Could I deploy multiple istio controllers in a k8s cluster?

We are trying to deploy multiple istio controllers(istiod) in a k8s cluster. We have 6 k8s nodes now, and want to dploy multiple istio controller planes so that each pods can get to the nearest one to reduce the delay. But we find it difficult and don’t know how to make it. Could you helps us?

Can you please explain your use case a little more? what kind of delay are you experiencing that you want to mitigate? Also yes you can scale the istiod deployment to as many pods as needed but your question makes me think you want to deploy multiple independent istios?

We have a small cluster with 6 nodes. We want to study whether multiple istio controllers can be deployed in a luaster and we will consider the delay after that. We want to deploy multiple istio controller in different nodes and they can all control the istio. Logically, we have only one istio and multiple controllers. We want to know if it works and how to do it. Thank you very much.

Hi,
just wanted to revisit this conversation. We have a requirement to deploy multiple istio ingress controllers too. Personally I am not inclined and agree with “nick_tetrate”.

Current setup is 1 global istio ingress controller under istio-system, exposed istio svc as NodePort, which all apps use to reach the cluster.
We have a multi tenant environment, each app has its own FQDN,

  • app1examplecom
    • gateway and VS under its own namespace
  • app2examplecom
    • gateway and VS under its own namespace
  • app3examplecom
    • gateway and VS under its own namespace
      The reasoning that I am hearing from management is that each application should have its own ingress controller and corresponding svc port, so that one controller should not affect all the apps.

The ask now is,
app1examplecom

  • istio controller with istio-svc, gateway and vs in its own namespace.
    app2examplecom
  • istio controller with istio-svc, gateway and vs in its own namespace.
    app3examplecom
  • istio controller with istio-svc, gateway and vs in its own namespace.

I am confused now of the purpose of istio or any ingress for that matter.
Any thoughts on this is much appreciated.

Thanks,
Shashi

Deploying multiple istio ingress gateways make sense for a lot of organizations. You are limiting the risk of other applications in case of a gateway outage. I wrote an article attached below describing why you might want to do this approach. For advanced/experienced Istio Developers, having multiple ingress gateways isnt always needed if the single ingressgateway is tightly managed and resilient.

Secondly i have not seen a use case where more than one independent istio control planes in a single cluster are needed. I would recommend only running one control plane (1 k8s deployment of istiod) but scale it as needed to accommodate your use.

1 Like