Set default requests cpu resource to all deployments

[ymesika]

Adding the minimal resources requests values to all components:

resources:
  requests:  
    cpu: 100m

This is the minimal set that enables the Horizontal Pod Autoscaler to function correctly.

Each component can overwrite those default resources by declaring the custom values within the chart's section in values.yaml.

Fixes #5976

[codecov]

Codecov Report

Merging #6229 into master will decrease coverage by 1%.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master   #6229    +/-   ##
=======================================
- Coverage      71%     70%   -<1%     
=======================================
  Files         353     352     -1     
  Lines       30757   30099   -658     
=======================================
- Hits        21595   21016   -579     
+ Misses       8316    8249    -67     
+ Partials      846     834    -12

Impacted Files	Coverage Δ
istioctl/cmd/istioctl/proxystatus.go	16% <0%> (-9%)	⬇️
pilot/pkg/networking/plugin/authz/rbac.go	73% <0%> (-6%)	⬇️
mixer/adapter/stackdriver/helper/common.go	79% <0%> (-4%)	⬇️
pilot/pkg/serviceregistry/kube/controller.go	66% <0%> (-2%)	⬇️
mixer/adapter/redisquota/redisquota.go	88% <0%> (-2%)	⬇️
mixer/adapter/fluentd/fluentd.go	74% <0%> (-1%)	⬇️
mixer/adapter/stackdriver/trace/trace.go	89% <0%> (ø)	⬇️
pilot/pkg/networking/plugin/authz/util.go	98% <0%> (ø)	⬇️
pilot/pkg/networking/util/util.go	30% <0%> (ø)	⬇️
galley/pkg/runtime/resource/schema.go	100% <0%> (ø)	⬆️
... and 49 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d6a0aa7...7785cd1. Read the comment docs.

[ymesika]

@linsun @ldemailly @costinm

I will probably need to update a lot of golden testsdata so can you please let me know if putting those to all components is OK or just have it in "pure" control plane components.

[costinm]

/lgtm
/approve

[ymesika]

Last commit reduces the requested CPU from 100m to 50m.
The reason is that the CircleCI test node has 2CPUs which means that @100m only 20 containers with such request could be scheduled.
Some tests actually have more than that resulting in some pods in pending state. 50m seems to be sufficient for the test but I wonder whether we should request something like 10m just to allow HPA and have minimal side effect.

[ymesika]

@kyessenov What do you think?

[ymesika]

@frankbu What's your opinion re: #6229 (comment)
Thanks.

[ldemailly]

shouldn’t circle pass a lower value explicitly instead ? also how do we end up with 20 containers ?

[ymesika]

@ldemailly In this test, for instance, with 100m there was one pod waiting for available resources:

NAME                                          READY     STATUS    RESTARTS   AGE
a-7646dd46c5-cvjzs                            2/2       Running   0          4m
echosrv-deployment-1-7b4d6b7c84-cmkj9         2/2       Running   0          5m
echosrv-deployment-2-6c789cc7d5-g6948         2/2       Running   0          5m
istio-citadel-56df7c9cf-9v2zc                 1/1       Running   0          6m
istio-egressgateway-764f45594f-xqnzq          1/1       Running   0          6m
istio-galley-59cf69b6b-sfvw8                  1/1       Running   0          6m
istio-ingressgateway-9bf96d645-2cpq8          1/1       Running   0          6m
istio-pilot-57f798757d-md7z7                  2/2       Running   0          6m
istio-policy-6c57449875-6xm4l                 2/2       Running   0          6m
istio-sidecar-injector-66cc9fb84d-v6dw7       1/1       Running   0          6m
istio-statsd-prom-bridge-6978574dc4-n9jrm     1/1       Running   0          6m
istio-telemetry-6888d65655-s6pvb              2/2       Running   0          6m
nginx-default-http-backend-6d5b847486-9r8cd   2/2       Running   4          4m
nginx-ingress-controller-7854b56c8-t9smw      0/2       Pending   0          4m
prometheus-54b7c766d6-knr2t                   1/1       Running   0          6m
raw-cli-deployement-5cd88fb45d-qgghs          1/1       Running   0          5m
t-6bfc4495d-jd4k2                             1/1       Running   0          4m

What's the downside of having a low requested CPU? Like 10m?

[ldemailly]

the downside is if it’s too low the scheduler would cram too many pods on the same node at first only to have to move them when traffic starts / cpu usuage goes up

i guess it goes back to test values and production or even demo default aren’t the same

[ymesika]

Which might not be too different than what we have today when scheduling without any resources stated.

Fun facts - Default requests CPU*:

GKE - 0m
IBM - 0m
Azure - 0m

• Brief google search

[frankbu]

I'm wondering if there is a single default value that is good to use for all the control pane services. Aren't some much more cpu intensive than others? How do we test the hpa to see if it's working properly (optimally?) with any given service / cpu request value?

[ymesika]

This is just the requested cpu (something like minimum requested).
Assuming that most k8s providers are defaulting it to 0m I don't think there is any harm in setting this value to 10m. Just to enable the HPA.
We can argue about whether we should apply it to all Istio components are just subset which are the core control plane components. I.e. don't apply it to Kiali, Servicegraph, etc.

[gyliu513]

does it will impact the performance of proxy if setting cpu as 10m?

[ymesika]

It shouldn't. Just notifies the scheduler that the proxy container needs at least 10m.
The 100m/128Mi were also arbitrarily set for the same purpose of enabling HPA to pods that contain the proxy. (in a nutshull: because all containers must have at least the requested cpu the proxy container used to block customers from having HPA on their injected pods).

[gyliu513]

Ah, I see, it is a best effort pod.

[gyliu513]

/lgtm

[ymesika]

/hold

Golden injected testdata should be updated with the new proxy values. I will hold for now to make sure all (or majority of) us have an agreement about this before updating all golden testdata files.

[ymesika]

The PR is ready to be merged and on hold waiting for the participants agreement to add a requested cpu resource of 10m which is slightly above the default (in most providers) of 0m but enables HPA.

/hold cancel

[ldemailly]

sgtm but conflicts need to be resolved

[istio-testing]

@ymesika: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
prow/istio-pilot-e2e.sh	f4c8d5c	link	/test istio-pilot-e2e

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[rshriram]

/lgtm

[istio-testing]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: costinm, gyliu513, rshriram, ymesika

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• install/OWNERS [costinm,gyliu513,rshriram]
• pilot/OWNERS [costinm,rshriram]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment