Istio Setup

Istio is a power traffic mesh management tool. It also provides an ingress gateway for the Kubernetes cluster.


Operator Setup

  • The following setup can be done from the client machine. This installs Istio Operator, Istio Service Mesh, Istio Ingressgateway components.

  • From kubernetes/istio directory, run;

    istioctl operator init
    kubectl apply -f istio-operator.yaml
    • Wait for istiod and ingressgateway pods to start.

  • Or, for Rancher cluster, run:

    kubectl apply -f istio-operator-no-ingress.yaml
    • Wait for istiod to start and ingressgateway pods to get deleted if any.

    • Run the following:

      kubectl apply -f istio-ef-spdy-upgrade.yaml

Namespace Setup

(Skip this section for Rancher cluster)

Once the above Operator setup is done, gateways need to be set up on each namespace. This assumes that the namespace (and relevant Rancher project) are created.

  • Edit and run this to define the variables:

    export NS=dev
    export WILDCARD_HOSTNAME='*'
  • Run this apply gateways

    envsubst < istio-gateway.yaml | kubectl apply -f -

Multiple ingress gateways

By default the installation scripts enable two Istio Ingress gateways - public and private. The public gateway is disabled by default. You may enable the same while opening up services to the public by following the steps given below. To create more private gateways, refer here.

Having only one private gateway implies that all users can open URLs in all namespaces. Access control to services may be accomplished by authentication/authorization of the respective services via Keycloak

Enabling public gateway


Creating private gateways


Last updated


Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.