Resolving sidecar proxies issues in Anthos Service Mesh
This section explains common Anthos Service Mesh sidecar proxies problems and how to resolve them. If you need additional assistance, see Getting support.
istio-proxy container is killed because of a OOM event
In this section we assume that the
istio-proxy container is not killed by a
SystemOOM event, and the kubernetes node is not in
istio-proxy sidecar container has by default resource limits.
If the istio-proxy container gets killed with
Reason: OOMKilled it is necessary
to understand why Envoy is consuming the memory.
If you are facing a production outage, a quick workaround is to raise the limits
for all containers using
--- apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: values: global: proxy: resources: requests: memory: 128Mi limits: memory: 1Gi
If you are facing this issue with specific workloads, you can change the limit just on those workloads by adding the following annotations.
Please make sure you don't have limits that are lower of the default values.
The long term solution is to reduce the memory footprint of your
sidecar containers. By default all sidecar proxies are programmed with the
necessary configuration to reach any other workload instance in the mesh.
Istio provides the custom resource definition
to limit the number of endpoints programmed to sidecar proxies, and therefore
reduce the memory consumption of the