K
Q

How to mange resource hungry Istio default/SDS installation?

2/6/2020

I'm using Istio at the moment combined with the cert-manager. Because I need to have multiple certificates I'm using SDS instead of the volume mount approach.

But the hardware requirements for this stuff are really high. For GKE it is recommended to use a node-pool of 4x n1-standard-2 machines. This sums up to 200$ per month just for Istio. The recommendation for EKS is 2x m5.large machines. So it is a little bit cheaper but still around 150$. What confuses me is, that Minikube "just" needs 4vCPUs and 16GB memory in total which is round about the half of the requirements for GKE and EKS.

You'll see the resource hungry components by looking at the istio-system namespace, I mean especially the limits. For me it is:

  • istio-telemetry > 1100m / 6800m (requested / limits)
  • istio-policys (I have 5 of them) > 110m / 2000m

My question is:

  1. Did you manage to reduce the limits without facing issues in production?
  2. What node-pool size / machine type are your running your Istio plane?
  3. Did someone tried auto-scaling for this node-pool? Did it reduce the costs?

Kind regards from Berlin.

-- Stephan_Berlin
eks
google-kubernetes-engine
istio
kubernetes

Similar Questions

Running python script after container is up (Kubernetes)
Is it possible to take pods directly offline in kubernetes loadbalancer
unable to Access pod from another pod in Azure Kubernetes Service
Not able to deploy functions on kubeless

1 Answer

2/6/2020

Managed Istio for GKE is offered by Google as a pre-configured bundle. 4x n1-standard-2 is recommended to provide enough resources for all Istio components being installed.

  1. Downsizing a cluster below the recommended size does not make sense. Installation of managed Istio onto a standard GKE cluster (3x n1-standard-1) will fail due to lack of resources. Besides that you wouldn't have free computing capacity for your workloads. Recommended cluster size seems reasonable.
  2. Apart from recommended hardware configuration (4x n1-standard-2), managed Istio can be installed and running on a cluster with configuration 8x n1-standard-1.
  3. Taking into account mentioned in the point ##1, autoscaling could be beneficial mostly for volatile workloads, but won't help that much for saving resources allocated for Istio.

If the managed Istio for GKE seemed too resource consuming, you could install original version of Istio and select an installation profile with the components you actually need, as described here:

Customizable Install with Helm

-- mebius99
Source: StackOverflow