A Kubernetes Job to collect resources, logs and events from a Kubernetes cluster. k8s-collector is a Job that can collect both resources (YAMLs) and logs when created.

k8s/collector.yaml contains the YAML to run it. Please be aware you will have to modify Job volume mounts (as it will store logs and resources in tmp directory). If you want to try it out on Kind cluster, then you can use this YAML which uses a persistent volume provided by KinD test/fv/collector.yaml

k8s-collector expects two argurments:

1. dir => this is the directory when all collected resources and logs will be stored
2. config-map => this is the name of the ConfigMap that contain the configuration on which logs/resources to collect. This README contains an example for such ConfigMap. ConfigMap must be in the same namespae of the Job.

apiVersion: batch/v1 kind: Job metadata: name: k8s-collector namespace: default spec: template: spec: restartPolicy: Never serviceAccountName: k8s-collector containers: - name: k8s-collector image: projectsveltos/k8s-collector-amd64:main imagePullPolicy: IfNotPresent env: - name: COLLECTOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace command: - /k8s-collector args: - --config-map=k8s-collector - --dir=/collection

Following is an example of ConfigMap containing the Collector configuration. Configuration is asking for:

• v1 Secrets and appsv1 Deployments to be collected in all namespaces
• logs to be collected for all pods in the kube-system namespace. Only the last 600 seconds.

apiVersion: v1 data: config.json: '{"resources":[{"group":"","version":"v1","kind":"Secret"},{"group":"apps","version":"v1","kind":"Deployment"}],"logs":[{"namespace":"kube-system","sinceSeconds":600}]}' kind: ConfigMap metadata: name: k8s-collector namespace: default

The content of the ConfigMap can be either JSON or YAML. Same ConfigMap using YAML

apiVersion: v1 data: config.yaml: |  resources:  - group: ""  version: v1  kind: Secret  - group: apps  version: v1  kind: Deployment  logs:  - namespace: kube-system  sinceSeconds:600 kind: ConfigMap metadata: name: k8s-collector namespace: default

When collecting resources, specify the group/version/kind. That is mandatory. Anything can be passed, including CustomResourceDefinitions. You can filter resources by namespace and/or labels. For instance to collect all Secret instances but only Deployment instances:

• in the nginx namespace and
• with labels app:nginx and version:latest

use the following ConfigMap

apiVersion: v1 data: config.yaml: |  resources:  - group: ""  version: v"  kind: Secret  - group: apps  version: v1  kind: Deployment  namespace: nginx  labelFilters:  - key: app  operation: Equal  value: nginx  - key: version  operation: Equal  value: latest kind: ConfigMap metadata: name: k8s-collector namespace: default

When collecting logs, you can select a subset of Pods by specifying the namespace and the label filters (same as for resources).

k8s-collector will create two folders:

1. logs => this will contain collected logs
2. resources => this will contain collected resources

Each directory contains one subdirectory per namespace. Sticking with above example in the logs directory we have a kube-system subdirectory (since we asked k8s-collector to collect logs in that directory only). Then within the kube-system sudirectory there is a log per pod/container pair. For instance

coredns-5dd5756b68-bb5hr-coredns kube-apiserver-sveltos-management-control-plane-kube-apiserver coredns-5dd5756b68-jjknb-coredns kube-controller-manager-sveltos-management-control-plane-kube-controller-manager etcd-sveltos-management-control-plane-etcd kube-proxy-qcvbf-kube-proxy kindnet-bf559-kindnet-cni kube-proxy-trk6j-kube-proxy kindnet-qzs4f-kindnet-cni kube-scheduler-sveltos-management-control-plane-kube-scheduler 

The resource subdirectory contains one directory per namespace. And within each namespace directory, there is one directory per Kind For instance, we asked k8s-collector to collect Secret and Deployment from any namespace, so

resources/cert-manager/ contains two subdirectories:

• Deployment => all collected Deployment instances in the cert-manager namespace will be here
• Secret => all collected Secret instance in the cert-manager namespace will be here

I developed to be used along with Sveltos but it can be used on its own.