Cloud Service Mesh and Traffic Director are now Cloud Service Mesh. For more information, see the Cloud Service Mesh overview.

Resolving cleanup issues

This page explains how to resolve issues with Cloud Service Mesh managed control plane when using the TRAFFIC_DIRECTOR implementation.

Clean up synthetic services

When using the TRAFFIC_DIRECTOR control plane implementation, Cloud Service Mesh creates synthetic Kubernetes services to support subset. These services are labeled with istio.io/owned-by:gsmconfig.gke.io.

When you modify discoverySelectors in Istio API to remove a namespace that contains synthetic Kubernetes services, Cloud Service Mesh does not automatically remove these synthetic Kubernetes services.

To mitigate this issue, you can manually remove synthetic Kubernetes services in the target namespaces by running the following command:

kubectl delete service -l istio.io/owned-by=gsmconfig.gke.io -n NAMESPACE

Replace NAMESPACE with the actual namespace you want to clean up.

Clean up network endpoint groups annotations

When using the TRAFFIC_DIRECTOR control plane implementation, Cloud Service Mesh creates network endpoint groups by adding cloud.google.com/neg annotations to services for load balancing.

When you modify discoverySelectors in Istio API to remove a namespace that contains Kubernetes services, Cloud Service Mesh does not automatically remove these network endpoint groups.

To mitigate this issue, you can manually remove the cloud.google.com/neg annotations from services in the target namespaces.

service_names=($(kubectl get service -n NAMESPACE -o jsonpath='{.items[*].metadata.name}'))
for service in "${service_names[@]}"; do
  kubectl annotate service $service -n NAMESPACE cloud.google.com/neg-
done

Replace NAMESPACE with the actual namespace you want to clean up.