Scale the Istio proxy sidecar of a workload

Istio has two major components:

  • The proxy is responsible for handling the incoming traffic, and is injected into the Pods of every Workload.
  • The Control Plane is responsible for coordinating the proxies, by sending them the latest configuration.

This section focuses on the performance characteristics of the proxy. For details on the control plane, see Scale the Istio Control Plane.

For details on the proxy’s performance we recommend checking out the upstream Istio documentation on performance:

Proxy bottlenecks

The proxy sidecar is just a container running in all of the Istio-enabled Workloads. In this sense we highly recommend checking the Health page for any Workload that exhibits high latencies for any CPU throttling in the proxy sidecar, as that might mean performance left on the table.

Please note that the amount of Workloads, Services and if namespace isolation is enabled hugely affects the memory requirements of the proxy as it needs to store all the configuration to access those.

Setting resource limits via Control Plane

Service Mesh Manager provides two ways to change resource limits. The easiest one is to change the ControlPlane resource by running the following commands:

cat > istio-cp-limits.yaml <<EOF
spec:
 meshManager:
   istio:
     proxy:
       resources:
         requests:
           cpu: 50m
           memory: "64M"
         limits:
           cpu: "100m"
           memory: "128M"
EOF

kubectl patch controlplane --type=merge --patch "$(cat istio-cp-limits.yaml )" smm
  • If you are using Service Mesh Manager in Operator Mode, then the Istio deployment is updated automatically.
  • If you are using the imperative mode, run the smm operator reconcile command to apply the changes.

Setting resource limits via the Istio Resource

If the deployment needs more control over the Istio behavior then the IstioControlPlane resource in the istio-system namespace must be changed. Besides any settings (resources and images) defined in the ControlPlane resource any modifications will be preserved even if the operator reconcile command is invoked or if the Service Mesh Manager is deployed in Operator Mode.

For more details on this approach, see our Open Source Istio operator.