Compute Services

Kubernetes API Server Log Collection

Share this post:

Log collection CLI for the IBM Cloud Kubernetes Service

Kubernauts rejoice, you have a new tool in your Kubernetes arsenal! With the latest IBM Cloud Kubernetes Service CLI plug-in, you can collect your Kubernetes API server logs and drop them in an IBM Cloud Object Storage (COS) bucket. These API server logs are an invaluable resource because they record every request that passes through the Kubernetes API server. This means you can keep tabs on changes to resources like pod scheduling, deployments, and RBAC policies. You can use these logs to help secure your applications, monitor resource usage, and debug cluster issues. These logs do get rotated, so your first log collection might not include every log entry since the creation of your cluster. If there’s something that you’re actively monitoring, it’s a good idea to run this command periodically so you can capture snapshots.

Before you try it out

  1. Provision an instance of COS from the IBM Cloud catalog.
  2. Be sure that you have the Administrator IAM platform role for the cluster that you’re working with.
  3. Install the IBM Cloud Kubernetes Service CLI plug-in.
  4. Create a COS bucket through the GUI and generate HMAC Credentials for it.
    • In the Service Credentials tab of the Cloud Object Storage dashboard, click New Credential.
    • Give the HMAC credentials the Writer IAM role.
    • In the Add Inline Configuration Parameters field, specify {“HMAC”:true}.
  5. Note the COS endpoint from the Endpoint tab of the Cloud Object Storage dashboard.

Collecting Kubernetes API server master logs

  1. Using the IBM Cloud Kubernetes Service, log in and target the account, region, and resource group that your cluster is in.
    ibmcloud login
  2. Use the ibm cloud ks logging-collect command to get a snapshot of your master logs and drop them in your COS bucket.logging-collect
  3. Once submitted, you can check on the status of your log collection by running the ibmcloud ks logging-collect-status command.
    logging-collect-status command
  4. Log into the IBM Cloud UI and go to your COS instance. The end of the URL returned from the previous step contains the name of the file with your Kubernetes API server logs.
    Master Logs in COS

Contact us

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

IBM Cloud Containers Service -- Advisory Software Engineer

More Compute Services stories
December 11, 2018

Unifying Containers, Apps, and Functions

Innovative solutions like Knative and Istio are leading us to a unified container application platform that lets developers leverage the best of containers, apps, and functions in a single integrated way.

Continue reading

December 11, 2018

Using Availability Zones to Enhance Event Streams Resilience

With the Enterprise plan of IBM Event Streams, you can deploy Kafka across availability zones to maximize both its resilience to failures and the durability of your message data. Applications can use Kafka to achieve the right balance of availability and durability to meet your business needs.

Continue reading

December 10, 2018

The Run Up to KubeCon: Easing the Burden of Security and Infrastructure Management

In the run up to KubeCon, IBM Cloud announced new capabilities to ease Kubernetes operations and improve security across multiple cloud architectures.

Continue reading