On this page
meshctl experimental validate resources
Reference for the ‘meshctl experimental validate resources’ command.
meshctl experimental validate resources
Validate Gloo custom resources.
Synopsis
Validate the configuration of one or more Gloo custom resources before you apply the CRs to your environment. To see the fields that are validated and the accepted values for each field, check the API reference for each custom resource. This command also shows the anticipated changes to the input Gloo resources and output translated resources in your cluster.
meshctl experimental validate resources [flags]
Examples
# Validate a RetryTimeoutPolicy from a file. This command checks the validity of the RetryTimeoutPolicy config, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.
meshctl x validate resources resource.yaml --kubecontext $MGMT_CONTEXT
# Validate resources in multiple files by targeting a directory. This command checks the validity of each resource, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.
meshctl x validate resources ./policies --kubecontext $MGMT_CONTEXT --interactive=false
# Validate multiple RetryTimeoutPolicy resources from STDIN. This command checks the validity of each RetryTimeoutPolicy, shows the anticipated changes to input Gloo resources and output translated resources, and checks the validity of the rest of your applied resources.
meshctl x validate resources --kubecontext $MGMT_CONTEXT --interactive=false - <<EOF
apiVersion: resilience.policy.gloo.solo.io/v2
kind: RetryTimeoutPolicy
metadata:
name: test1
namespace: default
spec:
applyToRoutes:
- route:
labels:
app: test
config:
retries:
attempts: 1
---
apiVersion: resilience.policy.gloo.solo.io/v2
kind: RetryTimeoutPolicy
metadata:
name: test2
namespace: default
spec:
applyToRoutes:
- route:
labels:
app: test
config:
retries:
attempts: -1
EOF
# Check the validity of the existing applied resources, without passing in a resource file locally.
meshctl x validate resources --kubecontext $MGMT_CONTEXT
# Validate resources without connecting to the management cluster ("offline" mode) by using downloaded snapshots of resources from your management server.
meshctl x validate resources transformation-policy.yaml --input-snapshot input.json --output-snapshot output.json
# Preview the effects of enabling or disabling one or more feature gates on your Gloo installation, such as disabling the EnableJWTPolicyEastWestRoute feature gate.
meshctl x validate resources jwt-policy.yaml --feature-gates=EnableJWTPolicyEastWestRoute=false --input-snapshot input.json --output-snapshot output.json
Options
--cluster string Name of the cluster that input resources (without a cluster annotation) should be applied to. Defaults to the discovered management cluster's name.
--concurrency uint16 Number of concurrent translations (default 8)
--envoy-image string The Envoy image to use to validate Envoy filters that are generated by translated resources, in the format '<repo>/<image>:<version-tag>'. If provided, the '--istio-version' flag is ignored. If not provided, the default Envoy version for the Istio version is used.
--feature-gates mapStringBool A comma separated list of key=value pairs that describe feature gates, in the form 'FeatureFoo=true,FeatureBaz=false'. Supported features: AmbientMode,ApiProducts,ConfigDistribution,EnableDefaultTcpKeepalive,EnableJWTPolicyEastWestRoute,ExternalWorkloads,FastProgressiveDelivery,GatewayDefaultDenyAllHTTPRequests,GlooNetwork,InsightsConfiguration,IstioLifecycleAgent,ResolveEastWestHostConflicts,SafeMode,SafeModeAutoSkipWarming,VirtualDestinationWorkspacePolicyOverride
-h, --help help for resources
--input-snapshot string JSON file containing the input snapshot. This triggers offline translation.
-i, --interactive Run in interactive mode (default true)
--istio-version string The Istio version to use for validation. If provided, the default Envoy version for this Istio version is used to validate Envoy filters that are generated by translated resources. (default "1.24.1-patch1-solo")
--output-resource-file-size-limit string File size limit (in Ki or Mi) to validate output resources against (default "1Mi")
--output-snapshot string JSON file containing the output snapshot. When used with --input-snapshot, this triggers offline translation.
--skip-detect-resource-changes Skip phase: 'Indicates which resources have changed from the given input snapshot and given output snapshot.'
--skip-envoy-config Skip phase: 'Validates resulting Envoy config, and displays any errors or warnings.'
--skip-input-resource-diff Skip phase: 'Shows the diff between the input resources and the latest input snapshot.'
--skip-load-resources Skip phase: 'Loads input and output resources, either from local snapshot files or from a management cluster.'
--skip-output-resource-diff Skip phase: 'Shows the diff between the output resources and the latest output snapshot.'
--skip-schema-validation Skip phase: 'Validates the schema of individual resources.'
--skip-translation Skip phase: 'Translates the input resources into output resources, and displays any errors or warnings.'
--skip-version-check Skip phase: 'Compares the meshctl version and discovered Gloo Mesh version.'
--timeout duration Timeout for each phase in minutes (default 5m0s)
Options inherited from parent commands
--kubeconfig string Path to the kubeconfig file for the cluster.
--kubecontext string Kubernetes context for the cluster to run the command in.
-n, --namespace string Namespace to run the command in. (default "gloo-mesh")
--plain Disable styling for terminal output.
-v, --verbose Enable verbose logging.
SEE ALSO
- meshctl experimental validate - Perform validations
- meshctl experimental validate resources clean - Clean up validation logs.