Available as of v2.3.0

This section describes the minimum recommended computing resources for the Istio components in a cluster.

The CPU and memory allocations for each component are configurable.

Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough CPU and memory to run all of the components of Istio.

Tip: In larger deployments, it is strongly advised that the infrastructure be placed on dedicated nodes in the cluster by adding a node selector for each Istio component.

The table below shows a summary of the minimum recommended resource requests and limits for the CPU and memory of each central Istio component.

In Kubernetes, the resource request indicates that the workload will not deployed on a node unless the node has at least the specified amount of memory and CPU available. If the workload surpasses the limit for CPU or memory, it can be terminated or evicted from the node. For more information on managing resource limits for containers, refer to the Kubernetes documentation.

WorkloadContainerCPU - RequestMem - RequestCPU - LimitMem - LimitConfigurable
istio-pilotdiscovery500m2048Mi1000m4096MiY
istio-telemetrymixer1000m1024Mi4800m4096MiY
istio-policymixer1000m1024Mi4800m4096MiY
istio-tracingjaeger100m100Mi500m1024MiY
prometheusprometheus750m750Mi1000m1024MiY
grafanagrafana100m100Mi200m512MiY
Others-500m500Mi--N
Total-3950m5546Mi>12300m>14848Mi-

Configuring Resource Allocations

You can individually configure the resource allocation for each type of Istio component. This section includes the default resource allocations for each component.

To make it easier to schedule the workloads to a node, a cluster administrator can reduce the CPU and memory resource requests for the component. However, the default CPU and memory allocations are the minimum that we recommend.

You can find more information about Istio configuration in the official Istio documentation.

To configure the resources allocated to an Istio component,

  1. In Rancher, go to the cluster where you have Istio installed.
  2. Click Tools > Istio. This opens the Istio configuration page.
  3. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations.
  4. Click Save.

Result: The resource allocations for the Istio components are updated.

Pilot

Pilot provides the following:

  • Authentication configuration
  • Service discovery for the Envoy sidecars
  • Traffic management capabilities for intelligent routing (A/B tests and canary rollouts)
  • Configuration for resiliency (timeouts, retries, circuit breakers, etc)

For more information on Pilot, refer to the documentation.

OptionDescriptionRequiredDefault
Pilot CPU LimitCPU resource limit for the istio-pilot pod.Yes1000
Pilot CPU ReservationCPU reservation for the istio-pilot pod.Yes500
Pilot Memory LimitMemory resource limit for the istio-pilot pod.Yes4096
Pilot Memory ReservationMemory resource requests for the istio-pilot pod.Yes2048
Trace sampling PercentageTrace sampling percentageYes1
Pilot SelectorAbility to select the nodes in which istio-pilot pod is deployed to. To use this option, the nodes must have labels.Non/a

Mixer

Mixer enforces access control and usage policies across the service mesh. It also integrates with plugins for monitoring tools such as Prometheus. The Envoy sidecar proxy passes telemetry data and monitoring data to Mixer, and Mixer passes the monitoring data to Prometheus.

For more information on Mixer, policies and telemetry, refer to the documentation.

OptionDescriptionRequiredDefault
Mixer Telemetry CPU LimitCPU resource limit for the istio-telemetry pod.Yes4800
Mixer Telemetry CPU ReservationCPU reservation for the istio-telemetry pod.Yes1000
Mixer Telemetry Memory LimitMemory resource limit for the istio-telemetry pod.Yes4096
Mixer Telemetry Memory ReservationMemory resource requests for the istio-telemetry pod.Yes1024
Enable Mixer PolicyWhether or not to deploy the istio-policy.YesFalse
Mixer Policy CPU LimitCPU resource limit for the istio-policy pod.Yes, when policy enabled4800
Mixer Policy CPU ReservationCPU reservation for the istio-policy pod.Yes, when policy enabled1000
Mixer Policy Memory LimitMemory resource limit for the istio-policy pod.Yes, when policy enabled4096
Mixer Policy Memory ReservationMemory resource requests for the istio-policy pod.Yes, when policy enabled1024
Mixer SelectorAbility to select the nodes in which istio-policy and istio-telemetry pods are deployed to. To use this option, the nodes must have labels.Non/a

Tracing

Distributed tracing enables users to track a request through a service mesh. This makes it easier to troubleshoot problems with latency, parallelism and serialization.

