在 Azure Kubernetes Service (AKS) 中啟用並檢閱 Kubernetes 主要節點記錄Enable and review Kubernetes master node logs in Azure Kubernetes Service (AKS)

使用 Azure Kubernetes Service (AKS) 時,kube-apiserverkube-controller-manager 等主要元件是以受控服務的形式提供。With Azure Kubernetes Service (AKS), the master components such as the kube-apiserver and kube-controller-manager are provided as a managed service. 您會建立並管理執行 kubelet 和容器執行階段的節點,並透過受控 Kubernetes API 伺服器部署應用程式。You create and manage the nodes that run the kubelet and container runtime, and deploy your applications through the managed Kubernetes API server. 為了協助對應用程式和服務進行疑難排解,您可能需要檢視由這些主要元件所產生的記錄。To help troubleshoot your application and services, you may need to view the logs generated by these master components. 本文會示範如何使用 Azure 監視器記錄來啟用和查詢來自 Kubernetes 主要元件的記錄。This article shows you how to use Azure Monitor logs to enable and query the logs from the Kubernetes master components.

開始之前Before you begin

本文需要您的 Azure 帳戶中有正在執行的現有 AKS 叢集。This article requires an existing AKS cluster running in your Azure account. 若您沒有 AKS 叢集,請使用 Azure CLIAzure 入口網站建立一個。If you do not already have an AKS cluster, create one using the Azure CLI or Azure portal. Azure 監視器記錄可同時搭配已啟用 RBAC 和未啟用 RBAC 的 AKS 叢集運作。Azure Monitor logs works with both RBAC and non-RBAC enabled AKS clusters.

啟用診斷記錄Enable diagnostics logs

為了協助從多個來源收集並檢閱資料,Azure 監視器記錄提供能針對您的環境提供見解的查詢語言和分析引擎。To help collect and review data from multiple sources, Azure Monitor logs provides a query language and analytics engine that provides insights to your environment. 工作區可用來收集並分析資料,並可與其他 Azure 服務 (例如 Application Insights 和資訊安全中心) 整合。A workspace is used to collate and analyze the data, and can integrate with other Azure services such as Application Insights and Security Center. 若要使用不同的平台來分析記錄,您可以選擇將診斷記錄傳送至 Azure 儲存體帳戶或事件中樞。To use a different platform to analyze the logs, you can instead choose to send diagnostic logs to an Azure storage account or event hub. 如需詳細資訊,請參閱何謂 Azure 監視器記錄For more information, see What is Azure Monitor logs?.

Azure 監視器記錄的啟用和管理是在 Azure 入口網站中進行。Azure Monitor logs is enabled and managed in the Azure portal. 若要在 AKS 叢集中啟用 Kubernetes 主要元件的記錄收集,請在網頁瀏覽器中開啟 Azure 入口網站並完成下列步驟:To enable log collection for the Kubernetes master components in your AKS cluster, open the Azure portal in a web browser and complete the following steps:

  1. 選取適用於您 AKS 叢集的資源群組,例如 myResourceGroupSelect the resource group for your AKS cluster, such as myResourceGroup. 請勿選取包含個別 AKS 叢集資源的資源群組,例如 MC_myResourceGroup_myAKSCluster_eastusDon't select the resource group that contains your individual AKS cluster resources, such as MC_myResourceGroup_myAKSCluster_eastus.
  2. 選擇左邊的 [診斷設定]。On the left-hand side, choose Diagnostic settings.
  3. 選取您的 AKS 叢集 (例如 myAKSCluster),然後選擇 [開啟診斷]。Select your AKS cluster, such as myAKSCluster, then choose to Turn on diagnostics.
  4. 輸入名稱 (例如 myAKSClusterLogs),然後選取 [傳送至 Log Analytics 工作區] 選項。Enter a name, such as myAKSClusterLogs, then select the option to Send to Log Analytics workspace.
    • 選擇要 [設定] Log Analytics 工作區,然後選取現有工作區或 [建立新工作區]。Choose to Configure Log Analytics workspace, then select an existing workspace or Create New Workspace.
    • 若您需要建立工作區,請提供名稱、資源群組和位置。If you need to create a workspace, provide a name, a resource group, and a location.
  5. 在可用的記錄清單中,選取想要啟用的記錄。In the list of available logs, select the logs you wish to enable. 預設會啟用 kube-apiserver、kube-controller-manager 和 kube-scheduler 記錄。By default, the kube-apiserver, kube-controller-manager, and kube-scheduler logs are enabled. 您可以啟用其他記錄,例如 kube-audit 和 cluster-autoscaler。You can enable additional logs, such as kube-audit and cluster-autoscaler. 您可以在啟用 Log Analytics 工作區之後返回這裡並變更收集的記錄。You can return and change the collected logs once Log Analytics workspaces are enabled.
  6. 準備好後,請選取 [儲存] 以啟用所選取記錄的收集。When ready, select Save to enable collection of the selected logs.


AKS 只會針對在訂用帳戶上啟用功能旗標後所建立或升級的叢集,擷取其稽核記錄。AKS only captures audit logs for clusters that are created or upgraded after a feature flag is enabled on your subscription. 若要註冊 AKSAuditLog 功能旗標,請使用 az feature register 命令,如下列範例所示:To register the AKSAuditLog feature flag, use the az feature register command as shown in the following example:

az feature register --name AKSAuditLog --namespace Microsoft.ContainerService

等候狀態顯示 Registered。Wait for the status to show Registered. 您可以使用 az feature list 命令檢查註冊狀態:You can check on the registration status using the az feature list command:

az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AKSAuditLog')].{Name:name,State:properties.state}"

註冊好時,使用 az provider register 命令重新整理 AKS 資源提供者的註冊:When ready, refresh the registration of the AKS resource provider using the az provider register command:

az provider register --namespace Microsoft.ContainerService

下列範例入口網站螢幕擷取畫面顯示 [診斷設定] 視窗,以及建立 Log Analytics 工作區的選項:The following example portal screenshot shows the Diagnostics settings window and then option to create an Log Analytics workspace:

針對 AKS 叢集的 Azure 監視器記錄啟用 Log Analytics 工作區

在 AKS 叢集上對測試 Pod 進行排程Schedule a test pod on the AKS cluster

若要產生一些記錄,請在 AKS 叢集中建立新的 Pod。To generate some logs, create a new pod in your AKS cluster. 下列範例 YAML 資訊清單可用來建立基本的 NGINX 執行個體。The following example YAML manifest can be used to create a basic NGINX instance. 在您偏好的編輯器中建立名為 nginx.yaml 的檔案,並貼上下列內容:Create a file named nginx.yaml in an editor of your choice and paste the following content:

apiVersion: v1
kind: Pod
  name: nginx
  - name: mypod
    image: nginx:1.15.5
        cpu: 100m
        memory: 128Mi
        cpu: 250m
        memory: 256Mi
    - containerPort: 80

使用 kubectl create 命令建立 Pod 並指定您的 YAML 檔案,如下列範例所示:Create the pod with the kubectl create command and specify your YAML file, as shown in the following example:

$ kubectl create -f nginx.yaml

pod/nginx created

檢視收集的記錄View collected logs

診斷記錄可能需要幾分鐘的時間才會啟用並出現在 Log Analytics 工作區中。It may take a few minutes for the diagnostics logs to be enabled and appear in the Log Analytics workspace. 在 Azure 入口網站中,選取您的 Log Analytics 工作區的資源群組這類myResourceGroup,然後選擇您的 log analytics 資源,例如myAKSLogsIn the Azure portal, select the resource group for your Log Analytics workspace, such as myResourceGroup, then choose your log analytics resource, such as myAKSLogs.

選擇適用於 AKS 叢集的 Log Analytics 工作區

選擇左邊的 [記錄]。On the left-hand side, choose Logs. 若要檢視 kube-apiserver,請在文字方塊中輸入下列查詢:To view the kube-apiserver, enter the following query in the text box:

| where Category == "kube-apiserver"
| project log_s

系統應該會針對 API 伺服器傳回許多記錄。Many logs are likely returned for the API server. 若要縮小查詢範圍以檢視在上一個步驟中所建立之 NGINX Pod 的相關記錄,請加入額外的 where 陳述式以搜尋 pods/nginx,如下列範例查詢所示:To scope down the query to view the logs about the NGINX pod created in the previous step, add an additional where statement to search for pods/nginx as shown in the following example query:

| where Category == "kube-apiserver"
| where log_s contains "pods/nginx"
| project log_s

系統會顯示 NGINX Pod 的特定記錄,如下列範例螢幕擷取畫面所示:The specific logs for your NGINX pod are displayed, as shown in the following example screenshot:

範例 NGINX Pod 的 Log Analytics 查詢結果

若要檢視其他記錄,您可以更新查詢以將 Category 名稱變更為 kube-controller-managerkube-scheduler (視您所啟用的其他記錄而定)。To view additional logs, you can update the query for the Category name to kube-controller-manager or kube-scheduler, depending on what additional logs you enable. 您可以接著使用額外的 where 陳述式來精簡您想要查詢的事件。Additional where statements can then be used to refine the events you are looking for.

如需查詢及篩選記錄資料之方式的詳細資訊,請參閱檢視或分析以記錄分析記錄搜尋所收集的資料For more information on how to query and filter your log data, see View or analyze data collected with log analytics log search.

記錄事件結構描述Log event schema

為了協助分析記錄資料,下表會詳細說明適用於每個事件的結構描述:To help analyze the log data, the following table details the schema used for each event:

欄位名稱Field name 描述Description
resourceIdresourceId 產生記錄的 Azure 資源Azure resource that produced the log
timetime 上傳記錄的時間戳記Timestamp of when the log was uploaded
類別category 產生記錄之容器/元件的名稱Name of container/component generating the log
operationNameoperationName Always Microsoft.ContainerService/managedClusters/diagnosticLogs/ReadAlways Microsoft.ContainerService/managedClusters/diagnosticLogs/Read
properties.logproperties.log 來自元件之記錄的全文Full text of the log from the component
properties.streamproperties.stream stderrstdoutstderr or stdout
properties.podproperties.pod 作為記錄來源的 Pod 名稱Pod name that the log came from
properties.containerIDproperties.containerID 作為此記錄來源之 Docker 容器的識別碼Id of the docker container this log came from

後續步驟Next steps

在本文中,您已了解如何在 AKS 叢集中啟用並檢閱 Kubernetes 主要元件的記錄。In this article, you learned how to enable and review the logs for the Kubernetes master components in your AKS cluster. 若要進行進一步的監視及疑難排解,您也可以檢視 Kubelet 記錄啟用 SSH 節點存取To monitor and troubleshoot further, you can also view the Kubelet logs and enable SSH node access.