ALS Service for Ingress Gateway Access Logs

I am trying to setup a ALS GRPC cluster to stream the http and tcp access logs from listeners in Ingress gateways.

I am using the Racher Istio Operator to configure the ALS service target as below

  apiVersion: install.istio.io/v1alpha1
  kind: IstioOperator
  metadata:
    name: my-istio-operator
    namespace: istio-system
  spec:
    meshConfig:
     ingressClass: my-istio
     ingressService: my-gslb-ingress
     ingressSelector: my-gslb-ingress
     enableEnvoyAccessLogService: true
     defaultConfig:
      envoyAccessLogService:
        address: "my-als.default.svc.cluster.local:9002"

I see the listeners are added with access_log block referencing the als grpc cluster named “envoy_accesslog_service” but there is no cluster created

access_log": [
{
    "name": "envoy.access_loggers.http_grpc",
    "typed_config": {
        "@type": "type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig",
        "common_config": {
            "log_name": "http_envoy_accesslog",
            "grpc_service": {
                "envoy_grpc": {
                    "cluster_name": "envoy_accesslog_service"
                }
            },
            "filter_state_objects_to_log": [
                "wasm.upstream_peer",
                "wasm.upstream_peer_id",
                "wasm.downstream_peer",
                "wasm.downstream_peer_id"
            ],
            "transport_api_version": "V3"
        }
    }
}
]

During the startup of envoy i see the below error and envoy doesn’t reach ready state.

warning envoy config gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) 0.0.0.0_8443: Unknown gRPC client cluster 'envoy_accesslog_service'
0.0.0.0_8080: Unknown gRPC client cluster 'envoy_accesslog_service'

warn Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 1 successful, 0 rejected; lds updates: 0 successful, 1 rejected

I tried to create a cluster named “envoy_accesslog_service” as below

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: gslb-gateway-access-log
  namespace: routing
spec:
  workloadSelector:
    labels:
      app: istio-ingressgateway
      istio: my-gslb-ingress
  configPatches:
  - applyTo: CLUSTER
    patch:
      operation: ADD
      value:
        name: "envoy_accesslog_service"
        type: LOGICAL_DNS
        connect_timeout: 0.5s
        lb_policy: ROUND_ROBIN
        load_assignment:
          cluster_name: envoy_accesslog_service
          endpoints:
          - lb_endpoints:
            - endpoint:
                address:
                  socket_address:
                    address: "my-als.default.svc.cluster.local:9002"
                    port_value: 9002

This time envoy startup gives the below errror

warning envoy config    gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) 0.0.0.0_8443: gRPC client cluster 'envoy_accesslog_service' is not static
0.0.0.0_8080: gRPC client cluster 'envoy_accesslog_service' is not static