r-vasquez
commented
2 weeks ago One of the alternatives discussed with @chrisseto is to:
- Authenticate from an out-of-cluster client (rpk) to the k8s API using the kubeconfig file, Example: https://github.com/kubernetes/client-go/tree/master/examples/out-of-cluster-client-configuration
- Grab all the information needed from the k8s API, in this case: a. Logs b. Discover all pods in the cluster and get the Admin API addresses. c. Resources for debugging (current list here)
- From the out-of-cluster client, call every pod and execute a modified
rpk debug bundlein each redpanda container. a. The modified command will need to be able to receive the previously-gathered k8s info. b. The modified command will need to return the bundle information in a way that the caller can read it. c. To execute a command, we can use: https://github.com/kubernetes/client-go/tree/master/tools/remotecommand - The out-of-cluster client will have to stitch the bundles obtained from each pod.
This is a major refactor of the current way that the command works and will likely need an RFC first.
Please be aware that some of these changes are being made to overcome current limitations:
- To discover admin API addresses:
- Being able to store logs on disk on k8s environments. (Not yet discussed with Core)
Who is this for and what problem do they have today?
Currently, rpk relies on having a ClusterRole to collect the information needed for the debug bundle, see:
https://docs.redpanda.com/current/manage/kubernetes/troubleshooting/k-diagnostics-bundle/#generate-a-diagnostics-bundle
This is done to:
Alternatives discussed:
This issue is to track the discussion, but the alternatives discussed are:
kubeconfig, and authenticate. This will allow collection of the Logs and Resources, but it has its limitations regarding the Admin API calls.JIRA Link: CORE-2649