Skip to main content
Version: v2.5

Additional Steps for Installing Istio on an RKE2 Cluster

Through the Cluster Explorer, when installing or upgrading Istio through Apps & Marketplace,

  1. Click Components.

  2. Check the box next to Enabled CNI.

  3. Add a custom overlay file specifying cniBinDir and cniConfDir. For more information on these options, refer to the Istio documentation. An example is below:

    apiVersion: install.istio.io/v1alpha1
    kind: IstioOperator
    spec:
    components:
    cni:
    enabled: true
    values:
    cni:
    image: rancher/istio-install-cni:1.7.3
    excludeNamespaces:
    - istio-system
    - kube-system
    logLevel: info
    cniBinDir: /opt/cni/bin
    cniConfDir: /etc/cni/net.d
  4. After installing Istio, you'll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the istio-cni-node daemonset to include the following on the install-cni container:

    securityContext:
    privileged: true

Result: Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.