Azure Kubernetes Service Control Plane Logs

Azure Kubernetes Service (AKS) is a managed Kubernetes service such that you have access to just the Kubernetes API endpoint. You don’t get to see the kube-apiserver, controller-manager, and scheduler pods. Sometimes you may want to debug why the controller-manager is unable to create Azure loadbalancer and IPs and it’d be nice to have these logs, right?

Here comes the Azure Diagnostics Logs! The control plane logs are already being collected by AKS. All you need to do is to enable it!

Go to the resource group that contains your AKS resource on Azure portal. Click “Diagnostics Logs” side pane. Click the AKS resource. Click “Turn on diagnostics to collect the following data”. Then you can specify where to send logs such as Azure Storage, EventHub, or Log Analytics. Check the control plane component you want to collect. That’s it!

Below is an example to show the logs in Log Analytics.

search *
| where Type == "AzureDiagnostics"
| where Category == "kube-controller-manager"
| project log_s

(Hopefully this instruction will be updated to AKS official doc soon..)