Knative

If you use Knative with Istio at large scales (thousands of services), consider the following performance factors.

Benchmark and tune Knative resources: Review tuning resources online, such as the Kperf benchmarking tool and the slides from this Istiocon talk.

Specify ports in the Istio sidecar: In your Istio sidecar configurations, specify the ports that the Istio proxy needs to listen on, such as the following example file. If you leave the ports empty, the Istio proxy might try to keep up with all of the Knative ports that are opened, which can slow down performance.

apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: default
spec:
  egress:
  - hosts:
    - "./*"
    - "istio-system/*"
    port:
      number: 8080
      protocol: HTTP
      name: egresshttp

Separate istiod deployments: Consider using a separate istiod revision for the Knative activator proxy. Sometimes, Knative resources such as the webhook depend on information from the Istio proxy, such as when scaling up Knative services. By having a separate istiod revision for Knative, you can reduce the Istio proxy push time and speed up Knative connections.