amazon-eks-ami
amazon-eks-ami copied to clipboard
awslabs
get basic kubernetes objects info using kubectl
Issue #, if available:
- When a customer opens a support case, AWS Premium Support Engineers do not have visibility to customer Cluster information.
- Hence, Engineers ask customers to execute kubectl commands and provide more information on Cluster Objects.
- We need a script that can collect basic information (not entire cluster dump) so that script output can provide pointers for engineers to troubleshoot the issue, save time.
Description of changes:
-
kubectl-collector.shbash scripts queries EKS API Server using kubectl command line and collects basic information (kubectl get, describe (on specific resources)) of a EKS/Kubernetes Cluster and generates a tar ball file. -
This is similar to EKS Log Collector scirpt. EKS Log collector focuses on logs specific to a worker node. Whereas, kubectl-collector focuses on logs specific to cluster objects.
$ bash kubectl-collector.sh Trying... kubectl get configmap aws-auth -n kube-system -o yaml Trying... kubectl get daemonset aws-node -n kube-system -o yaml Trying... kubectl get daemonset kube-proxy -n kube-system -o yaml Trying... kubectl get configmap kube-proxy -n kube-system -o yaml Trying... kubectl get configmap kube-proxy-config -n kube-system -o yaml Trying... kubectl get deployment coredns -n kube-system -o yaml Trying... kubectl get configmap coredns -n kube-system -o yaml Trying... kubectl get bindings --all-namespaces -o wide Error from server (NotFound): Unable to list "/v1, Resource=bindings": the server could not find the requested resource Trying... kubectl get componentstatuses --all-namespaces -o wide Warning: v1 ComponentStatus is deprecated in v1.19+ Trying... kubectl get configmaps --all-namespaces -o wide Trying... kubectl get endpoints --all-namespaces -o wide Trying... kubectl get events --all-namespaces -o wide Trying... kubectl get limitranges --all-namespaces -o wide No resources found Trying... kubectl get nodes --all-namespaces -o wide Trying... kubectl get persistentvolumeclaims --all-namespaces -o wide Trying... kubectl get persistentvolumes --all-namespaces -o wide Trying... kubectl get pods --all-namespaces -o wide Trying... kubectl get podtemplates --all-namespaces -o wide No resources found Trying... kubectl get replicationcontrollers --all-namespaces -o wide No resources found Trying... kubectl get resourcequotas --all-namespaces -o wide No resources found Trying... kubectl get secrets --all-namespaces -o wide Trying... kubectl get serviceaccounts --all-namespaces -o wide Trying... kubectl get services --all-namespaces -o wide Trying... kubectl get challenges --all-namespaces -o wide No resources found Trying... kubectl get orders --all-namespaces -o wide No resources found Trying... kubectl get mutatingwebhookconfigurations --all-namespaces -o wide Trying... kubectl get validatingwebhookconfigurations --all-namespaces -o wide Trying... kubectl get customresourcedefinitions --all-namespaces -o wide Trying... kubectl get apiservices --all-namespaces -o wide Trying... kubectl get gatewayroutes --all-namespaces -o wide No resources found Trying... kubectl get meshes --all-namespaces -o wide Trying... kubectl get virtualgateways --all-namespaces -o wide No resources found Trying... kubectl get virtualnodes --all-namespaces -o wide Trying... kubectl get virtualrouters --all-namespaces -o wide Trying... kubectl get virtualservices --all-namespaces -o wide Trying... kubectl get controllerrevisions --all-namespaces -o wide Trying... kubectl get daemonsets --all-namespaces -o wide Trying... kubectl get deployments --all-namespaces -o wide Trying... kubectl get replicasets --all-namespaces -o wide Trying... kubectl get statefulsets --all-namespaces -o wide No resources found Trying... kubectl get tokenreviews --all-namespaces -o wide Error from server (MethodNotAllowed): the server does not allow this method on the requested resource Trying... kubectl get localsubjectaccessreviews --all-namespaces -o wide Error from server (NotFound): Unable to list "authorization.k8s.io/v1, Resource=localsubjectaccessreviews": the server could not find the requested resource Trying... kubectl get selfsubjectaccessreviews --all-namespaces -o wide Error from server (MethodNotAllowed): the server does not allow this method on the