To monitor the Gloo Mesh Enterprise components more easily, Gloo automatically sets up alerts for certain metrics. These metrics include:

  • Latency: The time it takes to translate or reconcile Gloo resources in your environment.
  • Gloo agents: Monitors the connection between the Gloo mangement server and workload clusters.
  • Translation errors: Reports the Gloo resources that cannot be correctly translated into Istio or Cilium resources.
  • Redis errors: Lists connection failures between the Gloo management server and the Redis database where all of the Gloo configuration is stored.

To view the alerts that Gloo automatically sets up and any alerts that you configure in your Gloo Mesh Enterprise environment:

  • Check the /alerts page of the Prometheus UI to manually review alerts.
  • Deploy an instance of Prometheus Alertmanager to set up alert notifications.

View default alerts

  1. Get the secret that holds the Prometheus server configuration.

      kubectl get secret gloo-prometheus-server -n gloo-mesh -o yaml --context $MGMT_CONTEXT
      

    Example output:

      apiVersion: v1
    data:
      alerting_rules.yml: Z3Jvd...
      prometheus.yml: cnVs..
    kind: Secret
    metadata:
      annotations:
        meta.helm.sh/release-name: gloo-platform
        meta.helm.sh/release-namespace: gloo-mesh
      creationTimestamp: "2023-10-26T14:11:44Z"
      labels:
        app.kubernetes.io/managed-by: Helm
      name: gloo-prometheus-server
      namespace: gloo-mesh
      resourceVersion: "3195993"
      uid: 6585b914-8d49-4623-a62f-d9bec09a4448
    type: Opaque 
      
  2. Decode the alert.yml configuration.

      echo "Z3JvdXBzOgotIG5hbWU6IEdsb29QbGF0Zm..." | base64 -D
      

Latency alerts

Gloo Mesh Enterprise sets up default alerts that monitor the time it takes for a Gloo resource to get translated or reconciled.

GlooPlatformTranslationLatencyIsHigh

Use this alert to receive warnings when the Gloo management server takes longer than usual to translate Gloo resources in to the corresponding Istio resources. The alert is configured as a histogram and is set on the 99th percentile. Alerts are sent when the translation time is higher than 10 seconds for 99% of the time during a specific timeframe.

You can customize this alert and for example send critical alerts when you reach the 99th percentile, and warnings for lower percentiles, such as 70. Note that the percentile value depends on your environment. For example, if the cluster that runs your Gloo management server is shared, you might to want use a lower percentile so that you have enough time to reschedule workloads or add resources if translation times become critical. On the other hand, if your cluster is dedicated to the Gloo management plane only and comes with additional compute resources, you can use higher percentile values for your critical alerts.

Review the default configuration of the alert. You can customize values, such as the severity, the overall timeframe that the threshold must meet before an alert is sent (duration), or the interval in which data is collected for the histogram (bucket distribution).

CharacteristicValue
TypeHistogram
Expressionhistogram_quantile(0.99, sum(rate(gloo_mesh_translation_time_sec_bucket[5m])) by(le)) > 10
Duration15 Minutes
SeverityWarning
Bucket distribution in seconds1, 2, 5, 10, 15, 20, 25, 30, 45, 60, 120
Recommended troubleshooting guideLink

GlooPlatformReconcilerLatencyIsHigh

The Gloo reconciler applies translated Gloo resources in your workload clusters so that the desired state in your Gloo environment can be reached. This alert notifies you when the time that the reconciler needs to apply the desired resources takes longer than 80 seconds. The alert is configured as a histogram and set on the 99th percentile.

You can customize this alert and for example send critical alerts when you reach the 99th percentile, and warnings for lower percentiles, such as 70. Note that the percentile value depends on your environment. For example, if the cluster that runs your Gloo management server is shared, you might want to use a lower percentile so that you have enough time to reschedule workloads or add resources if reconciliation times become critical. On the other hand, if your cluster is dedicated to the Gloo management plane only and comes with additional compute resources, you can use higher percentile values for your critical alerts.

Review the default configuration of the alert. You can customize values, such as the severity, the overall timeframe that the threshold must be met before an alert is sent (duration), or the interval in which data is collected for the histogram (bucket distribution).

CharacteristicValue
TypeHistogram
Expressionhistogram_quantile(0.99, sum(rate(gloo_mesh_reconciler_time_sec_bucket[5m])) by(le)) > 80
Duration15 Minutes
SeverityWarning
Bucket distribution in seconds1, 2, 5, 10, 15, 30, 50, 80, 100, 200
Recommended troubleshooting guideLink

Gloo agents alerts

Gloo automatically monitors the relay connection between the Gloo management server and Gloo agents, and notifies you if issues are found.

GlooPlatformAgentsAreDisconnected

This alert is used to notify you when a Gloo agent in a workload cluster is not connected to the Gloo management server. By default, you get a warning alert as soon as one cluster loses connectivity to the management server. However, depending on your cluster environment you might want to change this alert to critical.

Review the default configuration of the alert. You can customize values, such as the severity, or the overall timeframe that the threshold must be met before an alert is sent (duration).

CharacteristicValue
TypeCounter
Expressioncount by(cluster) (sum by(cluster) (relay_push_clients_warmed == 0)) > 0
Duration5 Minutes
SeverityWarning
Recommended troubleshooting guideRelay connection
Agent

Translation alerts

Gloo automatically sets up alerts to monitor Gloo resources that cannot be translated correctly.

GlooPlatformTranslationWarnings

Sometimes Gloo resource configurations include partial errors or refer to other unknown Gloo resources, such as a gateway or destination. When the Gloo management server translates the resource, the translation itself works, but referenced resources for example could not be found. The Gloo resource is then marked with a warning state. When a resource with a warning state is found during a 5 minute timeframe, the alert is triggered.

Review the default configuration of the alert. You can customize values, such as the expression or severity.

CharacteristicValue
TypeCounter
Expressionincrease(translation_warning[5m]) > 0
SeverityWarning

For more information about how to troubleshoot this error, see Custom resources.

GlooPlatformTranslationErrors

Translation errors can happen if the Gloo resource configuration is correct, but the Gloo management server has an issue with applying the resource or reconciling Gloo agents. If such an error occurs, the resource state changes to Failed. When a resource with a failed state is found during a 5 minute timeframe, the alert is triggered.

Review the default configuration of the alert. You can customize values, such as the expression or severity.

CharacteristicValue
TypeCounter
Expressionincrease(translation_error[5m]) > 0
SeverityWarning

For more information about how to troubleshoot this error, see Custom resources.

GlooPlatformClustersNotWarming

For environments where safe mode is enabled, this alert is triggered when one or more Gloo management server replicas run in safe mode for more than 10 minutes. If you see this alert, make sure to check the workload clusters that triggered safe mode for connectivity issues. Safe mode might also be triggered, because of the Gloo management server or Redis being unavailable or unstable.

CharacteristicValue
TypeCounter
Expressioncount by(cluster) (sum by(cluster) (gloo_mesh_safe_mode_active != 0)) > 0
Duration10 Minutes
SeverityError

For more information about how to troubleshoot this error, see Management server and relay connection.

Redis alerts

Gloo sets up alerts to monitor the read and write operations between the Gloo management server and Redis.

GlooPlatformRedisErrors

In the event that the Gloo management server cannot read from the Gloo Redis instance during a 5 minute timeframe, an alert is automatically triggered.

CharacteristicValue
TypeCounter
Expressionincrease(gloo_mesh_redis_sync_err[5m]) > 0
SeverityWarning
Recommended troubleshooting guideLink