我的书签
添加书签
移除书签Available as of v2.3.0
This section describes the minimum recommended computing resources for the Istio components in a cluster.
The CPU and memory allocations for each component are configurable.
Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough CPU and memory to run all of the components of Istio.
Tip: In larger deployments, it is strongly advised that the infrastructure be placed on dedicated nodes in the cluster by adding a node selector for each Istio component.
The table below shows a summary of the minimum recommended resource requests and limits for the CPU and memory of each central Istio component.
In Kubernetes, the resource request indicates that the workload will not deployed on a node unless the node has at least the specified amount of memory and CPU available. If the workload surpasses the limit for CPU or memory, it can be terminated or evicted from the node. For more information on managing resource limits for containers, refer to the Kubernetes documentation.
| Workload | Container | CPU - Request | Mem - Request | CPU - Limit | Mem - Limit | Configurable |
|---|---|---|---|---|---|---|
| istio-pilot | discovery | 500m | 2048Mi | 1000m | 4096Mi | Y |
| istio-telemetry | mixer | 1000m | 1024Mi | 4800m | 4096Mi | Y |
| istio-policy | mixer | 1000m | 1024Mi | 4800m | 4096Mi | Y |
| istio-tracing | jaeger | 100m | 100Mi | 500m | 1024Mi | Y |
| prometheus | prometheus | 750m | 750Mi | 1000m | 1024Mi | Y |
| grafana | grafana | 100m | 100Mi | 200m | 512Mi | Y |
| Others | - | 500m | 500Mi | - | - | N |
| Total | - | 3950m | 5546Mi | >12300m | >14848Mi | - |
Configuring Resource Allocations
You can individually configure the resource allocation for each type of Istio component. This section includes the default resource allocations for each component.
To make it easier to schedule the workloads to a node, a cluster administrator can reduce the CPU and memory resource requests for the component. However, the default CPU and memory allocations are the minimum that we recommend.
You can find more information about Istio configuration in the official Istio documentation.
To configure the resources allocated to an Istio component,
- In Rancher, go to the cluster where you have Istio installed.
- Click Tools > Istio. This opens the Istio configuration page.
- Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations.
- Click Save.
Result: The resource allocations for the Istio components are updated.
Pilot
Pilot provides the following:
- Authentication configuration
- Service discovery for the Envoy sidecars
- Traffic management capabilities for intelligent routing (A/B tests and canary rollouts)
- Configuration for resiliency (timeouts, retries, circuit breakers, etc)
For more information on Pilot, refer to the documentation.
| Option | Description | Required | Default |
|---|---|---|---|
| Pilot CPU Limit | CPU resource limit for the istio-pilot pod. | Yes | 1000 |
| Pilot CPU Reservation | CPU reservation for the istio-pilot pod. | Yes | 500 |
| Pilot Memory Limit | Memory resource limit for the istio-pilot pod. | Yes | 4096 |
| Pilot Memory Reservation | Memory resource requests for the istio-pilot pod. | Yes | 2048 |
| Trace sampling Percentage | Trace sampling percentage | Yes | 1 |
| Pilot Selector | Ability to select the nodes in which istio-pilot pod is deployed to. To use this option, the nodes must have labels. | No | n/a |
Mixer
Mixer enforces access control and usage policies across the service mesh. It also integrates with plugins for monitoring tools such as Prometheus. The Envoy sidecar proxy passes telemetry data and monitoring data to Mixer, and Mixer passes the monitoring data to Prometheus.
For more information on Mixer, policies and telemetry, refer to the documentation.
| Option | Description | Required | Default |
|---|---|---|---|
| Mixer Telemetry CPU Limit | CPU resource limit for the istio-telemetry pod. | Yes | 4800 |
| Mixer Telemetry CPU Reservation | CPU reservation for the istio-telemetry pod. | Yes | 1000 |
| Mixer Telemetry Memory Limit | Memory resource limit for the istio-telemetry pod. | Yes | 4096 |
| Mixer Telemetry Memory Reservation | Memory resource requests for the istio-telemetry pod. | Yes | 1024 |
| Enable Mixer Policy | Whether or not to deploy the istio-policy. | Yes | False |
| Mixer Policy CPU Limit | CPU resource limit for the istio-policy pod. | Yes, when policy enabled | 4800 |
| Mixer Policy CPU Reservation | CPU reservation for the istio-policy pod. | Yes, when policy enabled | 1000 |
| Mixer Policy Memory Limit | Memory resource limit for the istio-policy pod. | Yes, when policy enabled | 4096 |
| Mixer Policy Memory Reservation | Memory resource requests for the istio-policy pod. | Yes, when policy enabled | 1024 |
| Mixer Selector | Ability to select the nodes in which istio-policy and istio-telemetry pods are deployed to. To use this option, the nodes must have labels. | No | n/a |
Tracing
Distributed tracing enables users to track a request through a service mesh. This makes it easier to troubleshoot problems with latency, parallelism and serialization.
