As you may now you can view the kubelet logs from an AKS node for troubleshooting purposes. The guidance provided in the Microsoft documentation lets spin you up a container in the AKS cluster which you then use to jump on the node via an SSH connection.
-> https://docs.microsoft.com/en-us/azure/aks/ssh
-> https://docs.microsoft.com/en-us/azure/aks/kubelet-logs
Another way you can use to view the kubelet logs is the serial console for Azure VMs. All what you need is to turn on the boot diagnostic logs first. But you do not have to restart the VM as stated in the documentation.
Afterwards we must set a password for the username specified during the AKS cluster deployment. At this point the approach viewing the kubelet logs via the serial console differs from the one in the documentation. The approach described in the documentation works with SSH keys and not a password.
Resetting the password for the username can be done in the Azure portal or with the Azure CLI.
-> https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/vmaccess#reset-password
Have a look at the following screenshot if you want to do it in the Azure portal.
When this is done we can click on “Serial console” to connect to the AKS node.
Typing in username and password and we are logged in to the node.
Running the following command gives us the kubelet log output on the serial console screen.
sudo journalctl -u kubelet -o cat
As you see the log output gets cut off with the above command in the serial console. Instead you should run the following ones to get a better view.
sudo journalctl -u kubelet > kubelet-logs.txt cat kubelet-logs.txt | more
In summary there are two ways to view the kubelet logs from an AKS node. First one is documented on Microsoft Docs and only requires access to the AKS cluster via kubectl and the SSH keys that have been used during the AKS provisioning. The second one uses native Azure tooling e.g. only the Azure portal to view the kubelet logs. But the last one requires certain Azure RBAC role permissions to be able to do it. Also setting a password for the username specified during the AKS deployment is a requirement.