- HTTPProxy Fundamentals
- Ingress v1 Support
- Virtual Hosts
- Inclusion and Delegation
- TLS Termination
- Upstream TLS
- Request Routing
- External Service Routing
- Request Rewriting
- Upstream Health Checks
- Client Authorization
- TLS Delegation
- Rate Limiting
- Access logging
- Cookie Rewriting
- Overload Manager
- JWT Verification
- Annotations Reference
- Slow Start Mode
- API Reference
- Deployment Options
- Contour Configuration
- Upgrading Contour
- Enabling TLS between Envoy and Contour
- Redeploy Envoy
- Deploying Contour on AWS with NLB
- AWS Network Load Balancer TLS Termination with Contour
- Deploying HTTPS services with Contour and cert-manager
- External Authorization Support
- FIPS 140-2 in Contour
- Using Gatekeeper with Contour
- Using Gateway API with Contour
- Global Rate Limiting
- Configuring ingress to gRPC services with Contour
- Health Checking
- How to enable structured JSON logging
- Creating a Contour-compatible kind cluster
- Collecting Metrics with Prometheus
- How to Configure PROXY Protocol v1/v2 Support
- Contour/Envoy Resource Limits
- Envoy Administration Access
- Contour Debug Logging
- Envoy Debug Logging
- Visualize the Contour Graph
- Show Contour xDS Resources
- Profiling Contour
- Contour Operator
- Support Policy
- Compatibility Matrix
- Contour Deprecation Policy
- Release Process
- Frequently Asked Questions
Envoy uses heap memory when processing requests. When the system runs out of memory or memory resource limit for the container is reached, Envoy process is terminated abruptly. To avoid this, Envoy overload manager can be enabled. Overload manager controls how much memory Envoy will allocate at maximum and what actions it takes when the limit is reached.
Overload manager is disabled by default.
It can be enabled at deployment time by using
--overload-max-heap=[MAX_BYTES] command line flag in
contour bootstrap command.
The bootstrap command is executed in
init container of Envoy pod to generate initial configuration for Envoy.
To enable overload manager, modify the deployment manifest and add for example
--overload-max-heap=2147483648 to set maximum heap size to 2 GiB.
The appropriate number of bytes can be different from system to system.
After the feature is enabled, following two overload actions are configured to Envoy:
- Shrink heap action is executed when 95% of the maximum heap size is reached.
- Envoy will stop accepting requests when 98% of the maximum heap size is reached.
When requests are denied due to high memory pressure,
503 Service Unavailable will be returned with a response body containing text
Shrink heap action will try to free unused heap memory, eventually allowing requests to be processed again.
The side effect of overload is that Envoy will deny also requests
This is due to the way how Contour secures Envoy’s admin API and exposes only selected admin API endpoints by proxying itself.
When readiness probe fails, the overloaded Envoy will be removed from the list of service endpoints.
If the maximum heap size is set too low, Envoy may be unable to free enough memory and never become ready again.