π Logging & Monitoring Overview
Observability in Kubernetes starts with logging, helping you understand whatβs happening inside containers, nodes, and control plane components.
π¦ Types of Logs
| Layer | Source | Tooling |
|---|---|---|
| Application | stdout/stderr of containers | kubectl logs |
| Node/Daemon | kubelet, container runtime, OS | journald, syslog |
| Cluster | Controller manager, scheduler, API server | Audit logs, metrics |
π Access Logs with kubectl
kubectl logs <pod-name>
For multi-container Pods:
kubectl logs <pod-name> -c <container-name>
Follow logs (stream):
kubectl logs -f <pod-name>
Previous failed container logs:
kubectl logs --previous <pod-name>
π Example
kubectl run nginx --image=nginx
kubectl logs nginx
π¨ Logging in Production
Kubernetes doesnβt store logs permanently. Use a logging pipeline for aggregation:
Common Stack Options:
- EFK: Elasticsearch + Fluentd + Kibana
- Loki: Promtail + Loki + Grafana
- Fluent Bit: Lightweight log processor
π¦ Node-Level Logging
- Node logs (kubelet, CRI, systemd):
journalctl -u kubelet
- Container logs (default):
/var/log/pods/
/var/log/containers/
π§ Tips
- Logs are ephemeral β store externally
- Use labels and selectors to tail logs for many pods:
kubectl logs -l app=frontend
- Avoid running
kubectl logsloops in prod β use log aggregation instead
β Summary
| Action | Command Example |
|---|---|
| View Pod logs | kubectl logs pod |
| Stream logs | kubectl logs -f pod |
| Logs from crashed Pod | kubectl logs --previous pod |
| View container logs | kubectl logs pod -c container |
| Node-level logs | journalctl -u kubelet |
Set up centralized logging to gain cluster-wide observability and long-term retention.