Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High Availability for Istio Services #18565

Closed
njfix6 opened this issue Nov 1, 2019 · 15 comments
Closed

High Availability for Istio Services #18565

njfix6 opened this issue Nov 1, 2019 · 15 comments
Labels
area/environments kind/docs kind/enhancement

Comments

@njfix6
Copy link

njfix6 commented Nov 1, 2019
edited by istio-policy-bot

Describe the feature request
It is still not clear to me whether it is safe to run citadel, galley, and the sidecar injector with multiple pods? Also wondering why they don't have an HPA attached to them?

I am thinking of adding the following flags to the helm install, but not sure if it Is it safe:

--set sidecarInjectorWebhook.replicaCount=5 \
--set galley.replicaCount=5 \
--set security.replicaCount=5 \

I would hope this would raise sidecarInjector, galley, and citadel to each have 5 pods and still run with the same functionality as before.

Describe alternatives you've considered

Additional context
@njfix6 njfix6 changed the title High Availability for Pilot High Availability for Istio Services Nov 1, 2019
@howardjohn
Copy link
Member

I believe there was a time when these did not handle multiple replicas, but they now do.

@myidpt and @ayj can confirm?

@ayj
Copy link
Contributor

ayj commented Nov 5, 2019

Galley and sidecar injector should run fine with multiple replicas. HPA is less critical given the amount of load these typically get.

@rolandkool
Copy link
Contributor

What about citadel?

@howardjohn
Copy link
Member

In previous versions citadel had issues with multiple replicas, I am fairly certain this is handled now

@padzikm
Copy link

padzikm commented Mar 10, 2020
edited

With new 1.5 release I'd like to ask this question once again - is it safe to deploy replicated control plane istio in one cluster? my goal is to have istio as high availability service in one shared cluster deployed to multiple zones. As I understand currently there is one monolithic's control plane service as opposed to multiple services - was this new combined control plane tested in multizone replicated in single cluster scenario as I described? Are there any istio's components that cannot be deployed with multiple replicas?

@howardjohn
Copy link
Member

howardjohn commented Mar 10, 2020 via email

@padzikm
Copy link

padzikm commented Mar 10, 2020

Great! Thank you!

@padzikm
Copy link

padzikm commented Mar 12, 2020
edited

Ok, but how can I configure istiod's deployment to multiple replicas? In docs there are old configuration guidelines telling about configuring each component separately - https://istio.io/docs/setup/install/istioctl/#customizing-the-configuration - but in generated manifest there is only one control plane's component - istiod, that can be scaled (not counting prometheus, etc). However in profile dump there are still different replicaCounts settings for different components (galley, sidecarInjector, etc). I don't see any configuration for istiod in docs, so should I manually adjust istiod's deployment in generated manifest and then apply it, or do it in old way setting each component via command line parameters or yaml as in previous versions? Moreover should (and safely can be) ingressgateway be also scaled (it is not included in istiod's architecture overview and is deployed separately)?

@padzikm
Copy link

padzikm commented Mar 17, 2020

Any info about configuring istiod's deployment?

@jpapejr
Copy link
Member

jpapejr commented Mar 17, 2020

I've not tested this but I'd think this (scaling up istiod) would be as simple as adjusting the replicas of the istiod deployment, no? Not sure I understand the part about the ingress gateways as those scale on demand don't they?

@padzikm
Copy link

padzikm commented Mar 17, 2020

The problem is there are no installation options regarding istiod - only that it is enabled. No replicaCount, no nothing. In docs there is no mention how to configure that. Control plane is now monolitic app and as such one deployment unit as I understand, but there are options to configure replicaCounts of istiod's components like pilot or mixer, which is strange - how can you configure scaling of part of monolithic app? So the only option I'm aware of now is to generate yaml manifest, which outputs istiod's deployment resource and manually configure it, but it is error prone, and my question is how to set that (and other options like hpa) without manually tampering with deployment files. I also would like to set replicaCount to ingressgateway, but also haven't found any option for doing that apart from manually correcting deplyment in yaml.

@jpapejr
Copy link
Member

jpapejr commented Mar 17, 2020

Right now, it seems that modifying the deployment manifest(s) is the only way to accomplish what you're asking. It's certainly a gap in both documentation and in [clear] configuration. There's already a related issue open for docs.

@howardjohn
Copy link
Member

howardjohn commented Mar 17, 2020 via email

@neumanndaniel
Copy link

Here is an example for Istio 1.5. As @howardjohn mentioned the pilot component impacts the istiod configuration.

-> https://github.com/neumanndaniel/kubernetes/blob/master/istio/istio-1.5.yaml

@howardjohn
Copy link
Member

All components now have a PBD and HPA and are fully configurable, so I think this is fixed

@linkvt linkvt mentioned this issue Jul 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/environments kind/docs kind/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ayj @jpapejr @howardjohn @padzikm @rolandkool @njfix6 @neumanndaniel @istio-policy-bot