Additional Steps for Installing Istio on an RKE2 Cluster
Through the Cluster Explorer, when installing or upgrading Istio through Apps & Marketplace,
Click Components.
Check the box next to Enabled CNI.
Add a custom overlay file specifying
cniBinDir
andcniConfDir
. For more information on these options, refer to the Istio documentation. An example is below:apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
cni:
enabled: true
values:
cni:
image: rancher/istio-install-cni:1.7.3
excludeNamespaces:
- istio-system
- kube-system
logLevel: info
cniBinDir: /opt/cni/bin
cniConfDir: /etc/cni/net.dAfter installing Istio, you'll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the
istio-cni-node
daemonset to include the following on theinstall-cni
container:securityContext:
privileged: true
Result: Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.