This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Internal error when provisioning Anthos service mesh via ASMCLI

Posted a month ago
irogers97
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I created a new GKE cluster within a new project.
When enabling the asmcli, ASM shows as successfully installed, but controlPlaneManagement shows as failed.

gcloud container fleet mesh describe 
servicemesh:
controlPlaneManagement:
details:
- code: REVISION_FAILED_PRECONDITION
details: An internal error has occurred. Please contact customer support.
This will be retried within 15 minutes.
state: FAILED_PRECONDITION

kubectl describe controlplanerevision asm-managed -n istio-system
Status:
Conditions:
Last Transition Time: 2025-03-25T13:29:57Z
Message: The provisioning process has not completed successfully
Reason: NotProvisioned
Status: False
Type: Reconciled
Last Transition Time: 2025-03-25T13:29:57Z
Message: Provisioning has finished
Reason: ProvisioningFinished
Status: True
Type: ProvisioningFinished
Last Transition Time: 2025-03-25T13:29:57Z
Message: An internal error has occurred. Please contact customer support. This will be retried within 15 minutes.
Reason: PreconditionFailed
Status: True
Type: Stalled

0 1 77
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
francislouie
Staff
Reply posted on --/--/---- --:-- AM

Hi irogers97,

Welcome to Google Cloud Community!

Based on the logs that you provided, it appears there may be an error on the Control Plane or Managed Data Plane. Additionaly, Stalled Error: INTERNAL_ERROR, the Managed Data Plane is blocked from operating due to an internal error condition. 

Here are few things to check and  workaround:

  • Remove taints to the nodes and then re-provision Cloud Service Mesh.
  • You may also check necessary IAM Permissions. The service mesh role and the required IAM roles must be granted.
  1. roles/gkehub.admin
  2. roles/serviceusage.serviceUsageAdmin
  3. roles/privateca.admin
  4. roles/anthosservicemesh.serviceAgent & roles/meshcontrolplane.serviceAgent (If you’re using Service account to run managed Cloud Service Mesh)
  • Re-run the Service Mesh Enablement
  • Review the kubectl describe Output, showed a message that the provisioning hasn’t completed successfully with a reason of PreconditionFailed. This can sometimes occur if there's an issue with your cluster configuration or ASM setup.

If the stalled condition shows "Internal Error",  need further from Google Cloud support is needed.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes
Top Labels in this Space