How to Adjust the CPU and Memory of Sidecar Proxies in Consul using Kubernetes Annotations

Introduction

The information contained in this article has been verified as up-to-date on the date of the original publication of the article.  HashiCorp endeavors to keep this information up-to-date and correct, but it makes no representations or warranties of any kind, express or implied, about the ongoing completeness, accuracy, reliability, or suitability of the information provided.

All information contained in this article is for general information purposes only.  Any reliance you place on such information as it applies to your use of your HashiCorp product is therefore strictly at your own risk.

This is a guide to demonstrate how to increase the CPU and memory resources in Sidecar proxies using Kubernetes (K8s) annotations. The initial Helm chart defaults for the Consul containers are a bare minimum requirement to get Consul up and running for a multitude of environments, and Kubernetes resource tuning may be necessary to better suit your environment's needs as seen below.  

Expected Outcome

Increasing the default resources of the Sidecar proxy container censures optimization of:

• Initial Service Registrations to Consul agent and catalog

• Periodic Service Synchronizations within Consul

• Metrics Merging Operations with respect to Consul's Envoy Sidecars.

Prerequisites

• Administrative privileges in K8s namespace for Consul
• Make sure connect-inject enabled
  • For additional information review How does Consul Service Mesh Work on Kubernetes?

Use Case

In the event, that there are high delays during Envoy initial Service Registrations to Consul agent and catalog and if any performance increase is to occur, the resources allocated to this component should help improve deployment.

Procedure

Below are the procedures to adjust Memory and CPU on connect-inject pods which will apply these settings globally on all Sidecar Proxy containers. These settings can be overridden on a per-pod basis via these same annotations. If null, that resource won't be set. 

1. 1. Create a YAML file sidecar-annotation.yaml and put the following values in it.

      spec:
        template:
          metadata:
            annotations:
              consul.hashicorp.com/connect-inject: "true"
              consul.hashicorp.com/sidecar-proxy-cpu-limit: "100m"
              consul.hashicorp.com/sidecar-proxy-cpu-request: "100m"
              consul.hashicorp.com/sidecar-proxy-memory-limit: "150Mi"
              consul.hashicorp.com/sidecar-proxy-memory-request: "150Mi" 

   2. Get the connect-inject deployment.

      kubectl get deployment -n consul 

   3. Patch the deployment.

      kubectl patch deployment consul-connect-injector -n consul --patch-file sidecar-annotation.yaml

   4. A new connect-inject pod will come up and it will have the new annotations. You can check by describing the pod.

       kubectl describe pod consul-connect-injector-xxxxxxx-xxx -n consul

 References

• Kubernetes site for kubectl patch
• Service Mesh Registration Time Tuning - Consul K8s Control Plane Resources
• How to Adjust Memory and CPU of Connect-inject Pods in Consul K8s