Viewing logs
Anthos Config Management follows the same logging conventions as Kubernetes. By default, logging verbosity is set to 2.
On each enrolled cluster, multiple Deployments run in Pods in the
config-management-system
namespace. Each of these Deployments represents a
different subsystem, as indicated by the name of the Deployment.
git-importer
: imports configs found in the repo into the cluster as CustomResourceDefinitions (CRDs)monitor
: Exposes monitoring and metrics endpointssyncer
: Ensures that the cluster's configuration is kept in sync with the CRDs created by thegit-importer
Even though tasks are divided by Deployment, you cannot query a Deployment's
logs. However, you can use a label selector. Each Deployment has a label
selector app=[Deployment name]
.
Use a Deployment's label selector to view its logs. The following example
shows the logs for the syncer
Deployment.
kubectl logs --namespace config-management-system -l app=syncer
The git-importer
Pod has two different containers, importer
and git-sync
. To view the logs for only one of these containers, specify
it with the -c
option. The following example shows the logs for the
importer
container:
kubectl logs --namespace=config-management-system \ -l app=git-importer \ -c importer
Changing logging verbosity
The default logging verbosity is 2. If you need to increase the verbosity for debugging, follow these steps.
Edit the
config-management-operator
Deployment:kubectl edit deployment -n=kube-system config-management-operator
In the interactive editor, change the value of
replicas
to 0. This prevents the Operator from reverting the changes you make below.Get a list of all Deployments related to Anthos Config Management. The names of the Deployments, and the number of Deployments, are both subject to change.
kubectl get deployments -n=config-management-system
For each Deployment you are debugging or monitoring, edit the object. Replace
syncer
with the name of the Deployment you want to change.kubectl edit deployment syncer
After modifying all the relevant Deployments, edit the
config-management-operator
object again and setreplicas
to 1.kubectl get deployments -n=config-management-system
When you are finished debugging, you may want to reduce the verbosity of the logs back to 2, to conserve disk space on your nodes. To do that, follow the procedure again, setting the value to 2.
Finding the Git commit that updated an object
When the Operator applies a change to a Kubernetes object because
of an update to the repo, the hash for the Git commit is stored in the
configmanagement.gke.io/sync-token
annotation. To view this hash, use
kubectl get
:
kubectl get clusterrolebinding namespace-readers -oyaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"configmanagement.gke.io/managed":"enabled","configmanagement.gke.io/cluster-name":"config-management-cluster","configmanagement.gke.io/source-path":"cluster/namespace-reader-clusterrolebinding.yaml","configmanagement.gke.io/sync-token":"5edf7fda0cfccc351adfa2811954c80c812c26c5"},"creationTimestamp":null,"name":"namespace-readers"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"namespace-reader"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"User","name":"cheryl@foo-corp.com"}]} configmanagement.gke.io/managed: enabled configmanagement.gke.io/cluster-name: config-management-cluster configmanagement.gke.io/source-path: cluster/namespace-reader-clusterrolebinding.yaml configmanagement.gke.io/sync-token: 5edf7fda0cfccc351adfa2811954c80c812c26c5 creationTimestamp: 2019-02-11T19:39:37Z name: namespace-readers resourceVersion: "6301538" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/namespace-readers uid: c45257a4-2e34-11e9-8a5e-42010a800134 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: namespace-reader subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: cheryl@foo-corp.com
You can then use commands such as git show [HASH]
to
view information about the commit.
What's next
- Try the quickstart
- Learn about monitoring Anthos Config Management