4

Consider this Kubernetes Pod:

# pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: testing123
spec:
  containers:
  - name: testing123
    image: busybox:latest
    command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']

If I deploy this Pod and run logs I see this:

$ kubectl apply -f pod.yaml
$ k logs testing123           
Hello, Kubernetes!

So far, so good. I now "login" to the Pod and run an echo command:

$ k exec -ti testing123 -- ash
/ # echo "Run after logging in."
Run after logging in.
/ # exit
$ k logs testing123           
Hello, Kubernetes!
$

Why didn't Run after logging in. appear in the logs output of the Pod?

rlandster
  • 7,294
  • 14
  • 58
  • 96

1 Answers1

2

Containers logs are captured from their command line / entrypoint stdout and stderr.

When you enter a container (kubectl exec), you spawn a new process, with its own stdin/stdout/stderr.

SYN
  • 4,476
  • 1
  • 20
  • 22
  • Is there a way to tell the container to send all new process's stdout to the entrypoint's stdout? – rlandster May 01 '22 at 14:18
  • not that I know of. outside of kubectl exec, processes may fork() and start child processes, whose stdout may not be suitable for logging. Regarding kubectl exec specifically: I don't know of any way to log what's going on when someone enters a container. Maybe you could setup some profile for your shell, with some `exec 1>>/proc/1/fd/1` (? un-tested / redirect everything to the stdout of PID 1, which should be your entrypoint), Or just remove shells from container images. – SYN May 01 '22 at 14:31
  • While we should keep in mind: PID 1 would be your entrypoint most of the times ... Unless your pod is sharing the host PID namespace ( https://kubernetes.io/docs/concepts/security/pod-security-policy/#host-namespaces ). So really, there's no definitive answer for that one, AFAIK. – SYN May 01 '22 at 14:33