On this page

Knative

If you use Knative with Istio at large scales (thousands of services), consider the following performance factors.

Tune Knative

Review tuning resources online, such as the Kperf benchmarking tool and the slides from this Istiocon talk.

Specify ports in the Istio sidecar

In your Istio sidecar configurations, specify the ports that the Istio proxy needs to listen on, such as the following example file. If you leave the ports empty, the Istio proxy might try to keep up with all of the Knative ports that are opened, which can slow down performance.

  apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: default
spec:
  egress:
  - hosts:
    - "./*"
    - "istio-system/*"
    port:
      number: 8080
      protocol: HTTP
      name: egresshttp

Separate `istiod` deployments

Consider using a separate istiod revision for the Knative activator proxy. Sometimes, Knative resources such as the webhook depend on information from the Istio proxy, such as when scaling up Knative services. By having a separate istiod revision for Knative, you can reduce the Istio proxy push time and speed up Knative connections.

Knative

Tune Knative link

Specify ports in the Istio sidecar link

Separate istiod deployments link

Tune Knative

Specify ports in the Istio sidecar

Separate `istiod` deployments