Custom resources

Sometimes, you might create Gloo resources and expect a certain result, such as a policy applying to traffic or a gateway listening for traffic. If you do not get the expected result, try the following general debugging steps.

  1. Check the Gloo resources in your management and remote clusters. You might find the following commands useful.
    kubectl get apischemas,workspaces,workspacesettings,roottrustpolicies,dashboards,kubernetesclusters -A
    
    kubectl get ratelimitserverconfigs,RatelimitConfigs,ratelimitserversettings,ratelimitclientconfigs,ratelimitpolicies,wasmdeploymentpolicies,externalendpoints,externalservices,accesslogpolicies,failoverpolicies,faultinjectionpolicies,outlierdetectionpolicies,jwtpolicies,wafpolicies,retrytimeoutpolicies,accesspolicies,connectionpolicies,corspolicies,csrfpolicies,extauthpolicies,mirrorpolicies,transformationpolicies,authorizationpolicies,extauthserver,headermanipulationpolicies -A
    
    kubectl get virtualgateways,routetables,virtualdestinations,virtualservices,externalservices,externalendpoints -A
    
    kubectl get apischemas,graphqlresolvermaps,graphqlschemas,graphqlstitchedschemas -A
    
    kubectl get gatewaylifecyclemanagers,istiolifecyclemanagers -A
    
  2. Describe the resource, and look at the global status, events, and other areas for more information.
    kubectl describe virtualgateway $GATEWAY_NAME -n $NAMESPACE
    
  3. If you see an error or warning in the global status, launch the Gloo UI, find the resource, and click View YAML. You can review workspace and cluster-specific details about the status in the UI.
  4. Verify that the resource is in the workspace that you expect it to be in. You can check the resource's namespace against the namespaces that are included in the workspace resource on the management cluster.
  5. Verify that related resources are in the same workspace, or are exported and imported appropriately. For example, your virtual gateway must be in the same workspace as the route table and policy that you want it to work with.
  6. If applicable, verify that the ports are set up appropriately on the resource and the backing service. For example, your virtual gateway might listen on port 80, which matches the port of the Kubernetes service for the gateway deployment.
  7. Check the logs of the management server in the management cluster for accepted or translated resource messages. You might find common translation errors, such as a resource missing from the expected namespace or cluster. Create the resource or correct the resource configuration, and try again.
  8. Check the logs of agent pods on the remote cluster that the resource is created in.
  9. Check for Gloo resource's translated Istio resources in the same namespace. If the Istio resource exists, describe the resource and make sure that its configuration matches what you expect based on the Gloo resource configuration. If no Istio resource exists, try debugging your Gloo components. For example, your Gloo resources might not belong to the expected Gloo workspace, cluster, or namespace.
  10. If you upgraded Gloo versions recently, make sure that you applied the CRDs as part of the upgrade.
  11. If you continue to see error messages that indicate state reconciliation issues, try restarting the Redis pod.