CPU and Memory Allocations

Available as of v2.3.0

This section describes the minimum recommended computing resources for the Istio components in a cluster.

The CPU and memory allocations for each component are configurable.

Before enabling Istio, we recommend that you confirm that your Rancher worker nodes have enough CPU and memory to run all of the components of Istio.

Tip: In larger deployments, it is strongly advised that the infrastructure be placed on dedicated nodes in the cluster by adding a node selector for each Istio component.

The table below shows a summary of the minimum recommended resource requests and limits for the CPU and memory of each central Istio component.

In Kubernetes, the resource request indicates that the workload will not deployed on a node unless the node has at least the specified amount of memory and CPU available. If the workload surpasses the limit for CPU or memory, it can be terminated or evicted from the node. For more information on managing resource limits for containers, refer to the Kubernetes documentation.

Workload	Container	CPU - Request	Mem - Request	CPU - Limit	Mem - Limit	Configurable
istio-pilot	discovery	500m	2048Mi	1000m	4096Mi	Y
istio-telemetry	mixer	1000m	1024Mi	4800m	4096Mi	Y
istio-policy	mixer	1000m	1024Mi	4800m	4096Mi	Y
istio-tracing	jaeger	100m	100Mi	500m	1024Mi	Y
prometheus	prometheus	750m	750Mi	1000m	1024Mi	Y
grafana	grafana	100m	100Mi	200m	512Mi	Y
Others	-	500m	500Mi	-	-	N
Total	-	3950m	5546Mi	>12300m	>14848Mi	-

Configuring Resource Allocations

You can individually configure the resource allocation for each type of Istio component. This section includes the default resource allocations for each component.

To make it easier to schedule the workloads to a node, a cluster administrator can reduce the CPU and memory resource requests for the component. However, the default CPU and memory allocations are the minimum that we recommend.

You can find more information about Istio configuration in the official Istio documentation.

To configure the resources allocated to an Istio component,

In Rancher, go to the cluster where you have Istio installed.
Click Tools > Istio. This opens the Istio configuration page.
Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations.
Click Save.

Result: The resource allocations for the Istio components are updated.

Pilot

Pilot provides the following:

Authentication configuration
Service discovery for the Envoy sidecars
Traffic management capabilities for intelligent routing (A/B tests and canary rollouts)
Configuration for resiliency (timeouts, retries, circuit breakers, etc)

For more information on Pilot, refer to the documentation.

Option	Description	Required	Default
Pilot CPU Limit	CPU resource limit for the istio-pilot pod.	Yes	1000
Pilot CPU Reservation	CPU reservation for the istio-pilot pod.	Yes	500
Pilot Memory Limit	Memory resource limit for the istio-pilot pod.	Yes	4096
Pilot Memory Reservation	Memory resource requests for the istio-pilot pod.	Yes	2048
Trace sampling Percentage	Trace sampling percentage	Yes	1
Pilot Selector	Ability to select the nodes in which istio-pilot pod is deployed to. To use this option, the nodes must have labels.	No	n/a

Mixer

Mixer enforces access control and usage policies across the service mesh. It also integrates with plugins for monitoring tools such as Prometheus. The Envoy sidecar proxy passes telemetry data and monitoring data to Mixer, and Mixer passes the monitoring data to Prometheus.

For more information on Mixer, policies and telemetry, refer to the documentation.

Option	Description	Required	Default
Mixer Telemetry CPU Limit	CPU resource limit for the istio-telemetry pod.	Yes	4800
Mixer Telemetry CPU Reservation	CPU reservation for the istio-telemetry pod.	Yes	1000
Mixer Telemetry Memory Limit	Memory resource limit for the istio-telemetry pod.	Yes	4096
Mixer Telemetry Memory Reservation	Memory resource requests for the istio-telemetry pod.	Yes	1024
Enable Mixer Policy	Whether or not to deploy the istio-policy.	Yes	False
Mixer Policy CPU Limit	CPU resource limit for the istio-policy pod.	Yes, when policy enabled	4800
Mixer Policy CPU Reservation	CPU reservation for the istio-policy pod.	Yes, when policy enabled	1000
Mixer Policy Memory Limit	Memory resource limit for the istio-policy pod.	Yes, when policy enabled	4096
Mixer Policy Memory Reservation	Memory resource requests for the istio-policy pod.	Yes, when policy enabled	1024
Mixer Selector	Ability to select the nodes in which istio-policy and istio-telemetry pods are deployed to. To use this option, the nodes must have labels.	No	n/a

Tracing

Distributed tracing enables users to track a request through a service mesh. This makes it easier to troubleshoot problems with latency, parallelism and serialization.

