Alibaba Cloud Service Mesh (ASM) supports control plane alerting and allows you to collect the logs of the control plane. For example, you can collect logs related to configuration pushing from the control plane to sidecar proxies on the data plane. This topic describes how to enable collection of control plane logs and control plane alerting. You can also learn how to process alerts by reading this topic.
Enable collection of control plane logs
Enable control plane alerting
Only the alert for failed synchronization to the data plane is supported. If a discovery
services (xDS) request sent from the control plane to the data plane is rejected by
the data plane, the alert for failed synchronization to the data plane is triggered.
In this case, your sidecar proxies or ingress gateway services on the data plane cannot
obtain the latest configurations. You may face one of the following situations:
Notice Before you enable control plane alerting, you must enable collection of control plane
logs.
- If the sidecar proxies on the data plane have ever received pushed configurations, the sidecar proxies keep the last received configurations.
- If the sidecar proxies have no configurations and have not received any pushed configurations, the sidecar proxies have no listeners and cannot process requests or routing rules.
Process alerts
The following table describes common error messages that may appear when synchronization
to the data plane fails and provides suggestions for processing the errors. If you
do not find the error message that is returned to you, Submit a ticket.
Error message | Suggestion |
---|---|
Internal:Error adding/updating listener(s) 0.0.0.0_443: Failed to load certificate chain from <inline>, only P-256 ECDSA certificates are supported | Indicates that clusters on the data plane do not support the certificate that you configured for the data plane. Configure the P-256 ECDSA certificate for the data plane. For more information about how to reconfigure a certificate, see Use an Istio gateway to enable HTTPS. |
Internal:Error adding/updating listener(s) 0.0.0.0_443: Invalid path: **** | Indicates that the path of the certificate that you configured for the data plane is invalid or the specified certificate does not exist. Check whether the mount path of the certificate is the same as the path specified in the configurations of the gateway. For more information, see Use an Istio gateway to enable HTTPS. |
Internal:Error adding/updating listener(s) 0.0.0.0_xx: duplicate listener 0.0.0.0_xx found | Indicates that duplicate listening ports are configured for your gateway. Check your gateway and delete duplicate ports. |
Internal:Error adding/updating listener(s) 192.168.33.189_15021: Didn't find a registered implementation for name: '***' | Indicates that *** referenced based on the 15021 listener patch by using EnvoyFilter cannot be found in sidecar proxies or ingress gateway services. |
Internal:Error adding/updating listener(s) 0.0.0.0_80: V2 (and AUTO) xDS transport protocol versions are deprecated in grpc_service *** | Indicates that the xDS v2 protocol of the data plane will be deprecated soon. This is usually because the version of sidecar proxies on the data plane does not match the control plane. To resolve this issue, update sidecar proxies on the data plane. You must delete existing pods. Sidecar proxies of the latest version are automatically injected into the recreated pods. |