KEP 2258: add node log query#96120
Conversation
k8s-ci-robot
added
kind/feature
|
Hi @LorbusChris. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
k8s-ci-robot
added
area/kubelet
sig/node
|
@LorbusChris: GitHub didn't allow me to request PR reviews from the following users: aravindhp. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
LorbusChris
changed the title
|
Somebody please give this an ok-to-test |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
k8s-ci-robot
added
the
lgtm
|
/assign @sjenning |
LorbusChris
force-pushed
the
kubelet-journal-logs
branch
from
725c3f3 to
9827bca
Compare
k8s-ci-robot
removed
the
lgtm
There was a problem hiding this comment.
I think logDir could be renamed to something more specific like nodeLogDir.
There was a problem hiding this comment.
Could we use the constant defined for /var/log?
There was a problem hiding this comment.
Where does the 100 limit come from? Probably worth adding a comment. The systemd limit for a unit name is 256 characters https://www.freedesktop.org/software/systemd/man/systemd.unit.html#:~:text=The%20total%20length%20of%20the,service%20%22%2C%20%22%20.
There was a problem hiding this comment.
I changed the limit to 256.
There was a problem hiding this comment.
Need a comment for the limit.
There was a problem hiding this comment.
Given the previous comment about the length, I change this to check for number of services with a constant of 4.
There was a problem hiding this comment.
Can use something like https://github.com/cyphar/filepath-securejoin to prevent filepath parent walk attacks.
There was a problem hiding this comment.
Consider using https://github.com/cyphar/filepath-securejoin
There was a problem hiding this comment.
Good catch. I missed updating this when reducing the heuristics. Fixed.
There was a problem hiding this comment.
nit: was for found -> was found
There was a problem hiding this comment.
I changed the limit to 256.
There was a problem hiding this comment.
Given the previous comment about the length, I change this to check for number of services with a constant of 4.
There was a problem hiding this comment.
Good catch. I missed updating this when reducing the heuristics. Fixed.
There was a problem hiding this comment.
100 -> 256? Maybe a constant for it :)
There was a problem hiding this comment.
journalctl won't return an error if we try to fetch logs for a non-existent service, hence we search for it in the list of services known to journalctl
Enable the query endpoint only if this gate is enabled in addition to the EnableNodeLogQuery kubelet config option.
Added EnableNodeLogQuery field to kubelet/apis/config/types.go and staging/src/k8s.io/kubelet/config/v1beta1/types.go, then executed. `hack/update-codegen.sh`. This new field will default to off and will need to be explicitly enabled in addition to the NodeLogQuery gate to use the feature.
…dpoint Provide an administrator a streaming view of journal logs on Linux systems using journalctl, and event logs on Windows systems using the Get-WinEvent PowerShell cmdlet without them having to implement a client side reader. Only available to cluster admins. The implementation for journald on Linux was originally done by Clayton Coleman. Introduce a heuristics approach to query logs The logs query for node objects will follow a heuristics approach when asked to query for logs from a service. If asked to get the logs from a service foobar, it will first check if foobar logs to the native OS service log provider. If unable to get logs from these, it will attempt to get logs from /var/foobar, /var/log/foobar.log or /var/log/foobar/foobar.log in that order. The logs sub-command can also directly serve a file if the query looks like a file. Co-authored-by: Clayton Coleman <ccoleman@redhat.com> Co-authored-by: Christian Glombek <cglombek@redhat.com>
|
@LorbusChris: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
|
LGTM label has been added. DetailsGit tree hash: 6358ad89a82d840117d4e133309f6681e000face |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, LorbusChris, marosset, mrunalp, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required |
|
/test pull-kubernetes-e2e-capz-windows-containerd |
20 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
Provide an administrator a streaming view of journal logs on Linux and WinEvent logs on Windows
without them having to implement a client side reader. Only available to cluster admins.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Upstreaming from OpenShift:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: