You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/azure/azure-kubernetes/logs/capture-system-insights-from-aks.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,15 +7,15 @@ editor: v-jsitser
7
7
ms.reviewer: cssakscic, josebl, v-leedennis
8
8
ms.service: azure-kubernetes-service
9
9
ms.topic: how-to
10
-
ms.date: 08/09/2024
10
+
ms.date: 07/01/2025
11
11
ms.custom: sap:Monitoring and Logging
12
12
---
13
13
14
14
# Capture real-time system insights from an AKS cluster
15
15
16
16
This article discusses the process of gathering real-time system insights from your Microsoft Azure Kubernetes Service (AKS) cluster by using Inspektor Gadget. The article contains step-by-step instructions for installing this tool on your AKS environment. It also explores practical examples that show how Inspektor Gadget helps you gather valuable information to do effective debugging of real-world issues.
17
17
18
-
## Demo
18
+
## Demo-How to trace DNS traffic
19
19
20
20
To begin, consider the following quick demo. Suppose that you have to figure out why the DNS requests from an application fail. By using Inspektor Gadget, you can capture the DNS traffic in the Kubernetes namespace in which your application is running:
From this information, we can see that the DNS requests are directed to the DNS server at IP address `1.2.3.4` (`NAMESERVER` column), but we only see the queries (`Q` in `QR` column) and no responses (`R` in `QR` column). This means that the DNS server didn't respond to the queries, which is why the application can't resolve the domain name `www.example.com`.
34
+
From this information, we can see that the DNS requests are directed to the DNS server at IP address `1.2.3.4` (the `NAMESERVER` column), but we only see the queries (`Q` in `QR` column) and no responses (`R` in `QR` column). This means that the DNS server didn't respond to the queries, which is why the application can't resolve the domain name `www.example.com`.
35
35
36
36
Now, suppose that `1.2.3.4` isn't the default name server configuration, and you suspect that a malicious process is modifying the configuration at runtime. In these kinds of cases, Inspektor Gadget goes beyond DNS diagnostics. It also enables you to monitor processes that access critical files (such as */etc/resolv.conf*) and have the intention of modifying those files. To do that, filter the flags in the output to show any of the [writing file access modes](https://linux.die.net/man/3/open) (`O_WRONLY` to open for writing only, or `O_RDWR` to open for reading and writing):
37
37
@@ -140,7 +140,7 @@ Use the instructions for your OS:
140
140
apt update && apt install -y curl
141
141
```
142
142
143
-
2. Download Microsoft GPG public key:
143
+
2. Download Microsoft GNU Privacy Guard (GPG) public key:
144
144
145
145
```bash
146
146
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | tee /usr/share/keyrings/microsoft.asc
@@ -228,13 +228,15 @@ Use the instructions for your OS:
228
228
apt install -y kubectl-gadget
229
229
```
230
230
231
+
---
232
+
231
233
Now, verify the installation by running the `version` command:
232
234
233
235
```bash
234
236
kubectl gadget version
235
237
```
236
238
237
-
The `version` command shows you the version of the client (`kubectl gadget` plug-in), but it also tells you that it isn't installed yet on the server (the cluster):
239
+
The command output shows you the version of the client (`kubectl gadget` plug-in), and it isn't installed yet on the server (the cluster):
238
240
239
241
```output
240
242
Client version: vX.Y.Z
@@ -271,7 +273,7 @@ Client version: vX.Y.Z
271
273
Server version: vX.Y.Z
272
274
```
273
275
274
-
Notice that by deploying Inspektor Gadget using the `kubectl gadget` plug-in available in the Microsoft Cloud-Native repository, the container image used for the DaemonSet is automatically pulled from the Microsoft Container Registry (MCR):
276
+
When deploying Inspektor Gadget with the `kubectl gadget` plug-in available in the Microsoft Cloud-Native repository, the container image used for the DaemonSet is automatically pulled from the Microsoft Container Registry (MCR):
275
277
276
278
```bash
277
279
kubectl get daemonset gadget -n gadget -o jsonpath='{.spec.template.spec.containers[*].image}'
0 commit comments