stackoom
  简体   繁体   中英

How can I find GKE's control plane logs?

 原文  2021-02-01 23:33:31       kubernetes/ google-kubernetes-engine

Question

So there's this page about auditing-logs and I'm very confused about:

The k8s.io service is used for Kube.netes audit logs. These logs are generated by the Kube.netes API Server component and they contain information about actions performed using the Kube.netes API. For example, any changes you make on a Kube.netes resource by using the kubectl command are recorded by the k8s.io service. For more information, see Auditing in the Kube.netes documentation.

The container.googleapis.com service is used for GKE control plane audit logs. These logs are generated by the GKE internal components and they contain information about actions performed using the GKE API. For example, any changes you perform on a GKE cluster configuration using a gcloud command are recorded by the container.googleapis.com service.

which one shall I pick to get:

  1. /var/log/kube-apiserver.log - API Server, responsible for serving the API
  2. /var/log/kube-controller-manager.log - Controller that manages replication controllers

or these are all similar to EKS where audit logs means a separate thing ?

Audit (audit) – Kube.netes audit logs provide a record of the individual users, administrators, or system components that have affected your cluster. For more information, see Auditing in the Kube.netes documentation.

3 answers

solution1
 1 ACCPTED  2021-02-01 23:38:29

You cannot. GKE does not make them available. Audit logs are different, those are a record of API actions.

solution2
 1  2021-02-18 00:00:36

If the cluster still exists, you should be able to do the following on GKE

kubectl proxy
curl http://localhost:8001/logs/kube-apiserver.log

AFAIK, there's no way to get server logs for clusters that have been deleted.

solution3
 1  2022-12-08 17:06:29

Logs for GKE control-plane components are available since November 29, 2022 for clusters with versions 1.22.0 and later.

You simply need to activate it on the clusters. Either via CLI:

gcloud container clusters update [CLUSTER_NAME] \
      --region=[REGION] \
      --monitoring=SYSTEM,WORKLOAD,API_SERVER,SCHEDULER,CONTROLLER_MANAGER

or in web-console under "Features -> Cloud Logging" (as usual). See documentation .

Note the notes in the solutions documentation , especially about reaching the logging.googleapis.com/write_requests quota ( quick link ).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I stop Kubernetes control plane pods? How to export GKE's cluster autoscaler logs to an external logging service? How to generate kubeadm token for secondary control plane node(s) Can I run Kubernetes Control Plane (not Docker) on Android? How can I visit NodePort service in GKE Can't see the pod logs on google GKE How can I allow API access to a GKE K8S cluster without modifying the HTTP client How to view access logs for an application deployed in GKE? How to detect GKE autoupgrading a node in Stackdriver logs How to see audit logs on kubernetes in GKE?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM