Tailer is a tool designed to dynamically monitor Kubernetes pod logs, ensuring that logs from all containers, including new and recreated pods, are collected without missing critical events. Tailer overcomes Kubernetes’ default connection timeout limitations and provides a robust solution for long-term log collection. Tools like Stern and Kail also face the same challenge due to Kubernetes’ default connection timeout limitations, which can disrupt long-term log monitoring. Tailer overcomes these issues and provides a robust solution for persistent log collection.
Kubernetes enforces a default idle connection timeout of 4 hours (streamingConnectionIdleTimeout). This timeout means that any log streaming session will be forcefully closed after 4 hours, regardless of whether data is still being streamed. This behavior can lead to:
- Interrupted Log Streaming: Persistent log monitoring tools using
kubectl logs -fmay suddenly stop without an apparent reason, resulting in gaps in log collection. - Confusion and Non-intuitive Defaults: The default 4-hour timeout is not explicitly documented in many contexts, leaving users unaware of why their connections are dropping.
- Operational Challenges: Systems requiring continuous log monitoring must implement their own mechanisms to detect and restart closed connections, adding complexity to tool design.
For more details, refer to:
Tailer mitigates these challenges by:
- Periodically refreshing log streams to ensure no logs are missed.
- Dynamically detecting new or recreated pods and starting log collection without manual intervention.
- Excluding specific pods and containers as per user requirements.
- Dynamic Pod Detection: Automatically detects newly created or recreated pods.
- Container Filtering: Allows excluding specific containers or pods from log collection.
- Log Refreshing: Periodically refreshes all log streams to handle Kubernetes' default timeout.
- Threaded Design: Uses threads for efficient log collection from multiple pods and containers.
- Customizable Arguments: Provides CLI arguments for namespace, output file, excluded containers, and excluded pods.
- Dynamic Pod Tracking: Tailer continuously monitors the namespace for newly created or recreated pods and dynamically starts log collection for all containers in those pods.
- Periodic Refresh: Every 2 hours (default), Tailer refreshes log streams to avoid idle timeout issues.
- Exclusion Mechanism: Users can specify pods or containers to exclude from log collection.
- Threaded Log Collection: Each container log stream runs in its own thread for scalability.
-nor--namespace: Kubernetes namespace to monitor (required).-oor--output-file: Path to the file where logs will be saved (required).--exclude-containers: Comma-separated list of container names to exclude.--exclude-pods: Comma-separated list of pod names to exclude.
python tailer.py -n my-namespace -o logs.txt --exclude-containers container1,container2 --exclude-pods pod1,pod2Processing new pod: app-pod
Tailing logs for container: app-container
Tailing logs for container: sidecar-container
Refreshing logs...
Processing new pod: recreated-pod
Tailing logs for container: main-container
- Clone the repository containing the Tailer script.
- Install Python (>= 3.6).
- Ensure
kubectlis installed and configured to access the target Kubernetes cluster. - Run the script with the desired arguments.
docker run alirezvani76/tailer:latest python tailer.py -n my-namespace -o logs.txt --exclude-containers container1,container2 --exclude-pods pod1,pod2
You can use as this examples
- Tailer relies on
kubectlfor log collection, and its behavior is subject to Kubernetes API limitations. - Log streams may briefly pause during the periodic refresh cycle.
- Support for specifying a custom refresh interval.
- Integration with logging frameworks like Fluentd or Loki for centralized log aggregation.
- Enhanced error handling for complex Kubernetes environments.
Tailer ensures reliable and robust log collection, mitigating challenges introduced by Kubernetes' connection timeout behavior.