Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Envoy container resource limits #356

Open
xpepermint opened this issue May 16, 2021 · 4 comments
Open

Envoy container resource limits #356

xpepermint opened this issue May 16, 2021 · 4 comments
Labels
area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@xpepermint
Copy link

I think it's reasonable to allow resources limits for the envoy container, especially when Contour is deployed to multiple namespaces. Do you agree? Is there such a configuration option already available? There should be a "scaling" section (as best practice guide) somewhere on the website to make the scaling/limits clear.
@xpepermint xpepermint added the kind/feature Categorizes issue or PR as related to a new feature. label May 16, 2021
@sunjayBhatia sunjayBhatia added area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature. and removed kind/feature Categorizes issue or PR as related to a new feature. labels May 17, 2021
@danehans
Copy link
Contributor

@xpepermint I would like to see resource limits added to the Contour example manifests before adding them to the operator. According to this reference, it's been a while since a resource baseline was established. @youngnick @stevesloka should a projectcontour/contour issue be created to update the guide and/or set resource limits for the example manifests?

@danehans
Copy link
Contributor

xref: projectcontour/contour#409

@danehans
Copy link
Contributor

@xpepermint unlike with user workloads, setting limits for cluster infrastructure components, i.e. Envoy, is problematic for several reasons:

  • Components cannot anticipate how they scale in usage in all environments, so setting one-size-fits-all limits is not possible.
  • Setting static limits prevents administrators from responding to changes in their clusters’ needs, such as by resizing control plane nodes to provide more resources.
  • We do not want cluster components to be restarted based on their resource consumption (for example, being killed due to an out-of-memory condition). We need to detect and handle those cases more gracefully, without degrading cluster performance.

Therefore, it's my opinion that cluster components SHOULD NOT be configured with resource limits. However, the operator may be able to support this use case. Here are a few options:

  • Remove resource limits from being managed by the operator. This will allow users to manually set the limits after the operator creates the Envoy Daemonset.
  • Expose container resource configuration through the Contour API. I am concerned that this opens the door for users to break things by OOM'ing the Envoy containers.

Thoughts?

cc: @stevesloka @skriss @sunjayBhatia @Miciah

@xpepermint
Copy link
Author

Got it @danehans, makes sense.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/operational Issues or PRs about making Contour easier to operate as a production service. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xpepermint @danehans @sunjayBhatia