Kubernetesdevops~5 mins

Istio overview in Kubernetes - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Istio helps manage how different parts of an application talk to each other inside a Kubernetes cluster. It solves problems like controlling traffic, securing communication, and monitoring services without changing the app code.

When you want to control traffic flow between microservices without changing their code

When you need to add security like encryption and authentication between services

When you want to monitor and trace requests across multiple services easily

When you want to test new versions of services safely with traffic splitting

When you want to enforce policies like rate limiting or access control on service calls

Commands

Create a separate namespace for Istio components to keep them organized and isolated.

Terminal

kubectl create namespace istio-system

Expected OutputExpected

namespace/istio-system created

Install Istio control plane components in the istio-system namespace using the official installation manifest.

Terminal

kubectl apply -f https://istio.io/latest/docs/setup/install/istio-minimal.yaml -n istio-system

Expected OutputExpected

customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io created customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io created customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io created ... (other resources created) deployment.apps/istiod created service/istiod created

→

-f - Apply configuration from a file or URL

→

-n - Specify the namespace to install Istio components

Enable automatic Istio sidecar injection for pods in the default namespace so traffic can be managed by Istio.

Terminal

kubectl label namespace default istio-injection=enabled

Expected OutputExpected

namespace/default labeled

Check that Istio pods are running properly in the istio-system namespace.

Terminal

kubectl get pods -n istio-system

Expected OutputExpected

NAME READY STATUS RESTARTS AGE istiod-5f7d9f7d7d-abcde 1/1 Running 0 2m istio-ingressgateway-7c9d8f9f7f-xyz12 1/1 Running 0 2m

→

-n - Show pods in the specified namespace

Key Concept

If you remember nothing else from Istio, remember: it manages service communication transparently by injecting sidecars that control traffic, security, and monitoring.

Common Mistakes

Not labeling the namespace for automatic sidecar injection

Without the label, Istio does not add its sidecar proxy to your app pods, so traffic is not managed by Istio.

Always run 'kubectl label namespace <namespace> istio-injection=enabled' before deploying your app pods.

Installing Istio components in the wrong namespace

Istio expects its control plane to run in the 'istio-system' namespace; installing elsewhere can cause failures.

Create and use the 'istio-system' namespace for Istio installation.

Summary

Create the 'istio-system' namespace to isolate Istio components.

Install Istio control plane using the official manifest in the 'istio-system' namespace.

Label your app namespace to enable automatic sidecar injection for traffic management.

Verify Istio pods are running to ensure the service mesh is active.