Alibaba Cloud Service Mesh (ASM) supports control plane alerting and allows you to collect the logs of the control plane. For example, you can collect logs related to configuration pushing from the control plane to sidecar proxies on the data plane. This topic describes how to enable collection of control plane logs and control plane alerting. You can also learn how to process alerts by reading this topic.

Enable collection of control plane logs

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose ASM Instance > Base Information in the left-side navigation pane.
  5. On the Basic Information page, click Enable on the right of Control-plane log collection.
  6. In the Enable Control-plane log collection dialog box, create a project or select an existing project. Then, click Submit.
    If you want to create a project, you can use the default project name or specify a project name.
    On the details page of the ASM instance, click View log on the right of Control-plane log collection. Then, you can view detailed control plane logs on the Project page.

Enable control plane alerting

Only the alert for failed synchronization to the data plane is supported. If a discovery services (xDS) request sent from the control plane to the data plane is rejected by the data plane, the alert for failed synchronization to the data plane is triggered. In this case, your sidecar proxies or ingress gateway services on the data plane cannot obtain the latest configurations. You may face one of the following situations:
Notice Before you enable control plane alerting, you must enable collection of control plane logs.
  • If the sidecar proxies on the data plane have ever received pushed configurations, the sidecar proxies keep the last received configurations.
  • If the sidecar proxies have no configurations and have not received any pushed configurations, the sidecar proxies have no listeners and cannot process requests or routing rules.
  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose ASM Instance > Base Information in the left-side navigation pane.
  5. On the Basic Information page, click Alert Setting on the right of Control-plane log collection.
  6. In the Control-Plane Alert Setting dialog box, select an action policy and click Enable Alert.
    An action policy specifies the action to be performed when an alert is triggered. You can create and modify action policies in Log Service projects. For more information, see Create an action policy.
  7. In the Note message, click OK.

Process alerts

The following table describes common error messages that may appear when synchronization to the data plane fails and provides suggestions for processing the errors. If you do not find the error message that is returned to you, Submit a ticket.
Error message Suggestion
Internal:Error adding/updating listener(s) 0.0.0.0_443: Failed to load certificate chain from <inline>, only P-256 ECDSA certificates are supported Indicates that clusters on the data plane do not support the certificate that you configured for the data plane. Configure the P-256 ECDSA certificate for the data plane. For more information about how to reconfigure a certificate, see Use an Istio gateway to enable HTTPS.
Internal:Error adding/updating listener(s) 0.0.0.0_443: Invalid path: **** Indicates that the path of the certificate that you configured for the data plane is invalid or the specified certificate does not exist. Check whether the mount path of the certificate is the same as the path specified in the configurations of the gateway. For more information, see Use an Istio gateway to enable HTTPS.
Internal:Error adding/updating listener(s) 0.0.0.0_xx: duplicate listener 0.0.0.0_xx found Indicates that duplicate listening ports are configured for your gateway. Check your gateway and delete duplicate ports.
Internal:Error adding/updating listener(s) 192.168.33.189_15021: Didn't find a registered implementation for name: '***' Indicates that *** referenced based on the 15021 listener patch by using EnvoyFilter cannot be found in sidecar proxies or ingress gateway services.
Internal:Error adding/updating listener(s) 0.0.0.0_80: V2 (and AUTO) xDS transport protocol versions are deprecated in grpc_service *** Indicates that the xDS v2 protocol of the data plane will be deprecated soon. This is usually because the version of sidecar proxies on the data plane does not match the control plane. To resolve this issue, update sidecar proxies on the data plane. You must delete existing pods. Sidecar proxies of the latest version are automatically injected into the recreated pods.