/lazyxds

LazyXds enables Istio only push needed xDS to sidecars to reduce resource consumption and speed up xDS configuration propagation.

Primary LanguageGoApache License 2.0Apache-2.0

LazyXds

LazyXds enables Istio only push needed xDS to sidecars to reduce resource consumption and speed up xDS configuration propagation.

Note: LazyXds is an experimental project, please don't use it in production.

Problems to solve

SotW xDS

Architecture

SotW xDS

Build

# build lazyxds binary on linux
make build.lazyxds

# build lazyxds binary on darwin
make build-mac.lazyxds

Build Image

# build lazyxds docker image with the default latest tag
make docker-build.lazyxds

# build lazyxds docker image with xxx tag
make docker-build.lazyxds tag=xxx

# build lazyxds e2e docker image
make docker-build-e2e.lazyxds

Install

Pre-requirements:

  • A running Kubernetes cluster, and istio(version >= 1.10.0) installed
  • Kubectl installed, and the ~/.kube/conf points to the cluster in the first step

Install Lazyxds Egress and Controller

kubectl apply -f https://raw.githubusercontent.com/aeraki-mesh/lazyxds/master/install/lazyxds-egress.yaml
kubectl apply -f https://raw.githubusercontent.com/aeraki-mesh/lazyxds/master/install/lazyxds-controller.yaml

The above commands install the lazyxds egress and controller into the istio-system namespace.

How to enable LazyXDS

You can choose to enable lazyXDS on some particular services or enable it namespace wide. To enable lazyXDS on a service or a namespace, you just need to add an annotation lazy-xds: "true" to the target service or namespace.

Enable on a Service

apiVersion: v1
kind: Service
metadata:
  name: my-service
  annotations:
    lazy-xds: "true"
spec:

or use kubectl:

kubectl annotate service my-service lazy-xds=true --overwrite

Enable on a Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace
  annotations:
    lazy-xds: "true"
spec:

or use kubectl:

kubectl annotate namespace my-namespace lazy-xds=true --overwrite

Bookinfo Demo

  1. Install istio(version >= 1.10.0), and enable access log for debug purpose.

    istioctl install -y --set meshConfig.accessLogFile=/dev/stdout
    
  2. Install lazyXds by following the instructions in Install Lazyxds egress and controller.

  3. Install bookinfo application:

    kubectl label namespace default istio-injection=enabled
    kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.10/samples/bookinfo/platform/kube/bookinfo.yaml
    kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.10/samples/bookinfo/networking/bookinfo-gateway.yaml
    

    Determine the ingress IP, and we use 80 as the ingress port by default.

    export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
    

    Save product page pod name to env for later use.

    export PRODUCT_PAGE_POD=$(kubectl get pod -l app=productpage -o jsonpath="{.items[0].metadata.name}")
    

    Check the eds of product page pod, we can see product page gets all eds of bookinfo, though it does not need all of them:

    istioctl pc endpoints $PRODUCT_PAGE_POD | grep '9080'
    172.22.0.10:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.11:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.12:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.13:9080                 HEALTHY     OK                outbound|9080||productpage.default.svc.cluster.local
    172.22.0.8:9080                  HEALTHY     OK                outbound|9080||details.default.svc.cluster.local
    172.22.0.9:9080                  HEALTHY     OK                outbound|9080||ratings.default.svc.cluster.local
    
  4. Enable lazyXds for the productpage service:

    kubectl annotate service productpage lazy-xds=true --overwrite
    

    Check the eds of product page:

    istioctl pc endpoints $PRODUCT_PAGE_POD | grep '9080'
    // no eds show
    

    Once enabling lazyXds, product page pod won't get any endpoints of bookinfo.

  5. Access bookinfo the first time:

    curl -I "http://${INGRESS_HOST}/productpage"
    

    check the access log of product page pod:

    kubectl logs -c istio-proxy -f $PRODUCT_PAGE_POD
    

    access to egress

    We can see the first request form product page to details and reviews has been redirected to istio-egressgateway-lazyxds

    Check the eds of product page again:

    172.22.0.10:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.11:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.12:9080                 HEALTHY     OK                outbound|9080||reviews.default.svc.cluster.local
    172.22.0.8:9080                  HEALTHY     OK                outbound|9080||details.default.svc.cluster.local
    

    Only reviews and details endpoints are in the eds, which are the exact endpoints product page needs.

  6. Access bookinfo again:

    curl -I "http://${INGRESS_HOST}/productpage"
    

    Check the access log of product page pod:

    kubectl logs -c istio-proxy -f $PRODUCT_PAGE_POD
    

    access to egress

    Now the traffic goes directly to the target services since the sidecar proxy already has all the endpoints it needs.

Uninstall

kubectl delete -f https://raw.githubusercontent.com/aeraki-mesh/aeraki/master/lazyxds/install/lazyxds-controller.yaml
kubectl delete -f https://raw.githubusercontent.com/aeraki-mesh/aeraki/master/lazyxds/install/lazyxds-egress.yaml

Performance

We have set up two bookinfo applications in an istio mesh with lazyxds installed, the product page in lazy-on namespace has lazyXds enabled, and the other one hasn't. Then we use istio load testing to increasingly create a large number of services, each load test namespace contains 19 services, each service contains 5 pods. The following is the test result for your reference:

performance-test-arch

Memory compare:

performance-test-mem

EDS and CDS compare:

performance-test-xds