Tool for verifying Calico Enterprise installation, configuration and telemetry data.
Bash.
- Clone the repository
- Make sure your .kube/config is present in $HOME.
- You can directly run the script
./calico-cluster-check.sh
.
./calico-cluster-check.sh | tee execution_summary
config | description |
---|---|
grep_filter="egrep -i error|failed" |
controls behaviour for seeking error lines if any tailing is required |
tail_lines=200 |
[FLAG 4] limits tailing to 200 lines |
function | description/strategy |
---|---|
check_operator_based |
[FLAG 1] looks for the tigera-operator pods in all namespaces. |
check_kube_config |
checks and exports kubeconfig |
check_kubeVersion |
checks for kubernetes client and server versions and its drifts (Note 1). prints out information about distribution type (Note 2), and if Openshift , will also check for OCP Platform and Version (Note 3 and 4) |
check_cluster_pod_cidr |
Pod CIDR and IPPool dump (Note 5 and 6). Prints errors if not available. |
check_calico_pods |
checks calico pod statuses manually by inspecting the calico daemonset. counts desired, current, ready, up-to-date, and available. if desired != current, summary is displayed as an error. |
copy_logs |
[FLAG 2] copies /tmp -prefixed log directories to a diags package dir |
display_summary |
displays summary of all checks performed then tarballs all artifacts in $calico_logs ) |
function | description/strategy |
---|---|
check_kubeapiserver_status |
queries pods with label k8s-app=-tigera-apiserver and prints out status. if status is not Running the message is printed red indicating an error. |
function | description/strategy |
---|---|
check_tigera_version |
Checks tigera version (Note 7) |
check_tigera_license |
Checks tigera license and if it has expired (Note 8 and 9) |
check_tigerastatus |
Checks and displays tigera status (basically kubectl get tigerastatus ) |
check_es_pvc_status |
Enumerates PVC, PVs and Storage classes related to elastic search |
check_tigera_namespaces |
Checks if specific namespaces are present in this questionably-outdated list (Note 10) |
check_apiserver_status |
Enumeration of tigera-apiserver status (Note 11) |
check_tigera_pods |
[FLAG 3] Checks tigera-related pods in stages (Note 12, 13, 14) |
check_tier |
Enumerate for tier "allow-tigera " (Note 15) |
calico_telemetry |
Collect various telemetry stats stored in calico-logs so it can be included in the final tarball. |
Notes
kubectl version --short | awk 'NR==%VAR%{print $3}'
(whereNR==%VAR%
is1
and2
for client, server respectively)kubectl get Installation.operator.tigera.io -o jsonpath='{.items[0].spec.kubernetesProvider
kubectl get ClusterVersion.config.openshift.io -o jsonpath='{.items[0].status.desired.version
kubectl get infrastructure.config.openshift.io -o jsonpath='{.items[0].status.platform
kubectl cluster-info dump | grep -i "\-\-cluster\-cidr" |grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[1-9]\{1,2\}' | head -1
kubectl get ippool -o yaml | grep cidr | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[1-9]\{1,2\}
kubectl get clusterinformations.projectcalico.org default -o yaml | grep -i "cnxVersion" | awk '{print $2}'
kubectl get licensekeys.projectcalico.org -o yaml | grep "name:" | awk '{print $2}'
- License expiry check is available for Clusters with Calico Enterprise v3.0 onwards
("tigera-compliance" "tigera-eck-operator" "tigera-elasticsearch" "tigera-fluentd" "tigera-intrusion-detection" "tigera-kibana" "tigera-manager" "tigera-operator" "tigera-prometheus" "tigera-system")
kubectl get po -l k8s-app=tigera-apiserver -n tigera-system | awk 'NR==2{print $3}'
- Stage 1: check tigera apps (
tigera-manager
,tigera-operator
). Enumerate and list find logs for errors in a log tail [FLAG 4] - Stage 2: Enumerate kibana pods, their statuses and logs [FLAG 4]
- Stage 3: Enumerate fluentd pods, statuses and logs [FLAG 4]
kubectl get tier allow-tigera | awk 'NR==2{print $1}'
Flags
- WARNING: false positive
- Behaviour differs conditionally based on calico type (OSS or Ent)
- Large-ish function
- Tail lines limited to 200