Option	Description	Required	Default
Enable Tracing	Whether or not to deploy the istio-tracing.	Yes	True
Tracing CPU Limit	CPU resource limit for the istio-tracing pod.	Yes	500
Tracing CPU Reservation	CPU reservation for the istio-tracing pod.	Yes	100
Tracing Memory Limit	Memory resource limit for the istio-tracing pod.	Yes	1024
Tracing Memory Reservation	Memory resource requests for the istio-tracing pod.	Yes	100
Tracing Selector	Ability to select the nodes in which tracing pod is deployed to. To use this option, the nodes must have labels.	No	n/a

Ingress Gateway

The Istio gateway allows Istio features such as monitoring and route rules to be applied to traffic entering the cluster. This gateway is a prerequisite for outside traffic to make requests to Istio.

For more information, refer to the documentation.

Option	Description	Required	Default
Enable Ingress Gateway	Whether or not to deploy the istio-ingressgateway.	Yes	False
Service Type of Istio Ingress Gateway	How to expose the gateway. You can choose NodePort or Loadbalancer	Yes	NodePort
Http2 Port	The NodePort for http2 requests	Yes	31380
Https Port	The NodePort for https requests	Yes	31390
Load Balancer IP	Ingress Gateway Load Balancer IP	No	n/a
Load Balancer Source Ranges	Ingress Gateway Load Balancer Source Ranges	No	n/a
Ingress Gateway CPU Limit	CPU resource limit for the istio-ingressgateway pod.	Yes	2000
Ingress Gateway CPU Reservation	CPU reservation for the istio-ingressgateway pod.	Yes	100
Ingress Gateway Memory Limit	Memory resource limit for the istio-ingressgateway pod.	Yes	1024
Ingress Gateway Memory Reservation	Memory resource requests for the istio-ingressgateway pod.	Yes	128
Ingress Gateway Selector	Ability to select the nodes in which istio-ingressgateway pod is deployed to. To use this option, the nodes must have labels.	No	n/a

Prometheus

You can query for Istio metrics using Prometheus. Prometheus is an open-source systems monitoring and alerting toolkit.

Option	Description	Required	Default
Prometheus CPU Limit	CPU resource limit for the Prometheus pod.	Yes	1000
Prometheus CPU Reservation	CPU reservation for the Prometheus pod.	Yes	750
Prometheus Memory Limit	Memory resource limit for the Prometheus pod.	Yes	1024
Prometheus Memory Reservation	Memory resource requests for the Prometheus pod.	Yes	750
Retention for Prometheus	How long your Prometheus instance retains data	Yes	6
Prometheus Selector	Ability to select the nodes in which Prometheus pod is deployed to. To use this option, the nodes must have labels.	No	n/a

Grafana

You can visualize metrics with Grafana. Grafana lets you visualize Istio traffic data scraped by Prometheus.

Option	Description	Required	Default
Enable Grafana	Whether or not to deploy the Grafana.	Yes	True
Grafana CPU Limit	CPU resource limit for the Grafana pod.	Yes, when Grafana enabled	200
Grafana CPU Reservation	CPU reservation for the Grafana pod.	Yes, when Grafana enabled	100
Grafana Memory Limit	Memory resource limit for the Grafana pod.	Yes, when Grafana enabled	512
Grafana Memory Reservation	Memory resource requests for the Grafana pod.	Yes, when Grafana enabled	100
Grafana Selector	Ability to select the nodes in which Grafana pod is deployed to. To use this option, the nodes must have labels.	No	n/a
Enable Persistent Storage for Grafana	Enable Persistent Storage for Grafana	Yes, when Grafana enabled	False
Source	Use a Storage Class to provision a new persistent volume or Use an existing persistent volume claim	Yes, when Grafana enabled and enabled PV	Use SC
Storage Class	Storage Class for provisioning PV for Grafana	Yes, when Grafana enabled, enabled PV and use storage class	Use the default class
Persistent Volume Size	The size for the PV you would like to provision for Grafana	Yes, when Grafana enabled, enabled PV and use storage class	5Gi
Existing Claim	Use existing PVC for Grafana	Yes, when Grafana enabled, enabled PV and use existing PVC	n/a

Continental