gke/Logs
Product: Google Kubernetes Engine Kind: Debugging Tree
Description
This runbook guides you through a systematic investigation of potential causes when logs from the Google Kubernetes Engine (GKE) cluster are missing or incomplete. The focus is on core configuration settings that are essential for proper logging functionality.
The following areas are examined:
-
Project-Level Logging: Ensures that the Google Cloud project housing the GKE cluster has the Cloud Logging API enabled.
-
Cluster-Level Logging: Verifies that logging is explicitly enabled within the GKE cluster’s configuration.
-
Node Pool Permissions: Confirms that the nodes within the cluster’s node pools have the ‘Cloud Logging Write’ scope enabled, allowing them to send log data.
-
Service Account Permissions: Validates that the service account used by the node pools possesses the necessary IAM permissions to interact with Cloud Logging. Specifically, the “roles/logging.logWriter” role is typically required.
-
Cloud Logging API Write Quotas: Verifies that Cloud Logging API Write quotas have not been exceeded within the specified timeframe.
Executing this runbook
gcpdiag runbook gke/logs \
-p project_id=value \
-p name=value \
-p location=value
Parameters
| Name | Required | Default | Type | Help |
|---|---|---|---|---|
project_id |
True | None | str | The ID of the project hosting the GKE Cluster |
name |
True | None | str | (Optional) The name of the GKE cluster, to limit search only for this cluster |
location |
True | None | str | The zone or region of the GKE cluster |
Get help on available commands
gcpdiag runbook --help