requested resource Trying... kubectl get selfsubjectrulesreviews --all-namespaces -o wide Error from server (MethodNotAllowed): the server does not allow this method on the requested resource Trying... kubectl get subjectaccessreviews --all-namespaces -o wide Error from server (MethodNotAllowed): the server does not allow this method on the requested resource Trying... kubectl get horizontalpodautoscalers --all-namespaces -o wide Trying... kubectl get cronjobs --all-namespaces -o wide No resources found Trying... kubectl get jobs --all-namespaces -o wide Trying... kubectl get certificaterequests --all-namespaces -o wide Trying... kubectl get certificates --all-namespaces -o wide Trying... kubectl get clusterissuers --all-namespaces -o wide No resources found Trying... kubectl get issuers --all-namespaces -o wide Trying... kubectl get certificatesigningrequests --all-namespaces -o wide No resources found Trying... kubectl get leases --all-namespaces -o wide Trying... kubectl get eniconfigs --all-namespaces -o wide No resources found Trying... kubectl get endpointslices --all-namespaces -o wide Trying... kubectl get ingressclassparams --all-namespaces -o wide Trying... kubectl get targetgroupbindings --all-namespaces -o wide No resources found Trying... kubectl get events --all-namespaces -o wide Trying... kubectl get ingresses --all-namespaces -o wide Trying... kubectl get flowschemas --all-namespaces -o wide Trying... kubectl get prioritylevelconfigurations --all-namespaces -o wide Trying... kubectl get alertmanagers --all-namespaces -o wide No resources found Trying... kubectl get prometheuses --all-namespaces -o wide Trying... kubectl get servicemonitors --all-namespaces -o wide Trying... kubectl get ingressclasses --all-namespaces -o wide Trying... kubectl get ingresses --all-namespaces -o wide Trying... kubectl get networkpolicies --all-namespaces -o wide No resources found Trying... kubectl get runtimeclasses --all-namespaces -o wide No resources found Trying... kubectl get poddisruptionbudgets --all-namespaces -o wide Trying... kubectl get podsecuritypolicies --all-namespaces -o wide Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ Trying... kubectl get clusterrolebindings --all-namespaces -o wide Trying... kubectl get clusterroles --all-namespaces -o wide Trying... kubectl get rolebindings --all-namespaces -o wide Trying... kubectl get roles --all-namespaces -o wide Trying... kubectl get priorityclasses --all-namespaces -o wide Trying... kubectl get csidrivers --all-namespaces -o wide Trying... kubectl get csinodes --all-namespaces -o wide Trying... kubectl get csistoragecapacities --all-namespaces -o wide No resources found Trying... kubectl get storageclasses --all-namespaces -o wide Trying... kubectl get volumeattachments --all-namespaces -o wide No resources found Trying... kubectl get securitygrouppolicies --all-namespaces -o wide No resources found Trying... archive gathered information Done... your kubectl command logs are located in $(pwd)/eks_kubectl_commands_2022-04-09_1238-EDT.tar.gz
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
I support making this a separate script, because not all users will want to hand over a dump of their API objects.
My only concern is that this isn't strictly related to the EKS AMI, it's more of a general EKS troubleshooting tool. But, we don't have a better place for it today (that I'm aware of).
@saiteja313 can you update the log collector README with some example usage + output of this script?
@saiteja313 can you update the log collector README with some example usage + output of this script?
Done. I rearranged some part of the doc as well to make easy to navigate.
@cartermckinnon I made changes to the script so that it can dynamically pulls the existing Kubernetes objects using kubectl api-resources and queries each object individually.
We discussed this change internally a while ago; and the consensus was that this is useful resource for troubleshooting but isn't really appropriate to add to the node-specific log collection script, and (more generally) shouldn't be merged into this repository. There was a suggestion that a repository be created for such resources; but I don't know the status of that work, and I don't think this needs to be left open here. We can always resurrect it and transfer it over if/when the time comes.