kubernetes pod 的日志究竟来自哪里(在容器级别)? [英] Where exactly do the logs of kubernetes pods come from (at the container level)?
问题描述
我希望将一些日志从使用 kubectl exec 运行的命令重定向到该 pod 的日志,以便可以使用 kubectl logs <pod-name> 读取它们code>(或者实际上,/var/log/containers/).我可以在运行命令时看到我需要的日志作为输出,它们存储在正在运行的容器内的一个单独的日志目录中.
I'm looking to redirect some logs from a command run with kubectl exec to that pod's logs, so that they can be read with kubectl logs <pod-name> (or really, /var/log/containers/<pod-name>.log). I can see the logs I need as output when running the command, and they're stored inside a separate log directory inside the running container.
将输出(即 >>logfile.log)重定向到我认为镜像 kubectl logs <pod-name> 中的内容的文件不更新该容器的日志,也不重定向到标准输出.
Redirecting the output (i.e. >> logfile.log) to the file which I thought was mirroring what is in kubectl logs <pod-name> does not update that container's logs, and neither does redirecting to stdout.
当调用 kubectl logs <pod-name> 时,我的理解是 kubelet 从它的内部 /var/log/containers/ 目录中获取它们.但是是什么决定了哪些日志存储在那里?日志存储在任何其他 docker 容器中的过程是否相同?
When calling kubectl logs <pod-name>, my understanding is that kubelet gets them from it's internal /var/log/containers/ directory. But what determines which logs are stored there? Is it the same process as the way logs get stored inside any other docker container?
有没有办法检查/跟踪日志记录过程,或确定这些日志的来源?
Is there a way to examine/trace the logging process, or determine where these logs are coming from?
推荐答案
pod 中容器的 STDOUT 和 STDERR 的日志被捕获并存储在/中的文件中变量/日志/容器.这是运行 kubectl log 时显示的内容.
Logs from the STDOUT and STDERR of containers in the pod are captured and stored inside files in /var/log/containers. This is what is presented when kubectl log is run.
为了理解为什么在运行 kubectl log 时不显示 kubectl exec 运行的命令的输出,让我们通过一个示例来看看它是如何工作的:
In order to understand why output from commands run by kubectl exec is not shown when running kubectl log, let's have a look how it all works with an example:
首先启动一个运行 ubuntu 且永远处于休眠状态的 pod:
First launch a pod running ubuntu that are sleeping forever:
$> kubectl run test --image=ubuntu --restart=Never -- sleep infinity
执行进去
$> kubectl exec -it test bash
从容器内部看,被捕获的是 PID 1 的 STDOUT 和 STDERR.当您在容器中执行 kubectl exec 时,会创建一个与 PID 1 并存的新进程:
Seen from inside the container it is the STDOUT and STDERR of PID 1 that are being captured. When you do a kubectl exec into the container a new process is created living alongside PID 1:
root@test:/# ps -auxf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 7 0.0 0.0 18504 3400 pts/0 Ss 20:04 0:00 bash
root 19 0.0 0.0 34396 2908 pts/0 R+ 20:07 0:00 \_ ps -auxf
root 1 0.0 0.0 4528 836 ? Ss 20:03 0:00 sleep infinity
重定向到 STDOUT 不起作用,因为 /dev/stdout 是访问它的进程的符号链接 (/proc/self/fd/1 而不是 /proc/1/fd/1).
Redirecting to STDOUT is not working because /dev/stdout is a symlink to the process accessing it (/proc/self/fd/1 rather than /proc/1/fd/1).
root@test:/# ls -lrt /dev/stdout
lrwxrwxrwx 1 root root 15 Nov 5 20:03 /dev/stdout -> /proc/self/fd/1
为了查看使用 kubectl exec 运行的命令的日志,需要将日志重定向到 kubelet 捕获的流(STDOUT 和 pid 1) 的 STDERR.这可以通过将输出重定向到 /proc/1/fd/1 来完成.
In order to see the logs from commands run with kubectl exec the logs need to be redirected to the streams that are captured by the kubelet (STDOUT and STDERR of pid 1). This can be done by redirecting output to /proc/1/fd/1.
root@test:/# echo "Hello" > /proc/1/fd/1
退出交互式 shell 并使用 kubectl logs 检查日志现在应该会显示输出
Exiting the interactive shell and checking the logs using kubectl logs should now show the output
$> kubectl logs test
Hello
这篇关于kubernetes pod 的日志究竟来自哪里(在容器级别)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
