/amazon-eks-diag

Primary LanguagePowerShellApache License 2.0Apache-2.0

amazon-eks-diag

amazon-eks-diag is a PowerShell module to help Amazon EKS users gather diagnostic information from their Amazon EC2 Windows worker nodes. The module is executed in a local PowerShell session on each worker node. The module will gather the local diagnostic information for this node only, and compresses the information into an archive. For security, the archive is left on the local file system for the system administrator to choose an apropriate mechanism for retrieving the archive.

Usage

The module needs to be run on an EC2 Windows worker node. There are many ways of distributing the module to a node. The most straight forward is using the AWS.Tools.S3 SDK to upload the module to S3, and then download it on the node. Example:

  1. Compress the amazon-eks-diag module directory, and write the archive to S3
Compress-Archive -Path .\amazon-eks-diag\ -DestinationPath .\amazon-eks-diag.zip
Write-S3Object -BucketName my-bucket -Key modules/amazon-eks-diag.zip -File .\amazon-eks-diag.zip
  1. On your node, download the archive and extract it
Read-S3Object -BucketName my-bucket -Key modules/amazon-eks-diag.zip -File .\amazon-eks-diag.zip
Expand-Archive -Path .\amazon-eks-diag.zip -DestinationPath .\
  1. Open a powershell session with the appropriate elevation, import the module, and execute the diagnostic tool
Import-Module .\amazon-eks-diag
$outputZip = Start-EKSDiag

Diagnostic Information Gathered

Following is a categorical overview of the diagnostic information gathered by the tool in the way the data is gathered by the tool:

  1. EKS & EC2 Windows related log and configuration files
    • $ENV:ProgramData\Amazon\EKS\logs\**\*.log
    • $ENV:ProgramData\Amazon\EKS\cni\**\*.config
    • $ENV:ProgramData\Amazon\EC2-Windows\**\*.log
    • $ENV:ProgramData\Amazon\SSM\**\*.log (Excluding ipcTempFeil.log from SSM Session Manager)
  2. Related PowerShell objects serialized into JSON
    • Get-NetAdapter
    • Get-NetRoute
    • Get-HNSNetwork
    • Get-HNSEndpoint
    • Get-HNSPolicyList
    • Get-ScheduledTask -TaskName '*EKS*'
    • Get-EventLog -LogName 'EKS'
    • Get-Service -Name 'kubelet'
    • Get-Service -Name 'kube-proxy'
    • Get-Service -Name 'docker'
    • Get-Service -Name 'AmazonSSMAgent'
  3. Related executable output
    • docker ps -a
    • docker images -a
    • docker network ls
    • aws-iam-authenticator version
    • kubelet --version
    • kube-proxy --version
  4. Pester test output from the tests stored within the local module
    • amazon-eks-diag.hns.tests.ps1
    • amazon-eks-diag.kubeproxy.tests.ps1
    • amazon-eks-diag.kubelet.tests.ps1
  5. A PowerShell transcript of the entire tool execution for transparency

Help

Get-Help Start-EKSDiag -Full

Unit Testing

Install-Module Pester -Repository PSGallery -SkipPublisherCheck -Force
.\Start-UnitTests.ps1

License

This project is licensed under the Apache-2.0 License.