Monitor RootSync and RepoSync objects

This page shows you different ways that you can monitor your RootSync and RepoSync objects. For example, you might want to verify if your latest commit in a source of truth is applied to a cluster and reconciled successfully.

View logs

This section explains how to view the logs for the RootSync and RepoSync objects. Viewing the logs provides information on potential errors.

  • To view the logs for the RootSync or RepoSync reconciler, run the following command:

    kubectl logs -n config-management-system deployment/RECONCILER_NAME CONTAINER_NAME

    Replace the following:

    • RECONCILER_NAME: the reconciler name of the RootSync or RepoSync object.

      • For RootSync, the reconciler name is root-reconciler-ROOT_SYNC_NAME or root-reconciler if the name of RootSync is root-sync.

      • For RepoSync, the reconciler name is ns-reconciler-NAMESPACE-REPO_SYNC_NAME-REPO_SYNC_NAME_LENGTH or ns-reconciler-NAMESPACE if the name of RepoSync is repo-sync, where NAMESPACE is the namespace you created your RepoSync object in.

    • CONTAINER_NAME: the container name.

      • git-sync: The git-sync container pulls configs from your Git repository to a local directory that the reconciler container can read.

      • oci-sync: The oci-sync container pulls configs from your OCI image to a local directory that the reconciler container can read.

      • helm-sync: The helm-sync container pulls configs from your Helm chart to a local directory that the reconciler container can read.

      • hydration-controller: The hydration-controller container renders any Helm or Kustomize configurations pulled from your repository, and then saves the rendered configs in the shared volume for the reconciler container to further process.

      • reconciler: The reconciler container applies configs to the cluster.

      • otel-agent: The otel-agent container is an OpenTelemetry agent for retrieving and exporting Config Sync metrics.

View synced commits

You can check which commit is synced to the cluster by checking the .status.sync field in the RootSync or RepoSync object.

  • To view synced commits for a RootSync object, run the following command:

    kubectl get rootsync ROOT_SYNC_NAME -n config-management-system

    Replace ROOT_SYNC_NAME with the name of the RootSync object.

  • To view synced commits for a RepoSync object, run the following command:

    kubectl get reposync REPO_SYNC_NAME -n REPO_SYNC_NAMESPACE

    Replace the following:

    • REPO_SYNC_NAME: the name of the RepoSync object.
    • REPO_SYNC_NAMESPACE: the namespace that you created your namespace repository in.

The output for these commands show you the value of the source commit and the synced commit. For example, if you ran the command for the RepoSync, you would see output similar to the following:

NAME        RENDERINGCOMMIT                            SOURCECOMMIT                               SYNCCOMMIT
root-sync   66882815f0ef5517df27e864fb1315e97756ab72   66882815f0ef5517df27e864fb1315e97756ab72   66882815f0ef5517df27e864fb1315e97756ab72

The value in the RENDERINGCOMMIT column is the commit that is processed by the hydration-controller. If no rendering is needed, the value is the same as the SOURCECOMMIT column. The value in the SOURCECOMMIT column is the commit from the source of truth that should be synced to the cluster. The value in the SYNCCOMMIT column is the commit that is deployed to the cluster. If the two values in the SOURCECOMMIT and SYNCCOMMIT columns are the same, the expected commit has been deployed to the cluster.

Confirm resources in the commit are reconciled

For each RootSync or RepoSync object, there is a unique ResourceGroup object that captures the reconciliation status of the managed resources declared in the source of truth. The ResourceGroup object has the same namespace and name as the RootSync or RepoSync object. For example, for the RootSync object with the name root-sync in the namespace config-management-system, the corresponding ResourceGroup object is also root-sync in the namespace config-management-system. When the latest commit is applied successfully, the ResourceGroup object contains the group, kind, namespace, and name of the managed resources from the latest commit.

You can run the following command to get a ResourceGroup object:

  • To get the ResourceGroup object for a RootSync object:

    kubectl get resourcegroup ROOT_SYNC_NAME -n config-management-system -o yaml

  • To get the ResourceGroup object for a RepoSync object:

    kubectl get resourcegroup REPO_SYNC_NAME -n REPO_SYNC_NAMESPACE -o yaml

    Replace the following:

    • ROOT_SYNC_NAME: the name of the ResourceGroup object that you want to look up.
    • REPO_SYNC_NAME: the name of the ResourceGroup object that you want to look up.
    • REPO_SYNC_NAMESPACE: the name of the ResourceGroup object that you want to look up.

To confirm that the resources in the commit are reconciled, look for the following in the output:

  • The .status.observedGeneration equals the value of the field .metadata.generation in the ResourceGroup object.
  • The Stalled condition and Reconciling condition both have status as "False".
  • Each item in the .status.resourceStatuses field has the status as Current.

