Chapter 11. Generating a diagnostic bundle
You can generate a diagnostic bundle and send that data to enable the support team to provide insights into the status and health of Red Hat Advanced Cluster Security for Kubernetes components.
Red Hat might request you to send the diagnostic bundle during investigation of your issues with Red Hat Advanced Cluster Security for Kubernetes. You can generate a diagnostic bundle and inspect its data before sending.
The diagnostic bundle is unencrypted, and depending upon the number of clusters in your environment, the bundle size is between 100 KB and 1 MB. Always use an encrypted channel to transfer this data back to Red Hat.
11.1. Diagnostic bundle data
When you generate a diagnostic bundle, it includes the following data:
- Central heap profile.
- System logs: Logs of all Red Hat Advanced Cluster Security for Kubernetes components (for the last 20 minutes) and logs of recently crashed components (from up to 20 minutes before the crash). System logs depend on the size of your environment. For large deployments, data includes log files for components with critical errors only, such as a high restart count.
- YAML definitions for Red Hat Advanced Cluster Security for Kubernetes components: This data does not include Kubernetes secrets.
-
OpenShift Container Platform or Kubernetes events: Details about the events that relate to the objects in the
stackrox
namespace. Online Telemetry data, which includes:
- Storage information: Details about the database size and the amount of free space available in attached volumes.
- Red Hat Advanced Cluster Security for Kubernetes components health information: Details about Red Hat Advanced Cluster Security for Kubernetes components versions, their memory usage, and any reported errors.
- Coarse-grained usage statistics: Details about API endpoint invocation counts and reported error statuses. It does not include the actual data sent in API requests.
- Nodes information: Details about the nodes in each secured cluster. It includes kernel and operating system versions, resource pressure, and taints.
- Environment information: Details about each secured cluster, including Kubernetes or OpenShift Container Platform version, Istio version (if applicable), cloud provider type and other similar information.
11.2. Generating a diagnostic bundle by using the RHACS portal
You can generate a diagnostic bundle by using the system health dashboard in the RHACS portal.
Prerequisites
-
To generate a diagnostic bundle, you need
read
permission for theDebugLogs
resource.
Procedure
-
In the RHACS portal, select Platform Configuration
System Health. - On the System Health view header, click Generate Diagnostic Bundle.
- For the Filter by clusters drop-down menu, select the clusters for which you want to generate the diagnostic data.
- For Filter by starting time, specify the date and time (in UTC format) from which you want to include the diagnostic data.
- Click Download Diagnostic Bundle.
11.3. Generating a diagnostic bundle by using the roxctl CLI
You can generate a diagnostic bundle with the Red Hat Advanced Cluster Security for Kubernetes (RHACS) administrator password or API token and central address by using the roxctl
CLI.
Prerequisites
-
To generate a diagnostic bundle, you need
read
permission for theAdministration
resource. This is required for versions of theDebugLogs
resource older than version 3.73.0. - You must have configured the RHACS administrator password or API token and central address.
Procedure
To generate a diagnostic bundle by using the RHACS administrator password, perform the following steps:
Run the following command to configure the
ROX_PASSWORD
andROX_CENTRAL_ADDRESS
environment variables:$ export ROX_PASSWORD=<rox_password> && export ROX_CENTRAL_ADDRESS=<address>:<port_number> 1
- 1
- For
<rox_password>
, specify the RHACS administrator password.
Run the following command to generate a diagnostic bundle by using the RHACS administrator password:
$ roxctl -e "$ROX_CENTRAL_ADDRESS" -p "$ROX_PASSWORD" central debug download-diagnostics
To generate a diagnostic bundle by using the API token, perform the following steps:
Run the following command to configure the
ROX_API_TOKEN
environment variable:$ export ROX_API_TOKEN=<api_token>
Run the following command to generate a diagnostic bundle by using the API token:
$ roxctl -e "$ROX_CENTRAL_ADDRESS" central debug download-diagnostics