×

You can generate a diagnostic bundle and send that data to enable the support team to provide insights into the status and health of Red Hat Advanced Cluster Security for Kubernetes components.

Red Hat might request you to send the diagnostic bundle during investigation of your issues with Red Hat Advanced Cluster Security for Kubernetes. You can generate a diagnostic bundle and inspect its data before sending.

The diagnostic bundle is unencrypted, and depending upon the number of clusters in your environment, the bundle size is between 100 KB and 1 MB. Always use an encrypted channel to transfer this data back to Red Hat.

Diagnostic bundle data

When you generate a diagnostic bundle, it includes the following data:

  • Central heap profile.

  • System logs: Logs of all Red Hat Advanced Cluster Security for Kubernetes components (for the last 20 minutes) and logs of recently crashed components (from up to 20 minutes before the crash). System logs depend on the size of your environment. For large deployments, data includes log files for components with critical errors only, such as a high restart count.

  • YAML definitions for Red Hat Advanced Cluster Security for Kubernetes components: This data does not include Kubernetes secrets.

  • OpenShift Container Platform or Kubernetes events: Details about the events that relate to the objects in the stackrox namespace.

  • Online Telemetry data, which includes:

    • Storage information: Details about the database size and the amount of free space available in attached volumes.

    • Red Hat Advanced Cluster Security for Kubernetes components health information: Details about Red Hat Advanced Cluster Security for Kubernetes components versions, their memory usage, and any reported errors.

    • Coarse-grained usage statistics: Details about API endpoint invocation counts and reported error statuses. It does not include the actual data sent in API requests.

    • Nodes information: Details about the nodes in each secured cluster. It includes kernel and operating system versions, resource pressure, and taints.

    • Environment information: Details about each secured cluster, including Kubernetes or OpenShift Container Platform version, Istio version (if applicable), cloud provider type and other similar information.

Generating a diagnostic bundle by using the RHACS portal

You can generate a diagnostic bundle by using the system health dashboard on the RHACS portal.

Prerequisites
  • To generate a diagnostic bundle, you need read permission for the DebugLogs resource.

Procedure
  1. On the RHACS portal, select Platform ConfigurationSystem Health.

  2. On the System Health view header, click Generate Diagnostic Bundle.

  3. For the Filter by clusters drop-down menu, select the clusters for which you want to generate the diagnostic data.

  4. For Filter by starting time, specify the date and time (in UTC format) from which you want to include the diagnostic data.

  5. Click Download Diagnostic Bundle.

Generating a diagnostic bundle by using the roxctl CLI

You can generate a diagnostic bundle with the Red Hat Advanced Cluster Security for Kubernetes (RHACS) administrator password or API token and central address by using the roxctl CLI.

Prerequisites
  • To generate a diagnostic bundle, you need read permission for the Administration resource. This is required for versions of the DebugLogs resource older than version 3.73.0.

  • You must have configured the RHACS administrator password or API token and central address.

Procedure
  • To generate a diagnostic bundle by using the RHACS administrator password, perform the following steps:

    1. Run the following command to configure the ROX_PASSWORD and ROX_CENTRAL_ADDRESS environment variables:

      $ export ROX_PASSWORD=<rox_password> && export ROX_CENTRAL_ADDRESS=<address>:<port_number> (1)
      1 For <rox_password>, specify the RHACS administrator password.
    2. Run the following command to generate a diagnostic bundle by using the RHACS administrator password:

      $ roxctl -e "$ROX_CENTRAL_ADDRESS" -p "$ROX_PASSWORD" central debug download-diagnostics
  • To generate a diagnostic bundle by using the API token, perform the following steps:

    1. Run the following command to configure the ROX_API_TOKEN environment variable:

      $ export ROX_API_TOKEN=<api_token>
    2. Run the following command to generate a diagnostic bundle by using the API token:

      $ roxctl -e "$ROX_CENTRAL_ADDRESS" central debug download-diagnostics