Examples of collecting information
- Gather information about the Kubernetes cluster’s resources: Pods, Deployments, Services, Ingress, Nodes, Events.
- Collect information about the present network settings:
- Print the routes on the worker nodes
- Collect Calico pods, policies, global network policies, profiles, etc.
- Display actual iptables rules deployed to the worker nodes
- Show the VLAN, Ingress, and other configmaps
- Display information about the ALB and related authentication container versions.
- Collect VPN status, routes, rules, NAT information, logs, resources, etc. for strongSwan.
Examples of pre-defined tests
- Ping all worker nodes and pods. This test pings all known IPs (as well as an external public IP) within a cluster from a Daemonset running on each node in the cluster.
- Deploy a basic coffee and tea ingress resource (deploys the complete example in a unique namespace and validates ingress works correctly).
- Validate ingress annotation syntax (that kubectl apply just accepts without checking).
- Validate whether the VLAN configuration associated with the ALB is matching the environment.
- Verify the existence of necessary secrets (accidental deletes happen surprisingly often).
- Scan for errors in the ALB logs.
- Test the strongSwan VPN connection and transport, check for the ipsec ports availability, etc. These tests will only produce test results if the strongSwan VPN Helm chart is installed.
How can I use it?
Installing the Diagnostics and Debug Tool is very easy. In its current form, it exists in a helm chart that you can install from the official IBM Cloud Helm repository. Please visit the following link to install the IBM Cloud Kubernetes Service Diagnostics and Debug Tool.
Installing without Tiller
Although you need to have helm installed on your laptop, you don’t necessarily have to install Tiller onto your cluster. Here is how.
Add the IBM repo, update (if you already had it), and download the chart into
$ helm repo add ibm https://registry.bluemix.net/helm/ibm
"ibm" has been added to your repositories
$ helm repo update
$ helm fetch ibm/ibmcloud-iks-debug --untar --untardir ./ibm-diagnostics-tool-chart
kubectl is set up correctly (
kubectl get nodes should work). By running the following, the helm will generate the
.yamls, which you then apply directly to your cluster. No Tiller installed:
$ helm template --namespace ibm-system --name my-debugger ./ibm-diagnostics-tool-chart/ibmcloud-iks-debug/ | kubectl apply -f -
(It will create a service account, role binding, daemonset, and the debug tool itself.)
Make sure the pods are running:
$ kubectl get pods -n ibm-system |grep my-debugger
my-debugger-ibmcloud-iks-debug-55d86f766c-v95b7 1/1 Running 0 116s
my-debugger-ibmcloud-iks-debug-check-state 0/1 Completed 0 116s
my-debugger-ibmcloud-iks-debug-daemonset-czdzc 1/1 Running 0 116s
my-debugger-ibmcloud-iks-debug-daemonset-klbsc 1/1 Running 0 116s
my-debugger-ibmcloud-iks-debug-daemonset-qsmp5 1/1 Running 0 116s
my-debugger-ibmcloud-iks-debug-validate-tests 0/1 Completed 0 116s
From here you can just follow the documented steps and run the kubectl proxy:
$ kubectl proxy --port 8080
Then, open the debug tool UI in your browser:
$ open \