Using stern to view logs on Kubernetes 

Stern is a kubernetes tool that allows you to tail logs from multiple PODs at one time. I find stern to be an invaluable tool everyday and it's simple to install and use.  It makes tailing logs from multiple Pods of a deployment trivial and no more difficult than tailing files on your local system.

Installation:

• Binary releases: https://github.com/wercker/stern/releases
• Mac: brew install stern
• Of course you can build it from source as well.

The problem stern solves

Before stern, it was a multi-step process to view the logs of my application's pods.  First, I'd fire up kubeclt and get all the pod names:

$ kubectl get pods

NAME                                            READY     STATUS    RESTARTS   AGE

helloworld-7cc4755575-7kbdd       2/2       Running   0          15h

helloworld-7cc4755575-7t2pf       2/2       Running   0          15h

helloworld-7cc4755575-gpdtm       2/2       Running   0          15h

Then I'd use kubeclt again to tail each individual pods logs, and I'd have to match the pod name and container name precisely, or the command would fail:

$ kubectl logs  helloworld-7cc4755575-7kbdd app --since 2m

[GIN] 2018/07/20 - 11:09:51 | 200 |     1.08808ms | GET      /planet/1a0ffebfcbea

[GIN] 2018/07/20 - 11:10:03 | 201 |   11.273898ms | POST     /planet

[GIN] 2018/07/20 - 11:11:27 | 200 |    7.740818ms | GET      /planet/9e7e61e8615e

Okay... that's the logs for one container in one pod, now I just need to repeat the process for every container in the pod and then multiple that by the number of pods in the deployment.  And there's no way for me to stream all of them together easily.

It's easy to see that this is a far from ideal expedient process and there's got to be a better way to do this.

Using stern

Thankfully, stern eliminates all the tedium associated with tailing pod logs in Kubernetes and provides a simple easy to use interface.   Let's go back to our example above: I need to view the logs of my applications logs.  With stern, I can accomplish that task with one command:

$ stern helloworld -s 20s 

helloworld-gd2g9 app [GIN] 2018/07/20 - 11:50:45 | 200 |   22.813937ms | PUT   /planet/b8ae-0d1c6f1a83e7

helloworld-gd2g9 app [GIN] 2018/07/20 - 11:50:45 | 200 |   15.813246ms | DELETE /planet/0d1c6f1a83e7

helloworld-gd2g9 app [GIN] 2018/07/20 - 11:50:46 | 200 |     6.73568ms | GET /planet/0d1c6f1a83e7

helloworld-gd2g9 app [GIN] 2018/07/20 - 11:50:49 | 201 |   21.484858ms | POST /planet

helloworld-lnkfw app [GIN] 2018/07/20 - 11:50:50 | 200 |     729.593µs | GET /planet/0d1c6f1a83e7

helloworld-lnkfw sidecar [GIN] 2018-07-20T11:50:50Z | 200 |  1.361762ms | GET /planet/0d1c6f1a83e7 

As you can see, stern tailed all the pods and all the containers in one stream.  This is incredibly powerful and useful.

Of course, stern allows you to filter your results by:

• regex's that match pods
• which containers (--container -c)
• how far back in time to get logs (--since -s),
• the type of output (--output -o).  Since we do structure JSON logs

I use -o=raw all the time to get raw logs and then filter them via https://stedolan.github.io/jq/