meshctl experimental validate resources

Validate Gloo custom resources.

Synopsis

Validate the configuration of one or more Gloo custom resources before you apply the CRs to your environment. To see the fields that are validated and the accepted values for each field, check the API reference for each custom resource. This command also shows the anticipated changes to the input Gloo resources and output translated resources in your cluster.

  meshctl experimental validate resources [flags]
  

Examples

  
# Validate a RetryTimeoutPolicy from a file. This command checks the validity of the RetryTimeoutPolicy config, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.

meshctl x validate resources resource.yaml --kubecontext $MGMT_CONTEXT

# Validate resources in multiple files by targeting a directory. This command checks the validity of each resource, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.

meshctl x validate resources ./policies --kubecontext $MGMT_CONTEXT --interactive=false

# Validate multiple RetryTimeoutPolicy resources from STDIN. This command checks the validity of each RetryTimeoutPolicy, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.

meshctl x validate resources --kubecontext $MGMT_CONTEXT --interactive=false - <<EOF
apiVersion: resilience.policy.gloo.solo.io/v2
kind: RetryTimeoutPolicy
metadata:
  name: test1
  namespace: default
spec:
  applyToRoutes:
  - route:
      labels:
        app: test
  config:
    retries:
      attempts: 1
---
apiVersion: resilience.policy.gloo.solo.io/v2
kind: RetryTimeoutPolicy
metadata:
  name: test2
  namespace: default
spec:
  applyToRoutes:
  - route:
      labels:
        app: test
  config:
    retries:
      attempts: -1
EOF

# Check the validity of the existing applied resources, without passing in a resource file locally.

meshctl x validate resources --kubecontext $MGMT_CONTEXT

# Validate resources without connecting to the management cluster ("offline" mode) by using downloaded snapshots of resources from your management server.

meshctl x validate resources transformation-policy.yaml --input-snapshot input.json --output-snapshot output.json

# Preview the effects of enabling or disabling one or more feature gates on your Gloo installation, such as disabling the EnableJWTPolicyEastWestRoute feature gate.

meshctl x validate resources jwt-policy.yaml --feature-gates=EnableJWTPolicyEastWestRoute=false --input-snapshot input.json --output-snapshot output.json
        
  

Options

        --cluster string                           Name of the cluster that input resources (without a cluster annotation) should be applied to. Defaults to the discovered management cluster's name.
      --concurrency uint16                       Number of concurrent translations (default 8)
      --envoy-image string                       The Envoy image to use to validate Envoy filters that are generated by translated resources, in the format '<repo>/<image>:<version-tag>'. If provided, the '--istio-version' flag is ignored. If not provided, the default Envoy version for the Istio version is used.
      --feature-gates mapStringBool              A comma separated list of key=value pairs that describe feature gates, in the form 'FeatureFoo=true,FeatureBaz=false'. Supported features: AmbientMode,ApiProducts,ConfigDistribution,EnableDefaultTcpKeepalive,EnableJWTPolicyEastWestRoute,ExternalWorkloads,FastProgressiveDelivery,GatewayDefaultDenyAllHTTPRequests,GlooNetwork,InsightsConfiguration,IstioLifecycleAgent,ResolveEastWestHostConflicts,SafeMode,SafeModeAutoSkipWarming,VirtualDestinationWorkspacePolicyOverride
  -h, --help                                     help for resources
      --input-snapshot string                    JSON file containing the input snapshot. This triggers offline translation.
  -i, --interactive                              Run in interactive mode (default true)
      --istio-version string                     The Istio version to use for validation. If provided, the default Envoy version for this Istio version is used to validate Envoy filters that are generated by translated resources. (default "1.24.1-patch1-solo")
      --output-resource-file-size-limit string   File size limit (in Ki or Mi) to validate output resources against (default "1Mi")
      --output-snapshot string                   JSON file containing the output snapshot. When used with --input-snapshot, this triggers offline translation.
      --skip-detect-resource-changes             Skip phase: 'Indicates which resources have changed from the given input snapshot and given output snapshot.'
      --skip-envoy-config                        Skip phase: 'Validates resulting Envoy config, and displays any errors or warnings.'
      --skip-input-resource-diff                 Skip phase: 'Shows the diff between the input resources and the latest input snapshot.'
      --skip-load-resources                      Skip phase: 'Loads input and output resources, either from local snapshot files or from a management cluster.'
      --skip-output-resource-diff                Skip phase: 'Shows the diff between the output resources and the latest output snapshot.'
      --skip-schema-validation                   Skip phase: 'Validates the schema of individual resources.'
      --skip-translation                         Skip phase: 'Translates the input resources into output resources, and displays any errors or warnings.'
      --skip-version-check                       Skip phase: 'Compares the meshctl version and discovered Gloo Mesh version.'
      --timeout duration                         Timeout for each phase in minutes (default 5m0s)
  

Options inherited from parent commands

        --kubeconfig string    Path to the kubeconfig file for the cluster.
      --kubecontext string   Kubernetes context for the cluster to run the command in.
  -n, --namespace string     Namespace to run the command in. (default "gloo-mesh")
      --plain                Disable styling for terminal output.
  -v, --verbose              Enable verbose logging.
  

SEE ALSO