Use the cluster inspection feature to identify potential risks - Container Service for Kubernetes

Container Service for Kubernetes (ACK) provides the cluster inspection feature. You can use this feature to periodically scan a cluster and identify potential risks in the cluster. For example, you can use this feature to check the remaining quotas of cloud resources and the usage of key resources in an ACK cluster. This topic describes how to use the cluster inspection feature to identify potential risks.

Prerequisites

An ACK managed cluster, an ACK Pro cluster or an ASK cluster is created. For more information, see Create an ACK managed cluster, Create an ACK dedicated cluster, or Create an ASK cluster.
The cluster runs as normal. You can navigate to the Clusters page and check whether the cluster is in the Running state.

Configure the cluster inspection feature

When ACK performs a cluster inspection, ACK collects data from the nodes in the cluster and then generates an inspection report. The information that ACK collects includes the system version, the workloads, the status of the components such as Docker and Kubelet, and the key information about the errors that are recorded in the system log. ACK does not collect business information or sensitive data. You can perform the following operations to configure the cluster inspection feature:

Log on to the ACK console.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster on which you want to perform a check and choose More > Cluster Check in the Actions column.
In the left-side navigation pane of the Container Intelligence Service console, choose Cluster Check > Regular Inspection.
In the Schedule Rule section, click Add.
In the Configure panel, specify the time zone and inspection schedule.
If an inspection rule already exists, you can click Delete in the Schedule Rule section of the Regular Inspection page to delete the inspection rule. After you delete the existing inspection rule, you can add a new inspection rule.
After you add an inspection rule, ACK inspects the cluster at the scheduled time. If ACK identifies potential risks, ACK generates events. You can log on to the ACK console and then view the events in the Events section on the Overview tab of the cluster.

Note On the Regular Inspection page, you can click Start in the Reports section to manually trigger a cluster inspection.
(Optional) Configure alerting for ACK.
You can configure alerting for ACK. This way, ACK can send alert notifications to you at the earliest opportunity. For more information, see Alert management.

View cluster inspection reports

After you configure the cluster inspection feature, ACK inspects the cluster at the scheduled time. You can perform the following operations to view the cluster inspection reports:

Log on to the ACK console.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster on which you want to perform a check and choose More > Cluster Check in the Actions column.
In the left-side navigation pane of the Container Intelligence Service console, choose Cluster Check > Regular Inspection.
In the Reports section, click Details in the operation column of of a report.
The following figure shows a cluster inspection report.The report displays the severity levels, names, and descriptions of different risks and provides suggestions on how to handle the risks. The severity levels include low, medium, and high. You can handle risks on the report details page. For more information about common risks and suggestions on how to handle the risks, see Cluster inspection alerts.