Compute Services

Kubernetes API Server Log Collection

Share this post:

Log collection CLI for the IBM Cloud Kubernetes Service

Kubernauts rejoice, you have a new tool in your Kubernetes arsenal! With the latest IBM Cloud Kubernetes Service CLI plug-in, you can collect your Kubernetes API server logs and drop them in an IBM Cloud Object Storage (COS) bucket. These API server logs are an invaluable resource because they record every request that passes through the Kubernetes API server. This means you can keep tabs on changes to resources like pod scheduling, deployments, and RBAC policies. You can use these logs to help secure your applications, monitor resource usage, and debug cluster issues. These logs do get rotated, so your first log collection might not include every log entry since the creation of your cluster. If there’s something that you’re actively monitoring, it’s a good idea to run this command periodically so you can capture snapshots.

Before you try it out

  1. Provision an instance of COS from the IBM Cloud catalog.
  2. Be sure that you have the Administrator IAM platform role for the cluster that you’re working with.
  3. Install the IBM Cloud Kubernetes Service CLI plug-in.
  4. Create a COS bucket through the GUI and generate HMAC Credentials for it.
    • In the Service Credentials tab of the Cloud Object Storage dashboard, click New Credential.
    • Give the HMAC credentials the Writer IAM role.
    • In the Add Inline Configuration Parameters field, specify {“HMAC”:true}.
  5. Note the COS endpoint from the Endpoint tab of the Cloud Object Storage dashboard.

Collecting Kubernetes API server master logs

  1. Using the IBM Cloud Kubernetes Service, log in and target the account, region, and resource group that your cluster is in.
    ibmcloud login
  2. Use the ibm cloud ks logging-collect command to get a snapshot of your master logs and drop them in your COS bucket.logging-collect
  3. Once submitted, you can check on the status of your log collection by running the ibmcloud ks logging-collect-status command.
    logging-collect-status command
  4. Log into the IBM Cloud UI and go to your COS instance. The end of the URL returned from the previous step contains the name of the file with your Kubernetes API server logs.
    Master Logs in COS

Contact us

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

IBM Cloud Containers Service -- Advisory Software Engineer

More Compute Services stories
October 16, 2018

IBM Cloud Kubernetes Service: Deployment Patterns for Maximizing Throughput and Availability

With the upcoming release of Kubernetes version 1.12 on IBM Cloud Kubernetes Service, we are releasing the new IKS LoadBalancer 2.0 for public beta so that customers may test. This article discusses the capabilities of this LoadBalancer service and a few deployment patterns around it, providing examples along the way.

Continue reading

October 9, 2018

IBM Cloud Foundry Enterprise Environment: Real-World Usage

The Cloud Foundry Enterprise Environment (CFEE) offering provides key security isolation for application hosting for critical regulatory requirements, geo-location restrictions, and other important reasons. Check out some real-world examples of applications deployed on the CFEE.

Continue reading

October 1, 2018

Resource Group Support in IBM Cloud Kubernetes Service

Apply fine-grained access controls and separation of resources in the IBM Cloud Kubernetes Service leveraging using new capabilities from IBM Cloud.

Continue reading