Istio Module

Use the Istio module to manage and configure the Istio service mesh.

What Is Istio?

Istio is an open-source service mesh that provides a uniform way to manage, connect, and secure microservices. It helps to manage traffic, enhance security capabilities, and provide telemetry data for understanding service behavior. See the open-source Istio documentation.

The Istio module installs and manages Istio in your Kyma cluster. By default, the Istio module is automatically added when you create a Kyma runtime instance.

Features

The Istio module offers the following features:

Management of Istio installation and upgrades: The module installs Istio and simplifies the process of managing its installation, reducing the complexity and time required for maintenance.
Default Istio configuration: You can quickly have Istio installed with default settings.
Fine-tuning capabilities: You can optimize Istio and fine-tune its settings according to specific performance or operational requirements.
Synchronization of the data plane with the Istio control plane: This ensures that changes you make to the control plane are consistently reflected in the data plane, ensuring that the network operates consistently and reliably without any discrepancies.
Support for the X-Forwarded-For (XFF) header: You can configure the XFF header to manage and track the source of incoming requests.

Architecture

Istio Operator Architecture

Istio Operator

Within the Istio module, Istio Operator handles the management and configuration of the Istio service mesh. It contains one controller, referred to as Istio Controller.

Istio Controller

Istio Controller manages Istio and its resources as defined in the Istio custom resource (CR). Istio Controller is responsible for:

Installing, upgrading, and uninstalling Istio
Restarting workloads that have Istio sidecar proxy injected to ensure that these workloads are using the correct version of Istio

API / Custom Resource Definitions

The istios.operator.kyma-project.io CustomResourceDefinition (CRD) describes the Istio CR that Istio Controller uses to manage the installation of Istio. See Istio Custom Resource.

Resource Consumption

To learn more about the resources used by the Istio module, see Kyma's Modules Sizing.

Istio Service Mesh

Tutorials

Technical Reference

Troubleshooting

Tutorials

Expose a Workload

Use APIRule v2

Use APIRule v2alpha1

Use APIRule v1beta1

Expose and Secure a Workload

Use APIRule v2

Use APIRule v2alpha1

Use APIRule v1beta1

Security

Custom Resources

APIGateway Custom Resource

APIRule Custom Resource

v2

v2alpha1

v1beta1

APIRule Migration

Technical Reference

Troubleshooting Guides

APIRule and Service Connection Issues

APIRule v2

APIRule v2alpha1

APIRule v1beta1

External DNS Management Errors

APIRule v2 Introduction

Resources

Tutorials

Technical Reference

Runtime Agent

Tutorials

Resources

Tutorials

Register a Service

VPC Peering

Resources

Tutorials

Tutorials

Resources

Resources

Troubleshooting

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Collecting Logs

Collecting Traces

Collecting Metrics

Filtering and Processing Data

Integrate with your OTLP Backend

Architecture

Integration Guides

Resources

Tutorials

Resources

Technical Reference

Tutorials

Commands

Istio Module ​

What Is Istio? ​

Features ​

Architecture ​

Istio Operator ​

Istio Controller ​

API / Custom Resource Definitions ​

Resource Consumption ​

Istio Module

What Is Istio?

Features

Architecture

Istio Operator

Istio Controller

API / Custom Resource Definitions

Resource Consumption