Troubleshoot managed CNI

This page explains common managed CNI problems with Cloud Service Mesh and how to resolve them. If you need additional assistance, see Getting support.

Unsupported managed CNI enabled configuration

Managed Cloud Service Mesh with the TRAFFIC_DIRECTOR control plane implementation requires managed CNI and does not support disabling it. You may see the CNI_CONFIG_UNSUPPORTED code in the feature state message if the mesh.cloud.google.com/managed-cni-enabled label exists but does not have the value true in the control plane revision (CPR) custom resource (CR) or if the CNI entry in the asm-options configmap exists but does not have the value on.

To resolve this error message, you must remove any attempts to disable managed CNI.

• Case 1: Remove the managed CNI Enabled label in the CPR CR in the cluster.

  apiVersion: v1
  items:
  - apiVersion: mesh.cloud.google.com/v1beta1
    kind: ControlPlaneRevision
    metadata:
      annotations:
        mesh.cloud.google.com/proxy: '{"managed":"false"}'
      creationTimestamp: "2024-02-18T08:13:30Z"
      generation: 1
      labels:
        app.kubernetes.io/created-by: mesh.googleapis.com
        mesh.cloud.google.com/managed-cni-enabled: false # Remove the "mesh.cloud.google.com/managed-cni-enabled" label
      name: asm-managed
      namespace: istio-system
      resourceVersion: "13422558"
      uid: 3ad755ec-78ab-4d57-8fb9-c5e1a07740d5
  

• Case 2: Remove the CNI entry asm-options configmap ASM_OPTS data string.

  apiVersion: v1
  data:
    ASM_OPTS: CNI=off # Remove CNI entry in the ASM_OPTS data.
    multicluster_mode: connected
  kind: ConfigMap
  metadata:
    creationTimestamp: "2024-02-18T08:13:30Z"
    name: asm-options
    namespace: istio-system
    resourceVersion: "1640225"
    uid: 576602da-e60b-4df7-9427-5be06e5bf014
  

CNI Pod unschedulable

You may see this error if the managed CNI Daemonset cannot schedule Pods in any one of the nodes in the cluster.

Note that in-cluster resources require at least memory: 100Mi on each node. For more information see Cloud Service Mesh requirements. If your cluster already has sufficient memory allocated, see Pod unschedulable for additional troubleshooting steps.