nomos bugreport contents

The nomos command-line tool helps with common administrative tasks for Config Sync, for example producing a diagnostic archive. The exact output and layout of the archive is subject to change and is not considered an API. The code for nomos is available in the Config Sync repository.

You can get similar information from your cluster by running kubectl get or kubectl logs, but the advantage of nomos bugreport is that it creates an archive of key information about the Config Sync system. When you contact Google Cloud Support, it's helpful to provide nomos bugreport output.

You can also use the output of nomos bugreport for your own debugging or internal support.

The nomos bugreport output file structure looks like this:

- raw/
  - cluster/
    - configmanagement/
  - namespaces/
    - config-management-monitoring/
    - config-management-system/
    - gatekeeper-system/
    - resource-group-system/
    - kube-system/
- processed/
  - status.txt
  - version.txt

The information you can get from nomos bugreport:

  1. Nomos version shows the Config Sync version, the output of nomos version.
  2. Nomos status shows the output of nomos status status, for example which commit is synced and any errors.
  3. Information about Config Sync custom resources:
    1. For cluster-scoped resources such as ConfigManagement and ClusterSelectors are located here: raw/cluster-1/cluster/configmanagement/.
    2. For namespace-scoped ones, such as RootSync, RepoSync and ResourceGroup are located here: raw/cluster-1/namespaces/namespace-1.
  4. Resources synced and managed by Config Sync:
    1. If you have RootSync and RepoSync APIs enabled, it's in ResourceGroup's spec. You can get the count of those resources, and their kind, namespace, and name.
    2. If you don't have RootSync and RepoSync APIs enabled and you specify git fields in your ConfigManagement object (deprecated), the full content of the resources is in ClusterConfigs and NamespaceConfigs. You should Migrate your ConfigManagement object.
  5. Logs of all Config Sync Pods are under raw/cluster-1/namespaces/pod-namespace-1/pod-name-1/container-name.txt.
  6. The full content of all Config Sync Pods: under raw/cluster-1/namespaces/pod-namespace-1/pods.txt.
  7. Are Config Sync RootSync and RepoSync APIs enabled (that is, using multi-repo mode) or not?
    1. Check the ConfigManagement resource and if you see spec.enableMultiRepo: true, RootSync and RepoSync APIs are enabled.
    2. If you see components such as RootSync, RepoSync, or reconciler Pods, you have RootSync and RepoSync APIs enabled.
    3. If you see components such as git-importer Pod, then RootSync and RepoSync APIs aren't enabled and you need to Migrate your ConfigManagement object.