New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CPU limit behaviour for istio-proxy changes from 1.6+ #28465
Comments
Is this just an (undocumented) defaulting change or is it also not possible to unset the limit? |
@howardjohn I can't seem to unset it, so it could be both an intentional but undocumented change but then also an issue that I can't remove it |
1.5 chart:
Seems like it would set it if you didn't have an annotation, and we didn't support setting limit via annotation
Suggest the CPU is set there as well How did you actually get this below?
|
Stumbled upon a similar issue. In 1.6 it was possible to set proxy.resources.limits to null and it removed limits. After upgrade to 1.7 it stopped working in spite of it is unset in istiooperators.install.istio.io as expected. |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2020-11-02. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
@messiahUA I am facing the same issue, setting the limit to "null" does not work with version 1.11.3. Did you find any resolution to this? |
unfortunately, no |
Just tried setting cpu limit to null with version 1.18.0 and it worked, the cpu limit was removed. |
@awalther52 how you do this? Of course, because "null" is not parsable with the given regex. When i set the limits.cpu to something regex parsable, then deploy the Deployment, then set limits.cpu: "null", then redeploy the Pod, it works without the error. But this is not the optimal solution for us. |
Bug description
There are numerous known issues with overzealous docker CPU throttling, for certain critical components - such as
istio-proxy
, we do not set CPU limits, only CPU requests.On
1.5
you could achieve that with:Which mapped into the
injection-template
:However, on
1.6
, the same configuration inistiooperator.yaml
, the cpu when omitted is defaulted to2000m
This has led to some unwanted throttling on core services such as
ingress-nginix
, and caused a spike iincontainer_cpu_cfs_throttled_seconds_total
cardinality in prometheus (almost doubled, due to now includingistio-proxy
)It's worth noting that for 1.6 we're using
istioctl manifest generate
, whereas on1.5
we were using the helm template.[ ] Docs
[x] Installation
[ ] Networking
[x] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[x] User Experience
[ ] Developer Infrastructure
Expected behavior
It to work like 1.5, or if the behaviour has changed for a good reason, clearly explaining why in the upgrade notes for 1.6
Steps to reproduce the bug
Version (include the output of
istioctl version --remote
andkubectl version --short
andhelm version
if you used Helm)1.6.13
How was Istio installed?
Helm
Environment where bug was observed (cloud vendor, OS, etc)
The text was updated successfully, but these errors were encountered: