0
0
Kubernetesdevops~10 mins

Container logging architecture in Kubernetes - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Container logging architecture
Container writes logs
Logs stored in container stdout/stderr
Kubelet reads logs from container runtime
Logs saved to node's log files
Log collector agent (e.g., Fluentd) reads node logs
Logs forwarded to central storage or analysis system
User queries logs from central system
Logs flow from containers to node files, then collected by agents and sent to central storage for user access.
Execution Sample
Kubernetes
# Container writes logs
kubectl logs <pod-name>
# Fluentd collects logs
# Logs sent to Elasticsearch
# User queries logs via Kibana
Shows the path of logs from container output to user query in a Kubernetes cluster.
Process Table
StepActionSourceDestinationResult
1Container writes logsApplication inside containerContainer stdout/stderrLogs generated and output
2Kubelet reads logsContainer runtimeNode log filesLogs saved on node disk
3Log collector reads logsNode log filesLog collector agentLogs collected for forwarding
4Logs forwardedLog collector agentCentral storage (e.g., Elasticsearch)Logs stored centrally
5User queries logsCentral storageUser interface (e.g., Kibana)Logs displayed to user
6ExitN/AN/ALogging process complete
💡 Logging ends after user retrieves logs from central system
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
LogsNoneGenerated in container stdout/stderrSaved in node log filesCollected by log agentStored in central systemAvailable for user query
Key Moments - 3 Insights
Why don't containers write logs directly to central storage?
Containers write logs to stdout/stderr which are stored locally on the node; log collectors then forward logs to central storage. This separation allows containers to remain lightweight and decouples logging from application code, as shown in execution_table steps 1 to 4.
What role does the kubelet play in logging?
The kubelet reads logs from the container runtime and saves them to node log files, acting as the bridge between container output and node storage (execution_table step 2).
How does the user access logs from multiple containers?
Users query logs from a central storage system where logs from all nodes and containers are aggregated by log collectors, as shown in execution_table steps 4 and 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, at which step are logs saved on the node disk?
AStep 4
BStep 2
CStep 1
DStep 5
💡 Hint
Check the 'Destination' column for node log files in execution_table row with Step 2.
According to variable_tracker, what is the state of logs after Step 3?
ALogs generated in container stdout/stderr
BLogs stored in central system
CLogs collected by log agent
DLogs saved in node log files
💡 Hint
Look at the 'Logs' row under 'After Step 3' in variable_tracker.
If the log collector agent fails, which step in the execution_table would be directly affected?
AStep 3
BStep 2
CStep 1
DStep 5
💡 Hint
Step 3 describes the log collector reading logs; failure here stops forwarding.
Concept Snapshot
Container logging architecture:
- Containers write logs to stdout/stderr
- Kubelet saves logs to node files
- Log collector agents gather logs
- Logs forwarded to central storage
- Users query logs centrally
This decouples logging from apps and centralizes log management.
Full Transcript
In Kubernetes container logging architecture, containers write logs to their standard output streams. The kubelet reads these logs from the container runtime and saves them as files on the node. A log collector agent, such as Fluentd, reads these node log files and forwards the logs to a central storage system like Elasticsearch. Finally, users can query and view these logs through interfaces such as Kibana. This flow ensures logs are collected reliably and centralized for easy access and analysis.