You can diagnose one or more nodes at a time in the Alibaba Cloud Container Service for Kubernetes (ACK) console and collect the diagnostic logs. This topic describes how to collect diagnostic logs with a few clicks.

Authorize nodes to upload diagnostic logs to OSS

If you want to upload diagnostic logs from nodes to an Object Storage Service (OSS) bucket, you must first grant the nodes the write permissions on the specified directory in OSS. Procedure:

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Policies under Permissions.
  3. In the Policy Name column, click the name of the target custom policy.
    Note System policies and custom policies are available in Alibaba Cloud Resource Access Management (RAM). System policies can be viewed but cannot be modified. However, custom policies can be created, viewed, and modified.
  4. On the Policy Document tab, click Modify Policy Document.
  5. On the Modify Policy Document page, add the following content, and enter the bucket name and directory as shown in the following figure.Modify the policy
    {
        "Action": [
            "oss:GetBucket",
            "oss:PutObject",
            "oss:GetObject"
        ],
        "Resource": [
            "acs:oss:*:*:<the OSS bucket name>/<the directory for storing diagnostic logs>/*"
        ],
        "Effect": "Allow"
    },
    {
        "Action": [
            "oss:GetBucketInfo"
        ],
        "Resource": [
            "acs:oss:*:*:<the OSS bucket name>"
        ],
        "Effect": "Allow"
    }

Select nodes for diagnostics

  1. Log on to the ACK console.
  2. In the left-side navigation pane, choose Clusters > Nodes.
  3. On the Nodes page, select one or more nodes, and then click Node Diagnosis.
  4. In the Node Diagnosis dialog box, perform the following operations:
    • Select the Upload to OSS check box, and perform the following steps:

      After you select the check box, you can upload diagnostic logs to an OSS bucket. Before you perform the following steps, you must authorize the worker role of the target cluster to upload logs to the specified OSS bucket. For more information, see Authorize nodes to upload diagnostic logs to OSS.

      1. Enter the name and directory of the OSS bucket.

        For example, if you want to upload node diagnostic logs to myBucket in the /acs/diagnose directory, enter myBucket/acs/diagnose.

      2. Specify whether to share diagnostic logs.

        After you select the check box, the system generates a temporary link for the collected diagnostic logs. You can click the hyperlink to download the logs, or share the link with the ACK support team to request technical support.

      3. Click OK.

        After the preceding steps are complete, you can obtain the task ID of Cloud Assistant in the ACK console. Then, you can use the task ID to find and view the logs of diagnostic script executions in the Elastic Compute Service (ECS) console.

      4. In the Node Diagnosis dialog box, click Go to Cloud Assistant to View Diagnosis Script Execution Logs.
      5. On the Cloud Assistant page, click the Tasks tab.
      6. Find the target task ID, and then click View.

        You can view the collected diagnostic log files in the corresponding directory in the OSS console.

    • Clear the Upload to OSS check box, and click OK.

      If you clear the Upload to OSS check box, you do not need to authorize the worker role of the target cluster to upload the collected logs to an OSS bucket. To view the collected diagnostic logs, log on to the ECS console. In the left-side navigation pane, choose Maintenance & Monitoring > Send Remote Commands (Cloud Assistant), and click the Tasks tab.