gke/Logs

Provides a methodical approach to troubleshooting GKE logging issues.

Product: Google Kubernetes Engine Kind: Debugging Tree

Description

This runbook guides you through a systematic investigation of potential causes when logs from the Google Kubernetes Engine (GKE) cluster are missing or incomplete. The focus is on core configuration settings that are essential for proper logging functionality.

The following areas are examined:

  • Project-Level Logging: Ensures that the Google Cloud project housing the GKE cluster has the Cloud Logging API enabled.

  • Cluster-Level Logging: Verifies that logging is explicitly enabled within the GKE cluster’s configuration.

  • Node Pool Permissions: Confirms that the nodes within the cluster’s node pools have the ‘Cloud Logging Write’ scope enabled, allowing them to send log data.

  • Service Account Permissions: Validates that the service account used by the node pools possesses the necessary IAM permissions to interact with Cloud Logging. Specifically, the “roles/logging.logWriter” role is typically required.

  • Cloud Logging API Write Quotas: Verifies that Cloud Logging API Write quotas have not been exceeded within the specified timeframe.

Executing this runbook

gcpdiag runbook gke/logs \
  -p project_id=value \
  -p name=value \
  -p location=value

Parameters

Name Required Default Type Help
project_id True None str The ID of the project hosting the GKE Cluster
name True None str (Optional) The name of the GKE cluster, to limit search only for this cluster
location True None str The zone or region of the GKE cluster

Get help on available commands

gcpdiag runbook --help

Potential Steps