View errors

RootSync and RepoSync objects use the status field to track errors encountered when syncing the configs from the source of truth to a cluster.

  • To view the status of a RootSync object, run the following command:

    kubectl get rootsync ROOT_SYNC_NAME -n config-management-system -o yaml

    Replace the ROOT_SYNC_NAME with the name of the RootSync object.

  • To view the status of a RepoSync object, run the following command:

    kubectl get reposync REPO_SYNC_NAME -n NAMESPACE -o yaml

    Replace the following:

    • REPO_SYNC_NAME: the name of the RepoSync object.
    • NAMESPACE: the namespace that you created your namespace repository in.

The following table explains the subfields under the status field:

Field Description
status.rendering.errors The errors encountered during the process of rendering kustomize configs from the source of truth. This might not include all the encountered errors, since Config Sync truncates errors if there are too many errors.
status.rendering.errorSummary.totalCount An integer tracking the total number of errors encountered during the process of rendering the configs from the source of truth.
status.rendering.errorSummary.truncated A boolean indicating whether the status.rendering.errors field includes all the errors encountered during the process of rendering the configs from the source of truth.
status.rendering.errorSummary.errorCountAfterTruncation An integer tracking the number of errors in the status.rendering.errors field.
status.source.errors The errors encountered while reading and parsing the configs from the source of truth. This might not include all the encountered errors, since Config Sync truncates errors if there are too many errors.
status.source.errorSummary.totalCount An integer tracking the total number of errors encountered while reading and parsing the configs from the source of truth.
status.source.errorSummary.truncated A boolean indicating whether the status.source.errors field includes all the errors encountered while reading and parsing the configs from the source of truth.
status.source.errorSummary.errorCountAfterTruncation An integer tracking the number of errors in the status.source.errors field.
status.sync.errors The errors encountered while applying the configs from the source of truth. This might not include all the encountered errors, since Config Sync truncates errors if there are too many errors.
status.sync.errorSummary.totalCount An integer tracking the total number of errors encountered while applying the configs from the source of truth.
status.sync.errorSummary.truncated A boolean indicating whether the status.sync.errors field includes all the errors encountered while applying the configs from the source of truth.
status.sync.errorSummary.errorCountAfterTruncation An integer tracking the number of errors in the status.sync.errors field.
status.conditions A list of conditions tracking the current state of a RootSync or RepoSync object.
When the type field of a condition is Reconciling or Stalled:
  • The errors field of the condition tracks the errors encountered while reconciling the RootSync or RepoSync object
  • The errorSummary field of the condition summarizes the errors in the errors field of the condition
  • The errorsSourceRefs field of the condition is empty
When the type of a condition is Syncing:
  • The errors field of the condition is empty
  • The errorsSourceRefs field of the condition track the origination(s) of errors. The origination of errors can be status.rendering.errors, status.source.errors, or status.sync.errors.
  • The errorSummary field of the condition summarizes the errors referred in the errorsSourceRefs field.

View object details

To view details of the RootSync and RepoSync objects, use kubectl describe. This command can provide you with further information about potential errors.

  • To view details for the RootSync object, run the following command:

    kubectl describe rootsync ROOT_SYNC_NAME -n config-management-system

    Replace the ROOT_SYNC_NAME with the name of the RootSync object.

  • To view details for the RepoSync object, run the following command:

    kubectl describe reposync REPO_SYNC_NAME -n NAMESPACE

    Replace the following:

    • REPO_SYNC_NAME: the name of the RepoSync object.
    • NAMESPACE: the namespace that you created your namespace repository in.

View if a resource is ready

To learn if the resources synced to the cluster are ready, view the reconciliation status. For example, viewing the reconciliation status can show you if a synced Deployment is ready to serve traffic.

For a source of truth synced to the cluster, the reconciliation statuses of all resources are aggregated in a resource called ResourceGroup. For each RootSync or RepoSync object, a ResourceGroup is generated to capture the set of resources applied to the cluster and aggregate their statuses.

  • To view the reconciliation status for the RootSync object, run the following command:

    kubectl get resourcegroup.kpt.dev ROOT_SYNC_NAME -n config-management-system -o yaml

    Replace the ROOT_SYNC_NAME with the name of the RootSync object.

  • To view the reconciliation status for the RepoSync object, run the following command:

    kubectl get resourcegroup.kpt.dev REPO_SYNC_NAME -n NAMESPACE -o yaml

    Replace the following:

    • REPO_SYNC_NAME: the name of the RepoSync object.
    • NAMESPACE: the namespace that you created your namespace repository in.

In the output, you see all of the ResourceGroup resource statuses. For example, the following output shows that a Deployment named nginx-deployment is ready:

resourceStatuses:
- group: apps
  kind: Deployment
  name: nginx-deployment
  namespace: default
  status: Current

What's next