Istio is an open source project that implements a service mesh, allowing for a way to observe and control the traffic flow between applications in Kubernetes. Istio is a key tool in securing Kubernetess workloads and hardening your environment.
The istio-core Charmed Operator deploys and manages the Istio control plane components in a Kubernetes cluster. The operator is designed to be used in conjunction with the istio-beacon-k8s and istio-ingress-k8s charms to deploy and configure Istio using Juju.
Typically, Istio is deployed to the istio-system
namespace without any other applications in that namespace. This is because any Istio Custom Resource deployed to Istio's system namespace are treated as a globally scoped (for example, an AuthorizationPolicy
deployed in Istio's namespace applies to the entire cluster). Following these best practices, we can deploy Charmed Istio by:
juju add-model istio-system
juju deploy istio-core-k8s --trust
This deploys the Istio control plane, which can then be used by anything in the Kubernetes cluster. To get started from here, see:
- istio-beacon-k8s for how to quickly integrate charms to the mesh Istio's Ambient mode
- istio-ingress-k8s to create ingresses to the cluster
- for general Istio guidance, see the Istio docs, for example how to deploy an application to an Istio ambient mesh