Reading journald kernel logs from inside a kubernetes pod

We wanted a watcher that alerts us when bad kernel things happen and were able to deploy that as a DaemonSet using Kubernetes 🙂

Use a Debian base image (for example ruby:2.5-stretch)
Run as root user or as user that can read systemd logs like systemd-journal

Mount /run/log/journal

spec:
  containers:
  - name: foo
    ...
    volumeMounts:
    - name: runlog
      mountPath: /run/log/journal
      readOnly: true
  volumes:
  - name: runlog
    hostPath:
      path: /run/log/journal

Use systemd-journal to read the logs

require 'systemd/journal'
journal = Systemd::Journal.new
journal.seek(:tail)
journal.move_previous
journal.filter(syslog_identifier: 'kernel')
journal.watch { |entry| puts entry.message }

2 thoughts on “Reading journald kernel logs from inside a kubernetes pod”

Rodrigo Campos says:

2018-10-22 at 17:50:40

Seems quite nice and simple! 🙂

Related: did you know about https://github.com/kubernetes/node-problem-detector ? I didn’t try it, but seems related and has been around for a year or something like that, IIRC 🙂

Thanks,
rata

Reply
- pragmatig says:
  
  2018-10-22 at 18:14:45
  
  Yeah, we are currently adding that to our clusters 🙂
  
  Reply

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Michael Grosser, the Blog

Menu

Reading journald kernel logs from inside a kubernetes pod

2 thoughts on “Reading journald kernel logs from inside a kubernetes pod”

Leave a Reply Cancel reply

Menu

Share this:

Like this:

Related

2 thoughts on “Reading journald kernel logs from inside a kubernetes pod”

Leave a Reply Cancel reply