-capture

   Results indicate that capture files generated by default/my-capture were successfully copied to the current directory.

   Copy capture files for default/my-capture to .

2. Copy capture files generated by PacketCapture my-capture from namespace default to /tmp.

   calicoctl captured-packets copy my-capture --destination /tmp

   Results indicate that capture files generated by default/my-capture were successfully copied to /tmp directory.

   Copy capture files for default/my-capture to /tmp

3. Copy capture files generated by PacketCapture my-capture from namespace my-namespace.

   calicoctl captured-packets copy my-capture --namespace my-namespace

   Results indicate that capture files generated by my-namespace/my-capture were successfully copied to the current directory.

   Copy capture files for my-namespace/my-capture to .

4. Copy capture files generated by PacketCapture my-capture from all namespaces.

   calicoctl captured-packets copy my-capture --all-namespaces

   Results indicate that capture files generated by my-namespace/my-capture and default/my-capture were successfully copied to the current directory.

   Copy capture files for my-namespace/my-capture to .
   Copy capture files for default/my-capture to .

5. Clean capture files generated by PacketCapture my-capture from namespace my-namespace.

   calicoctl captured-packets clean my-capture --namespace my-namespace

   Results indicate that capture files generated by my-namespace/my-capture were successfully deleted.

   Clean capture files for my-namespace/my-capture

6. Clean capture files generated by PacketCapture my-capture from all namespaces.

   calicoctl captured-packets clean my-capture --all-namespaces

   Results indicate that capture files generated by my-namespace/my-capture and default/my-capture were successfully cleaned.

   Clean capture files for my-namespace/my-capture to .
   Clean capture files for default/my-capture to .

Setting the log level

  -l --log-level=<level>  Set the log level (one of panic, fatal, error,
                          warn, info, debug) [default: panic]

calicoctl -l debug captured-packets copy my-capture

Options

  -n --namespace=<NS>      Namespace of the packet capture.
                           Uses the default namespace if not specified. [default: default]
  -a --all-namespaces      If present, list the requested packet capture(s) across all namespaces.
  -d --dest=<DEST>         If present, uses the directory specified as the destination. [default: .]

General options

  -h --help                Show this screen.
  -c --config=<CONFIG>     Path to the file containing connection configuration in
                           YAML or JSON format.
                           [default: ` + constants.DefaultConfigPath + `]

See also

• Installing calicoctl
• Resources for details on all valid resources, including file format and schema