Scale the Istio proxy sidecar of a workload
Istio has two major components:
- The proxy is responsible for handling the incoming traffic, and is injected into the Pods of every Workload.
- The Control Plane is responsible for coordinating the proxies, by sending them the latest configuration.
This section focuses on the performance characteristics of the proxy. For details on the control plane, see Scale the Istio Control Plane.
For details on the proxy’s performance we recommend checking out the upstream Istio documentation on performance:
The proxy sidecar is just a
container running in all of the Istio-enabled
Workloads. In this sense we highly recommend checking the Health page for any
Workload that exhibits high latencies for any CPU throttling in the proxy sidecar, as that might mean performance left on the table.
Please note that the amount of
Services and if namespace isolation is enabled hugely affects the memory requirements of the proxy as it needs to store all the configuration to access those.
Setting resource limits: via Control Plane
Service Mesh Manager provides two ways to change resource limits. The easiest one is to change the
ControlPlane resource by running the following commands:
cat > istio-cp-limits.yaml <<EOF spec: meshManager: istio: proxy: resources: requests: cpu: 50m memory: "64M" limits: cpu: "100m" memory: "128M" EOF kubectl patch controlplane --type=merge --patch "$(cat istio-cp-limits.yaml )" smm
- If you are using Service Mesh Manager in Operator Mode, then the Istio deployment is updated automatically.
- If you are using the imperative mode, run the
smm operator reconcilecommand to apply the changes.
Setting resource limits: via the Istio Resource
If the deployment needs more control over the Istio behavior then the
IstioControlPlane resource in the
istio-system namespace must be changed. Besides any settings (resources and images) defined in the
ControlPlane resource any modifications will be preserved even if the
operator reconcile command is invoked or if the Service Mesh Manager is deployed in Operator Mode.
For more details on this approach, see our Open Source Istio operator.