OptionDescriptionRequiredDefault
Enable TracingWhether or not to deploy the istio-tracing.YesTrue
Tracing CPU LimitCPU resource limit for the istio-tracing pod.Yes500
Tracing CPU ReservationCPU reservation for the istio-tracing pod.Yes100
Tracing Memory LimitMemory resource limit for the istio-tracing pod.Yes1024
Tracing Memory ReservationMemory resource requests for the istio-tracing pod.Yes100
Tracing SelectorAbility to select the nodes in which tracing pod is deployed to. To use this option, the nodes must have labels.Non/a

Ingress Gateway

The Istio gateway allows Istio features such as monitoring and route rules to be applied to traffic entering the cluster. This gateway is a prerequisite for outside traffic to make requests to Istio.

For more information, refer to the documentation.

OptionDescriptionRequiredDefault
Enable Ingress GatewayWhether or not to deploy the istio-ingressgateway.YesFalse
Service Type of Istio Ingress GatewayHow to expose the gateway. You can choose NodePort or LoadbalancerYesNodePort
Http2 PortThe NodePort for http2 requestsYes31380
Https PortThe NodePort for https requestsYes31390
Load Balancer IPIngress Gateway Load Balancer IPNon/a
Load Balancer Source RangesIngress Gateway Load Balancer Source RangesNon/a
Ingress Gateway CPU LimitCPU resource limit for the istio-ingressgateway pod.Yes2000
Ingress Gateway CPU ReservationCPU reservation for the istio-ingressgateway pod.Yes100
Ingress Gateway Memory LimitMemory resource limit for the istio-ingressgateway pod.Yes1024
Ingress Gateway Memory ReservationMemory resource requests for the istio-ingressgateway pod.Yes128
Ingress Gateway SelectorAbility to select the nodes in which istio-ingressgateway pod is deployed to. To use this option, the nodes must have labels.Non/a

Prometheus

You can query for Istio metrics using Prometheus. Prometheus is an open-source systems monitoring and alerting toolkit.

OptionDescriptionRequiredDefault
Prometheus CPU LimitCPU resource limit for the Prometheus pod.Yes1000
Prometheus CPU ReservationCPU reservation for the Prometheus pod.Yes750
Prometheus Memory LimitMemory resource limit for the Prometheus pod.Yes1024
Prometheus Memory ReservationMemory resource requests for the Prometheus pod.Yes750
Retention for PrometheusHow long your Prometheus instance retains dataYes6
Prometheus SelectorAbility to select the nodes in which Prometheus pod is deployed to. To use this option, the nodes must have labels.Non/a

Grafana

You can visualize metrics with Grafana. Grafana lets you visualize Istio traffic data scraped by Prometheus.

OptionDescriptionRequiredDefault
Enable GrafanaWhether or not to deploy the Grafana.YesTrue
Grafana CPU LimitCPU resource limit for the Grafana pod.Yes, when Grafana enabled200
Grafana CPU ReservationCPU reservation for the Grafana pod.Yes, when Grafana enabled100
Grafana Memory LimitMemory resource limit for the Grafana pod.Yes, when Grafana enabled512
Grafana Memory ReservationMemory resource requests for the Grafana pod.Yes, when Grafana enabled100
Grafana SelectorAbility to select the nodes in which Grafana pod is deployed to. To use this option, the nodes must have labels.Non/a
Enable Persistent Storage for GrafanaEnable Persistent Storage for GrafanaYes, when Grafana enabledFalse
SourceUse a Storage Class to provision a new persistent volume or Use an existing persistent volume claimYes, when Grafana enabled and enabled PVUse SC
Storage ClassStorage Class for provisioning PV for GrafanaYes, when Grafana enabled, enabled PV and use storage classUse the default class
Persistent Volume SizeThe size for the PV you would like to provision for GrafanaYes, when Grafana enabled, enabled PV and use storage class5Gi
Existing ClaimUse existing PVC for GrafanaYes, when Grafana enabled, enabled PV and use existing PVCn/a