Timeline of kubernetes events
I would like to be able to see all of the various things that happened to a kube cluster on a timeline, including when nodes were found to be dead, when new nodes were added, when pods crashed and when they were restarted.
So far the best that we have found is kubectl get event but that seems to have a few limitations:
- it doesn't go back in time that far (I'm not sure how far it goes back. A day?)
- it combines similar events and orders the resulting list by the time of the latest event in each group. This makes it impossible to know what happened during some time range since events in that range may have been combined with later events outside the range.
One idea that I have is to write a pod that will use the API to watch the stream of events and log them to a file. This would let us control retention and it seems that events that occur while we are watching will not be combined, solving the second problem as well.
What are other people doing about this?
Similar Questions
3 Answers
kubernetes/heapster can persist event to gcl and influxdb, but for now there is no api to access stored data
Have you checked out the pod specific events tab in the Dashboard?
Some events from a cluster I have running in GKE:
My understanding is that Kubernetes itself dedups events, documented here: https://github.com/kubernetes/kubernetes/blob/master/docs/design/event_compression.md Once that happens, there is no way to get the individual events back.
See https://github.com/kubernetes/kubernetes/issues/36304 for complaints how that loses info. https://github.com/kubernetes/kubernetes/pull/46034 at least improved the message. See also https://github.com/kubernetes/enhancements/pull/1291 KEP for recent discussion and proposal to improve usability in kubectl.
How long events are retained? Their "time-to-live" is apparently controlled by kube-apiserver
--event-ttloption, defaults to 1 hour: https://github.com/kubernetes/kubernetes/blob/da53a247633/cmd/kube-apiserver/app/options/options.go#L71-L72You can raise this. Might require more resources for
etcd— from what I saw in some 2015 github discussions, event TTL used to be 2 days, and events were the main thing stressingetcd...
In a pinch, it might be possible to figure out what happened earlier from various log, especially the kubelet logs?
Saving events
Running
kubectl get event -o yaml --watchinto a persistent file sounds like a simple thing to do. I think when you watch events as they arrive, you see them pre-dedup.Heapster can send events to some of the supported sinks: https://github.com/kubernetes/heapster/blob/master/docs/sink-configuration.md
Eventrouter can send events to various sinks: https://github.com/heptiolabs/eventrouter/tree/master/sinks