| Option | Description | Required | Default |
|---|---|---|---|
| Enable Tracing | Whether or not to deploy the istio-tracing. | Yes | True |
| Tracing CPU Limit | CPU resource limit for the istio-tracing pod. | Yes | 500 |
| Tracing CPU Reservation | CPU reservation for the istio-tracing pod. | Yes | 100 |
| Tracing Memory Limit | Memory resource limit for the istio-tracing pod. | Yes | 1024 |
| Tracing Memory Reservation | Memory resource requests for the istio-tracing pod. | Yes | 100 |
| Tracing Selector | Ability to select the nodes in which tracing pod is deployed to. To use this option, the nodes must have labels. | No | n/a |
Ingress Gateway
The Istio gateway allows Istio features such as monitoring and route rules to be applied to traffic entering the cluster. This gateway is a prerequisite for outside traffic to make requests to Istio.
For more information, refer to the documentation.
| Option | Description | Required | Default |
|---|---|---|---|
| Enable Ingress Gateway | Whether or not to deploy the istio-ingressgateway. | Yes | False |
| Service Type of Istio Ingress Gateway | How to expose the gateway. You can choose NodePort or Loadbalancer | Yes | NodePort |
| Http2 Port | The NodePort for http2 requests | Yes | 31380 |
| Https Port | The NodePort for https requests | Yes | 31390 |
| Load Balancer IP | Ingress Gateway Load Balancer IP | No | n/a |
| Load Balancer Source Ranges | Ingress Gateway Load Balancer Source Ranges | No | n/a |
| Ingress Gateway CPU Limit | CPU resource limit for the istio-ingressgateway pod. | Yes | 2000 |
| Ingress Gateway CPU Reservation | CPU reservation for the istio-ingressgateway pod. | Yes | 100 |
| Ingress Gateway Memory Limit | Memory resource limit for the istio-ingressgateway pod. | Yes | 1024 |
| Ingress Gateway Memory Reservation | Memory resource requests for the istio-ingressgateway pod. | Yes | 128 |
| Ingress Gateway Selector | Ability to select the nodes in which istio-ingressgateway pod is deployed to. To use this option, the nodes must have labels. | No | n/a |
Prometheus
You can query for Istio metrics using Prometheus. Prometheus is an open-source systems monitoring and alerting toolkit.
| Option | Description | Required | Default |
|---|---|---|---|
| Prometheus CPU Limit | CPU resource limit for the Prometheus pod. | Yes | 1000 |
| Prometheus CPU Reservation | CPU reservation for the Prometheus pod. | Yes | 750 |
| Prometheus Memory Limit | Memory resource limit for the Prometheus pod. | Yes | 1024 |
| Prometheus Memory Reservation | Memory resource requests for the Prometheus pod. | Yes | 750 |
| Retention for Prometheus | How long your Prometheus instance retains data | Yes | 6 |
| Prometheus Selector | Ability to select the nodes in which Prometheus pod is deployed to. To use this option, the nodes must have labels. | No | n/a |
Grafana
You can visualize metrics with Grafana. Grafana lets you visualize Istio traffic data scraped by Prometheus.
| Option | Description | Required | Default |
|---|---|---|---|
| Enable Grafana | Whether or not to deploy the Grafana. | Yes | True |
| Grafana CPU Limit | CPU resource limit for the Grafana pod. | Yes, when Grafana enabled | 200 |
| Grafana CPU Reservation | CPU reservation for the Grafana pod. | Yes, when Grafana enabled | 100 |
| Grafana Memory Limit | Memory resource limit for the Grafana pod. | Yes, when Grafana enabled | 512 |
| Grafana Memory Reservation | Memory resource requests for the Grafana pod. | Yes, when Grafana enabled | 100 |
| Grafana Selector | Ability to select the nodes in which Grafana pod is deployed to. To use this option, the nodes must have labels. | No | n/a |
| Enable Persistent Storage for Grafana | Enable Persistent Storage for Grafana | Yes, when Grafana enabled | False |
| Source | Use a Storage Class to provision a new persistent volume or Use an existing persistent volume claim | Yes, when Grafana enabled and enabled PV | Use SC |
| Storage Class | Storage Class for provisioning PV for Grafana | Yes, when Grafana enabled, enabled PV and use storage class | Use the default class |
| Persistent Volume Size | The size for the PV you would like to provision for Grafana | Yes, when Grafana enabled, enabled PV and use storage class | 5Gi |
| Existing Claim | Use existing PVC for Grafana | Yes, when Grafana enabled, enabled PV and use existing PVC | n/a |
