monitor all dropped packets

Run cilium monitor with the --type=drop filter to see dropped packets. Run it inside a pod (cilium-8nslj) that exists in a namespace (cilium).

kubectl exec -n cilium -it cilium-8nslj -- cilium monitor --type=drop

full monitor output looks like

<- host flow 0xe8c0f481 identity 1->0 state new ifindex 0: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
-> overlay flow 0xe8c0f481 identity 1->0 state new ifindex cilium_vxlan: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
<- overlay flow 0x2c1f7b1a identity 0->0 state new ifindex cilium_vxlan: 10.12.16.238:2379 -> 10.12.17.1:59950 tcp ACK
<- overlay flow 0x2c1f7b1a identity 0->0 state new ifindex cilium_vxlan: 10.12.16.238:2379 -> 10.12.17.1:59950 tcp ACK
<- host flow 0xe8c0f481 identity 1->0 state new ifindex 0: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
-> overlay flow 0xe8c0f481 identity 1->0 state new ifindex cilium_vxlan: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
<- host flow 0xe8c0f481 identity 1->0 state new ifindex 0: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
-> overlay flow 0xe8c0f481 identity 1->0 state new ifindex cilium_vxlan: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
<- overlay flow 0x2c1f7b1a identity 0->0 state new ifindex cilium_vxlan: 10.12.16.238:2379 -> 10.12.17.1:59950 tcp ACK
<- host flow 0xe8c0f481 identity 1->0 state new ifindex 0: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK
-> overlay flow 0xe8c0f481 identity 1->0 state new ifindex cilium_vxlan: 10.12.17.1:59950 -> 10.12.16.238:2379 tcp ACK

list cilium endpoints, their Identity, and their enforcement state for ingress and egress.

➜ kubectl get ciliumendpoints --all-namespaces
NAMESPACE NAME ENDPOINT ID IDENTITY ID INGRESS ENFORCEMENT EGRESS ENFORCEMENT ENDPOINT STATE IPV4 IPV6
cilium cilium-etcd-pznqmnssr5 3118 101 true true ready 10.12.16.88
cilium cilium-etcd-wwnxc4drjz 2421 101 true true ready 10.12.16.238
cilium cilium-operator-59bfdd7b7f-bvgsw 332 105 true true ready 10.12.16.107
default shell-demo 3066 63904 false false ready 10.12.18.37
kube-system fluentd-gcp-scaler-8b674f786-kwnlh 395 56723 true true ready 10.12.16.250
kube-system heapster-v1.6.0-beta.1-7c7c5b8cbf-wtqtb 162 27422 true true ready 10.12.16.108

Automatic Log Collection

Dumps everything

curl -sLO releases.cilium.io/tools/cluster-diagnosis.zip
python cluster-diagnosis.zip sysdump