System Logs

    klog is the Kubernetes logging library. klog generates log messages for the Kubernetes system components.

    For more information about klog configuration, see the .

    Kubernetes is in the process of simplifying logging in its components. The following klog command line flags are deprecated starting with Kubernetes 1.23 and will be removed in a future release:

    • --alsologtostderr
    • --log-backtrace-at
    • --log-dir
    • --log-file
    • --log-file-max-size
    • --logtostderr
    • --one-output
    • --skip-log-headers
    • --stderrthreshold

    Output will always be written to stderr, regardless of the output format. Output redirection is expected to be handled by the component which invokes a Kubernetes component. This can be a POSIX shell or a tool like systemd.

    In some cases, for example a distroless container or a Windows system service, those options are not available. Then the binary can be used as wrapper around a Kubernetes component to redirect output. A prebuilt binary is included in several Kubernetes base images under its traditional name as /go-runner and as kube-log-runner in server and node release archives.

    This table shows how kube-log-runner invocations correspond to shell redirection:

    An example of the traditional klog native format:

    The message string may contain line breaks:

    1. I1025 00:15:15.525108 1 example.go:79] This is a message
    2. which has a line break.

    Structured Logging

    FEATURE STATE: Kubernetes v1.23 [beta]

    Warning:

    Log formatting and value serialization are subject to change.

    Structured logging introduces a uniform structure in log messages allowing for programmatic extraction of information. You can store and process structured logs with less effort and cost. The code which generates a log message determines whether it uses the traditional unstructured klog output or structured logging.

    The default formatting of structured log messages is as text, with a format that is backward compatible with traditional klog:

    Example:

    1. I1025 00:15:15.525108 1 controller_utils.go:116] "Pod status updated" pod="kube-system/kubedns" status="ready"

    Strings are quoted. Other values are formatted with , which may cause log messages to continue on the next line depending on the data.

    FEATURE STATE: Kubernetes v1.19 [alpha]

    Warning:

    JSON output does not support many standard klog flags. For list of unsupported klog flags, see the .

    Not all logs are guaranteed to be written in JSON format (for example, during process start). If you intend to parse logs, make sure you can handle log lines that are not JSON as well.

    Field names and JSON serialization are subject to change.

    1. {
    2. "ts": 1580306777.04728,
    3. "v": 4,
    4. "msg": "Pod status updated",
    5. "pod":{
    6. "name": "nginx-1",
    7. "namespace": "default"
    8. "status": "ready"
    9. }

    Keys with special meaning:

    • ts - timestamp as Unix time (required, float)
    • err - error string (optional, string)
    • msg - message (required, string)

    List of components currently supporting JSON format:

    Log sanitization

    FEATURE STATE: Kubernetes v1.20 [alpha]

    Warning: Log sanitization might incur significant computation overhead and therefore should not be enabled in production.

    The --experimental-logging-sanitization flag enables the klog sanitization filter. If enabled all log arguments are inspected for fields tagged as sensitive data (e.g. passwords, keys, tokens) and logging of these fields will be prevented.

    List of components currently supporting log sanitization:

    • kube-controller-manager
    • kube-apiserver
    • kube-scheduler
    • kubelet

    Note: The Log sanitization filter does not prevent user workload logs from leaking sensitive data.

    The -v flag controls log verbosity. Increasing the value increases the number of logged events. Decreasing the value decreases the number of logged events. Increasing verbosity settings logs increasingly less severe events. A verbosity setting of 0 logs only critical events.

    Log location

    There are two types of system components: those that run in a container and those that do not run in a container. For example:

    • The Kubernetes scheduler and kube-proxy run in a container.
    • The kubelet and container runtime, for example Docker, do not run in containers.

    On machines with systemd, the kubelet and container runtime write to journald. Otherwise, they write to .log files in the /var/log directory. System components inside containers always write to .log files in the /var/log directory, bypassing the default logging mechanism. Similar to the container logs, you should rotate system component logs in the /var/log directory. In Kubernetes clusters created by the kube-up.sh script, log rotation is configured by the logrotate tool. The logrotate tool rotates logs daily, or once the log size is greater than 100MB.

    What’s next