Sidecar injected pod takes 90+ seconds to become ready

FelipeEmerim · May 27, 2022, 8:16pm

Hi,

We have an issue in our Kubernetes cluster where pods that have the sidecar injected cannot make connections before waiting at least 90 seconds for envoy to become ready. We would like to know if this is expected, and if there is something we can do to reduce the rollout time.

We are using these resources in the sidecar container:

resources:
    limits:
      cpu: 125m
      memory: 128Mi
    requests:
      cpu: 125m
      memory: 128Mi

Do they have to be increased as our cluster gets bigger? Now we have about 200 pods and 11 nodes.

Clarification: When I say that envoy is not ready, I mean that every connection attempt to other resources fail with connection refused. The container status in k8s is green.

lkysow · June 3, 2022, 9:08pm

That’s not expected. Can you run Envoy at debug level and get us the logs on startup?

annotations:
  consul.hashicorp.com/envoy-extra-args: '--log-level debug'

FelipeEmerim · June 14, 2022, 7:47pm

Sorry for the delay, I didn’t get a notification when you replied. I’ve done what you mentioned, here are the logs. I changed some names to avoid exposing our services info. I stopped collecting logs as soon as our connections started to succeed.

sidecar.txt (662.9 KB)

Topic		Replies	Views
Very frustrated and about to give up on Consul in K8s for much more Ops Friendly Istio Consul k8s , connect	1	555	March 3, 2021
Sidecar consul envoy not balancing traffic Consul	4	449	July 23, 2021
Envoy integration question Consul	3	376	June 9, 2020
Delay SIGTERM of envoy sidecar proxy Consul k8s , helm	4	2875	March 17, 2021
Consul Inject Sidecar with resources Consul k8s	5	1101	May 21, 2020

Sidecar injected pod takes 90+ seconds to become ready

Related topics