Monitor a Cluster
What you’ll accomplish
Section titled “What you’ll accomplish”UDS clusters include two Kubernetes controllers built with Pepr. By the end of this guide you’ll know how to:
- Stream logs from both controllers in a single view
- Filter logs by controller type or policy action
- Use flags to control output format and history
Prerequisites
Section titled “Prerequisites”- UDS CLI installed
- Access to a running UDS cluster
Before you begin
Section titled “Before you begin”UDS Core runs two Pepr-based controllers that uds monitor streams logs from:
| Controller | Pod prefix | Responsibility |
|---|---|---|
| Admission Controller | pepr-uds-core | Validates and mutates resources; enforces UDS Exemptions |
| Operator Controller | pepr-uds-core-watcher | Manages lifecycle of UDS Package resources |
-
Confirm the controllers are running
Terminal window uds zarf tools kubectl get pods -n pepr-systemYou should see
pepr-uds-core-*andpepr-uds-core-watcher-*pods in aRunningstate before proceeding. -
Stream logs
Run the command matching what you want to observe:
All logs: aggregate admission and operator logs into a single stream:
Terminal window uds monitor peprOperator logs only: UDS Package processing, status updates, and errors:
Terminal window uds monitor pepr operatorAll policy decisions (allow, deny, mutate):
Terminal window uds monitor pepr policiesSpecific policy actions:
Terminal window uds monitor pepr allowed # allow logsuds monitor pepr denied # deny logsuds monitor pepr mutated # mutation logsuds monitor pepr failed # deny + operator error logs -
(Optional) Refine with flags
Flag Description -f,--followContinuously stream logs (keep the session open) --jsonReturn raw JSON output --since <duration>Only show logs newer than the given duration (e.g., 5s,2m,3h). Defaults to all logs.-t,--timestampsShow timestamps in log output Terminal window # Follow all logs with timestampsuds monitor pepr --follow --timestamps# Show only the last 5 minutes of policy deny logsuds monitor pepr denied --since 5m# Get raw JSON for programmatic processinguds monitor pepr --json
Verification
Section titled “Verification”Confirm logs are streaming by running:
uds monitor pepr --followYou should see a continuous stream of admission and operator events as activity occurs in the cluster.
Troubleshooting
Section titled “Troubleshooting”Problem: No logs returned
Section titled “Problem: No logs returned”Symptom: uds monitor pepr returns immediately with no output.
Solution: Confirm the cluster is a UDS cluster with Pepr installed.
Problem: Connection error
Section titled “Problem: Connection error”Symptom: An error connecting to the cluster when running uds monitor pepr.
Solution: Verify kubectl can reach the cluster with kubectl get nodes.
Problem: Log stream cuts off
Section titled “Problem: Log stream cuts off”Symptom: Logs stop streaming after a short time.
Solution: Add --follow to keep the stream open.
Related Documentation
Section titled “Related Documentation”- Use Bundle Overrides: Tune deployments at runtime with Helm overrides and variables.
- Use UDS Runner: Automate workflows with
tasks.yaml.