-
Is there anyone who has deployed Istio to production-scale?
-
Could anyone share how to scale Pilot, e.g. how many Pilot instances needed to support x pods in cluster?
-
If I deploy > 1 replicas of Pilot, will they listen to the same Kubernetes events? Or will they split the workload of listening Kubernetes events?
-
Also, if I deploy > 1 replicas of Pilot, how will that help the scalability of the control plane?
In performance tests, one pilot with 5 CPUs is able to deal with 400 services and 800 pods. Upcoming changes for namespace isolation will increase scalability, however we do not have numbers for it yet.
Increasing the number of pilots reduces the number of clients that pilot needs to serve. If 2 pilots are deployed in the above configuration, each pilot will serve 400 pods (sidecars), both pilots listen to the same set of kubernetes events.
Namespace isolation? Could you elaborate more? Or is there any docs that I can read about that?
@sailfulwebid Here is the design proposal for the namespace filtering ->https://docs.google.com/document/d/1x8LI3T7SHW-yDrrt3ryEr6iSs9ewMCt4kXtJpIaSSlI/edit#heading=h.m6yvqjh71gxi
Access to this GDoc seems restricted. I just send an access request but I think you might want to move this design proposal onto the Istio Github wiki for everybody to consume and comment on. 
Could you please share the Github wiki link for design proposal of “namespace isolation”?
My understanding is that (with 1.1.5 out right now), “namespace isolation” is handled by using “Sidecar” resource for filtering services using workloadSelector and/or namespace filter. Is that right?
Also, is there plans for addressing concerns mentioned here in 10039.
Namespace isolation == Sidecar. See https://twitter.com/karlstoney/status/1110255431644049409, https://istio.io/docs/reference/config/networking/v1alpha3/sidecar/, https://istio.io/docs/concepts/performance-and-scalability/
1 Like