Kubernetes API Server Log Collection

By: Jen Carlucci

Log collection CLI for the IBM Cloud Kubernetes Service

Kubernauts rejoice, you have a new tool in your Kubernetes arsenal! With the latest IBM Cloud Kubernetes Service CLI plug-in, you can collect your Kubernetes API server logs and drop them in an IBM Cloud Object Storage (COS) bucket. These API server logs are an invaluable resource because they record every request that passes through the Kubernetes API server. This means you can keep tabs on changes to resources like pod scheduling, deployments, and RBAC policies. You can use these logs to help secure your applications, monitor resource usage, and debug cluster issues. These logs do get rotated, so your first log collection might not include every log entry since the creation of your cluster. If there’s something that you’re actively monitoring, it’s a good idea to run this command periodically so you can capture snapshots.

Before you try it out

  1. Provision an instance of COS from the IBM Cloud catalog.

  2. Be sure that you have the Administrator IAM platform role for the cluster that you’re working with.

  3. Install the IBM Cloud Kubernetes Service CLI plug-in.

  4. Create a COS bucket through the GUI and generate HMAC Credentials for it.

    • In the Service Credentials tab of the Cloud Object Storage dashboard, click New Credential.

    • Give the HMAC credentials the Writer IAM role.

    • In the Add Inline Configuration Parameters field, specify {“HMAC”:true}.

  5. Note the COS endpoint from the Endpoint tab of the Cloud Object Storage dashboard.

Collecting Kubernetes API server master logs

  1. Using the IBM Cloud Kubernetes Service, log in and target the account, region, and resource group that your cluster is in.

    Using the IBM Cloud Kubernetes Service, log in and target the account, region, and resource group that your cluster is in.

  2. Use the ibm cloud ks logging-collect command to get a snapshot of your master logs and drop them in your COS bucket.

    Use the ibm cloud ks logging-collect command to get a snapshot of your master logs and drop them in your COS bucket.

  3. Once submitted, you can check on the status of your log collection by running the ibmcloud ks logging-collect-status command.

    Once submitted, you can check on the status of your log collection by running the ibmcloud ks logging-collect-status command.

  4. Log into the IBM Cloud UI and go to your COS instance. The end of the URL returned from the previous step contains the name of the file with your Kubernetes API server logs.

    Log into the IBM Cloud UI and go to your COS instance.

Contact us

If you have questions, engage our team via Slack by registering here and join the discussion in the #generalchannel on our public IBM Cloud Kubernetes Service Slack.

Be the first to hear about news, product updates, and innovation from IBM Cloud