Generate a diagnostic bundle

Learn how to generate diagnostic data for the StackRox Kubernetes Security Platform.

2 minute read

With the StackRox Kubernetes Security Platform version 3.0.39 and newer, you can generate a diagnostic bundle and send that data to enable the StackRox support team to provide insights into the status and health of the StackRox Kubernetes Security Platform components.

We may request you to send us the diagnostic bundle when we investigate your issues with the StackRox Kubernetes Security Platform. You can generate a diagnostic bundle and inspect its data before sending.

To generate a diagnostic bundle, you need read permission on the DebugLogs resource.

Using StackRox portal

To generate a diagnostic bundle by using the StackRox Portal, follow the instructions below depending on the StackRox Kubernetes Security Platform version you are using.

Version 3.0.39 till 3.0.52

  1. On the StackRox portal, select Platform Configuration > System Configuration.
  2. Under the Diagnostic Data section, select Download Diagnostic Data to download the diagnostic bundle as a single compressed zip file.

Version 3.0.53 and newer

  1. On the StackRox portal, select Platform Configuration > System Health.
  2. On the System Health view header, select Generate Diagnostic Bundle.
  3. For the Filter by clusters drop-down menu, select the clusters for which you want to generate the diagnostic data.
  4. For Filter by starting time, specify the date and time (in UTC format) from which you want to include the diagnostic data.
  5. Select Download Diagnostic Bundle.

Using the roxctl CLI

You can also generate a diagnostic bundle by using the roxctl CLI.

Run the following command to generate a diagnostic bundle:

Copy
roxctl central debug download-diagnostics

The diagnostic bundle is unencrypted, and typically, the size of the bundle is between 100 KB and 1 MB (depending upon the number of clusters in your environment). Always use an encrypted channel (Slack file send or Zendesk file upload) when you send this data to us.

Diagnostic bundle data

When you generate a diagnostic bundle, it includes the following data:

  • Central heap profile.
  • System logs: Logs of all StackRox Kubernetes Security Platform components (for the last 20 minutes) and logs of recently crashed components (from up to 20 minutes before the crash). System logs depend on the size of your environment. For large deployments, we collect log files for components with critical errors (for example, a high restart count) only.
  • Kubernetes YAML definitions for StackRox components: This data doesn’t include Kubernetes secrets.
  • Kubernetes events: Details about the events that relate to the objects in the StackRox namespace.
  • Online Telemetry data, which includes:
    • Storage information: Details about the database size and the amount of free space available in attached volumes.
    • StackRox components health information: Details about the StackRox Kubernetes Security Platform components version, their memory usage, and any reported errors.
    • Coarse-grained usage statistics: Details about API endpoint invocation counts and reported error statuses. It doesn’t include the actual data sent in API requests.
    • Nodes information: Details about the nodes in each secured cluster. It includes kernel and operating system versions, resource pressure, and taints.
    • Environment information: Details about each secured cluster, including Kubernetes or OpenShift version, Istio version (if applicable), cloud provider type and other similar information.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.