APIRule Controller relies on Istio and Ory custom resources (CRs) to provide routing capabilities. In terms of persistence, the controller depends only on APIRules stored in the Kubernetes cluster. In terms of the resource configuration, the following requirements are set on APIGateway Controller:
- CPU Requests: 10 m
- CPU Limits: 100 m
- Memory Requests: 64 Mi
- Memory Limits: 128 Mi
You can create an unlimited number of APIRule CRs.
The configuration of Ory resources depends on the cluster capabilities. If your cluster has fewer than 5 total virtual CPU cores or its total memory capacity is less than 10 gigabytes, the default setup for resources is lighter. If your cluster exceeds both of these thresholds, the higher resource configuration is applied.
The default configuration for larger clusters includes the following settings for the Ory components’ resources:
Ory Resources' Configuration
|
Component |
CPU Requests |
CPU Limits |
Memory Requests |
Memory Limits |
|---|---|---|---|---|
|
Oathkeeper |
100 m |
10000 m |
64 Mi |
512 Mi |
|
Oathkeeper Maester |
10 m |
400 m |
32 Mi |
1 Gi |
The default configuration for smaller clusters includes the following settings for the Ory components’ resources:
Ory Resources' Configuration
|
Component |
CPU Requests |
CPU Limits |
Memory Requests |
Memory Limits |
|---|---|---|---|---|
|
Oathkeeper |
10 m |
100 m |
64 Mi |
128 Mi |
|
Oathkeeper Maester |
10 m |
100 m |
20 Mi |
50 Mi |
The default configuration in terms of autoscaling of Ory components is as follows:
Ory Resources' Configuration
|
Component |
Min Replicas |
Max Replicas |
|---|---|---|
|
Oathkeeper |
3 |
10 |
|
Oathkeeper Maester |
3 |
10 |
Oathkeeper Maester is a separate container running in the same Pod as Oathkeeper. Because of that, the autoscaling configuration of the Oathkeeper and Oathkeeper Master components is similar. The autoscaling configuration is based on CPU utilization, with HorizontalPodAutoscaler set up for 80% average CPU request utilization.