Resolving Istiod scaling issues in Cloud Service Mesh

This section explains common Cloud Service Mesh problems and how to resolve them. If you need additional assistance, see Getting support.

Istiod sends configuration to each sidecar using a long-lived gRPC stream. It has several characteristics that affect scaling:

  • The size of the configuration to generate:
    • Total number of services/pods & Istio resources
    • For large scale, adjust settings for the Sidecar to reduce the configuration size.
  • The rate of change in the environment:
    • When a new service is created or the Istio configuration is changed, full updates are sent to proxies.
    • Adding new endpoints is inexpensive for performance, because only incremental updates are sent.
  • The number of proxies for which configuration is generated:
    • Affected by the number of gateways and pods with a sidecar.

Scaling considerations

Istiod scales well vertically (large requests) and horizontally (more replicas). Ensure that your CPU limits are not too restrictive; if Istiod reaches the CPU limit, throttling may occur which will negatively affect configuration distribution. If you encounter performance issues, consider upgrading to the latest version of Cloud Service Mesh, as each version has performance optimizations.

Unbalanced load

Large changes in cluster size might cause a temporarily unbalanced load, due to the long-lived connections. This is mitigated by a 30 minute maximum connection age, which might result in error messages in Envoy, such as gRPC config stream closed: 13, which allows the load to naturally re-balance.

Mitigate this issue by having multiple replicas of Istiod (the default is 2 replicas), and pre-scaling if you expect extreme cluster scale-ups.