Troubleshoot managed CNI

This page explains common managed CNI problems with Cloud Service Mesh and how to resolve them. If you need additional assistance, see Getting support .

Unsupported managed CNI enabled configuration

Managed Cloud Service Mesh with the TRAFFIC_DIRECTOR control plane implementation requires managed CNI and does not support disabling it. You may see the CNI_CONFIG_UNSUPPORTED code in the feature state message if the mesh.cloud.google.com/managed-cni-enabled label exists but does not have the value true in the control plane revision (CPR) custom resource (CR) or if the CNI entry in the asm-options configmap exists but does not have the value on .

To resolve this error message, you must remove any attempts to disable managed CNI.

• Case 1: Remove the managed CNI Enabled label in the CPR CR in the cluster.

    apiVersion 
   : 
    
   v1 
   items 
   : 
   - 
    
   apiVersion 
   : 
    
   mesh.cloud.google.com/v1beta1 
    
   kind 
   : 
    
   ControlPlaneRevision 
    
   metadata 
   : 
    
   annotations 
   : 
    
   mesh.cloud.google.com/proxy 
   : 
    
   '{"managed":"false"}' 
    
   creationTimestamp 
   : 
    
   "2024-02-18T08:13:30Z" 
    
   generation 
   : 
    
   1 
    
   labels 
   : 
    
   app.kubernetes.io/created-by 
   : 
    
   mesh.googleapis.com 
    
   mesh.cloud.google.com/managed-cni-enabled 
   : 
    
   false 
    
   # Remove the "mesh.cloud.google.com/managed-cni-enabled" label 
    
   name 
   : 
    
   asm-managed 
    
   namespace 
   : 
    
   istio-system 
    
   resourceVersion 
   : 
    
   "13422558" 
    
   uid 
   : 
    
   3ad755ec-78ab-4d57-8fb9-c5e1a07740d5 
   
  

• Case 2: Remove the CNI entry asm-options configmap ASM_OPTS data string.

    apiVersion 
   : 
    
   v1 
   data 
   : 
    
   ASM_OPTS 
   : 
    
   CNI=off 
    
   # Remove CNI entry in the ASM_OPTS data. 
    
   multicluster_mode 
   : 
    
   connected 
   kind 
   : 
    
   ConfigMap 
   metadata 
   : 
    
   creationTimestamp 
   : 
    
   "2024-02-18T08:13:30Z" 
    
   name 
   : 
    
   asm-options 
    
   namespace 
   : 
    
   istio-system 
    
   resourceVersion 
   : 
    
   "1640225" 
    
   uid 
   : 
    
   576602da-e60b-4df7-9427-5be06e5bf014 
   
  

CNI Pod unschedulable

You may see this error if the managed CNI Daemonset cannot schedule Pods in any one of the nodes in the cluster.

Note that in-cluster resources require at least memory: 100Mi on each node. For more information see Cloud Service Mesh requirements . If your cluster already has sufficient memory allocated, see Pod unschedulable for additional troubleshooting steps.