Stay organized with collections
Save and categorize content based on your preferences.
Troubleshoot managed CNI
This page explains common managed CNI problems with Cloud Service Mesh and
how to resolve them. If you need additional assistance, see
Getting support.
Unsupported managed CNI enabled configuration
Managed Cloud Service Mesh with the TRAFFIC_DIRECTOR control plane
implementation requires managed CNI and does not support disabling it. You may
see the CNI_CONFIG_UNSUPPORTED code in the feature state message if the
mesh.cloud.google.com/managed-cni-enabled label exists but does not have the
value true in the control plane revision (CPR) custom resource (CR) or if the
CNI entry in the asm-options configmap exists but does not have the value on.
To resolve this error message, you must remove any attempts to disable managed
CNI.
Case 1: Remove the managed CNI Enabled label in the CPR CR in the cluster.
apiVersion:v1items:-apiVersion:mesh.cloud.google.com/v1beta1kind:ControlPlaneRevisionmetadata:annotations:mesh.cloud.google.com/proxy:'{"managed":"false"}'creationTimestamp:"2024-02-18T08:13:30Z"generation:1labels:app.kubernetes.io/created-by:mesh.googleapis.commesh.cloud.google.com/managed-cni-enabled:false# Remove the "mesh.cloud.google.com/managed-cni-enabled" labelname:asm-managednamespace:istio-systemresourceVersion:"13422558"uid:3ad755ec-78ab-4d57-8fb9-c5e1a07740d5
Case 2: Remove the CNI entry asm-options configmap ASM_OPTS data string.
apiVersion:v1data:ASM_OPTS:CNI=off# Remove CNI entry in the ASM_OPTS data.multicluster_mode:connectedkind:ConfigMapmetadata:creationTimestamp:"2024-02-18T08:13:30Z"name:asm-optionsnamespace:istio-systemresourceVersion:"1640225"uid:576602da-e60b-4df7-9427-5be06e5bf014
CNI Pod unschedulable
You may see this error if the managed CNI Daemonset cannot schedule Pods in any
one of the nodes in the cluster.
Note that in-cluster resources require at least memory: 100Mi on each node.
For more information see
Cloud Service Mesh requirements.
If your cluster already has sufficient memory allocated, see
Pod unschedulable
for additional troubleshooting steps.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Troubleshoot managed CNI\n========================\n\nThis page explains common managed CNI problems with Cloud Service Mesh and\nhow to resolve them. If you need additional assistance, see\n[Getting support](/service-mesh/v1.24/docs/getting-support).\n\nUnsupported managed CNI enabled configuration\n---------------------------------------------\n\nManaged Cloud Service Mesh with the `TRAFFIC_DIRECTOR` control plane\nimplementation requires managed CNI and does not support disabling it. You may\nsee the `CNI_CONFIG_UNSUPPORTED` code in the feature state message if the\n`mesh.cloud.google.com/managed-cni-enabled` label exists but does not have the\nvalue `true` in the control plane revision (CPR) custom resource (CR) or if the\nCNI entry in the asm-options configmap exists but does not have the value `on`.\n\nTo resolve this error message, you must remove any attempts to disable managed\nCNI.\n\n- Case 1: Remove the managed CNI Enabled label in the CPR CR in the cluster.\n\n apiVersion: v1\n items:\n - apiVersion: mesh.cloud.google.com/v1beta1\n kind: ControlPlaneRevision\n metadata:\n annotations:\n mesh.cloud.google.com/proxy: '{\"managed\":\"false\"}'\n creationTimestamp: \"2024-02-18T08:13:30Z\"\n generation: 1\n labels:\n app.kubernetes.io/created-by: mesh.googleapis.com\n mesh.cloud.google.com/managed-cni-enabled: false # Remove the \"mesh.cloud.google.com/managed-cni-enabled\" label\n name: asm-managed\n namespace: istio-system\n resourceVersion: \"13422558\"\n uid: 3ad755ec-78ab-4d57-8fb9-c5e1a07740d5\n\n- Case 2: Remove the CNI entry asm-options configmap `ASM_OPTS` data string.\n\n apiVersion: v1\n data:\n ASM_OPTS: CNI=off # Remove CNI entry in the ASM_OPTS data.\n multicluster_mode: connected\n kind: ConfigMap\n metadata:\n creationTimestamp: \"2024-02-18T08:13:30Z\"\n name: asm-options\n namespace: istio-system\n resourceVersion: \"1640225\"\n uid: 576602da-e60b-4df7-9427-5be06e5bf014\n\nCNI Pod unschedulable\n---------------------\n\nYou may see this error if the managed CNI Daemonset cannot schedule Pods in any\none of the nodes in the cluster.\n\nNote that in-cluster resources require at least `memory: 100Mi` on each node.\nFor more information see\n[Cloud Service Mesh requirements](/service-mesh/v1.24/docs/onboarding/provision-control-plane#requirements).\nIf your cluster already has sufficient memory allocated, see\n[Pod unschedulable](/kubernetes-engine/docs/troubleshooting#PodUnschedulable)\nfor additional troubleshooting steps."]]
