By default, the control plane pushes the full service configuration to every sidecar in the data plane because it has no knowledge of which services each workload actually calls. At scale, this causes two problems:
High sidecar memory usage. Each sidecar stores configurations for all services in the cluster, including services it never communicates with.
Heavy control plane load. Any configuration change, such as creating a virtual service, triggers a push to every sidecar regardless of relevance. This reduces the efficiency and availability of the control plane.
Service Mesh (ASM) provides three features to reduce control plane load and sidecar memory consumption: service discovery selectors, sidecar recommendation, and adaptive xDS optimization. Each operates at a different level of granularity.
Select an optimization strategy
The following table compares the three features to help you select the right approach.
| Feature | Scoping level | Mechanism | Prerequisites | Auto-updates | Best for |
|---|---|---|---|---|---|
| Service discovery selectors | Namespace | Filters which namespaces the control plane discovers | Namespace labels | N/A | Clusters with many namespaces where workloads only need services from a few |
| Sidecar recommendation | Workload | Analyzes access logs to generate per-workload Sidecar resources | Log Service enabled for access log collection | No. Re-run recommendation when dependencies change | Large number of services within a single namespace |
| Adaptive xDS optimization | Workload | Deploys an egress gateway to track call dependencies and auto-generates Sidecar resources | None | Yes. Sidecar resources update automatically as dependencies change | Teams that want automatic optimization without manual Sidecar management |
Service discovery selectors
Configure label selectors based on namespace labels. The control plane then discovers and processes only services in matching namespaces, and pushes only those configurations to sidecars.
Applicable scenario: The data plane contains many namespaces and services, but workloads in each namespace only call services in a few specific namespaces.
For setup instructions, see Use service discovery selectors to improve the configuration push efficiency of the control plane.
Sidecar recommendation
ASM analyzes access logs generated by sidecars to determine call dependencies between services. Based on this analysis, ASM recommends and creates a Sidecar resource for each workload. Each Sidecar resource limits the workload's configuration to only the services it actually calls.
This provides two benefits:
Each sidecar stores only the configurations of services related to its workload.
When an unrelated service is modified, or a resource such as a virtual service of a related service is modified, the control plane does not push the new configuration to that sidecar.
Applicable scenario: Service discovery selectors alone do not provide enough optimization. For example, a single namespace contains a large number of services and you want to minimize sidecar configuration size. ASM recommends and creates the Sidecar resources based on access log analysis, so you do not need to write YAML files manually.
To see the measured impact on push performance, see Effects of sidecar recommendation on configuration push optimization.
For setup instructions, see Use the sidecars that are automatically recommended based on access log analysis.
Adaptive xDS optimization
Like sidecar recommendation, adaptive xDS optimization generates per-workload Sidecar resources to scope configurations. It differs in the following ways:
Fully automatic. Sidecar resources are generated and updated automatically as call dependencies change. No manual configuration or periodic re-recommendation is needed.
No Log Service dependency. The feature does not require enabling Log Service to collect access logs on the data plane.
Egress gateway-based. An egress gateway named
istio-axds-egressgatewayis deployed on the data plane. The feature applies only to workloads you select. All HTTP traffic from selected workloads is routed through this gateway, which the control plane uses to analyze call dependencies.
Applicable scenario: You want the simplest path to configuration push optimization, especially if you are not familiar with Sidecar resources or manual configuration tuning.
The egress gateway may affect traffic routing on the data plane and consume control plane resources. Gradually add workloads to the feature scope to prevent disruptions.
For setup instructions, see Use adaptive xDS optimization to improve the configuration push efficiency of the control plane.