Add-ons
Troubleshoot Gloo add-ons that extend the functionality of your setup.
External auth service
With the external auth service, you can protect your APIs by enforcing auth. For more information, see External authentication and authorization.
Check that the pod is running. Note that your add-ons might exist in the
gloo-mesh-addons
namespace instead.Make sure that you created all of the external auth-related custom resources, such as server and policy configs.
Check that the
AuthConfig
internal custom resource is created and in an Accepted state.To get detailed logs for the external auth service, change the log level to
DEBUG
.- Edit the external auth service.
- In the
spec.container.env
section, find theLOG_LEVEL
environment variable and set it toDEBUG
. - Apply the updated configuration.
- Make sure that the external auth service pod restarts.
- Optional: To generate fresh logs, send a request to a service that is protected by an external auth policy.
- Edit the external auth service.
Check the logs of the Gloo external auth server in your workload cluster.
Optionally, you can format the output with
jq
or save it in a local file so that you can read and analyze the output more easily.If you enabled the OPA server sidecar, check that the OPA server is healthy. If the OPA server is not healthy, try the OPA troubleshooting docs. Common errors include misconfiguration such as the wrong credentials to download a bundle. Note the following example command pipes the output to
jq
for readability.
Rate limiter
With the rate limiter, you can protect your APIs by enforcing limits on the number of requests within a certain timeframe, such as 100 requests per minute. For more information, see Rate limiting.
- Check that the pod is running. Note that your add-ons might exist in the
gloo-mesh-addons
namespace instead. - Make sure that you created all of the rate limiting-related custom resources, such as server and client configs.
- Check the logs of the Gloo rate limiter in your workload cluster. To view logs recorded since a relative duration such as 5s, 2m, or 3h, you can specify the
--since <duration>
flag.Optionally, you can format the output withjq
or save it in a local file so that you can read and analyze the output more easily.