Compute Services

Kubernetes API Server Log Collection

Share this post:

Log collection CLI for the IBM Cloud Kubernetes Service

Kubernauts rejoice, you have a new tool in your Kubernetes arsenal! With the latest IBM Cloud Kubernetes Service CLI plug-in, you can collect your Kubernetes API server logs and drop them in an IBM Cloud Object Storage (COS) bucket. These API server logs are an invaluable resource because they record every request that passes through the Kubernetes API server. This means you can keep tabs on changes to resources like pod scheduling, deployments, and RBAC policies. You can use these logs to help secure your applications, monitor resource usage, and debug cluster issues. These logs do get rotated, so your first log collection might not include every log entry since the creation of your cluster. If there’s something that you’re actively monitoring, it’s a good idea to run this command periodically so you can capture snapshots.

Before you try it out

  1. Provision an instance of COS from the IBM Cloud catalog.
  2. Be sure that you have the Administrator IAM platform role for the cluster that you’re working with.
  3. Install the IBM Cloud Kubernetes Service CLI plug-in.
  4. Create a COS bucket through the GUI and generate HMAC Credentials for it.
    • In the Service Credentials tab of the Cloud Object Storage dashboard, click New Credential.
    • Give the HMAC credentials the Writer IAM role.
    • In the Add Inline Configuration Parameters field, specify {“HMAC”:true}.
  5. Note the COS endpoint from the Endpoint tab of the Cloud Object Storage dashboard.

Collecting Kubernetes API server master logs

  1. Using the IBM Cloud Kubernetes Service, log in and target the account, region, and resource group that your cluster is in.
    ibmcloud login
  2. Use the ibm cloud ks logging-collect command to get a snapshot of your master logs and drop them in your COS bucket.logging-collect
  3. Once submitted, you can check on the status of your log collection by running the ibmcloud ks logging-collect-status command.
    logging-collect-status command
  4. Log into the IBM Cloud UI and go to your COS instance. The end of the URL returned from the previous step contains the name of the file with your Kubernetes API server logs.
    Master Logs in COS

Contact us

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

IBM Cloud Containers Service -- Advisory Software Engineer

More Compute Services stories
February 18, 2019

Build a Container Image Inside a Kubernetes Cluster and Push it to IBM Cloud Container Registry

We're going to show you how to build a source into a container image from a Dockerfile inside a Kubernetes cluster and push the image to IBM Cloud Container Registry with Google's Kaniko tool.

Continue reading

February 12, 2019

A “Kubernetes Everywhere” Approach: Build and Deploy Enterprise-Scale Modern Applications for Hybrid Cloud

We are excited to introduce two optional cloud-managed services and capabilities designed to enable clients to quickly build and deploy enterprise-scale container-based applications across hybrid environments: Managed Istio and Managed Knative for IBM Cloud Kubernetes Service.

Continue reading

February 7, 2019

Istio Multicluster Support

The current multicluster Istio status There is a growing community interest in running workloads on multiple clusters to achieve better scaling, failure isolation, and application agility. Istio v1.0 supports some multicluster capabilities and new ones are added in v1.1. This blog post highlights the current multicluster Istio status, helping interested people understand what capabilities exist […]

Continue reading