Use when working with service mesh infrastructure, Istio, Envoy proxy, Linkerd, sidecar proxy patterns, mTLS configuration, traffic management, canary deployments, circuit breaking, outlier detection, service-to-service communication, ingress/egress gateways, observability with Kiali/Jaeger, VirtualService, DestinationRule, Gateway, PeerAuthentication, AuthorizationPolicy, ambient mesh, or multi-cluster mesh. Do NOT use for simple monolithic applications, Docker Compose networking, environments with fewer than 5 microservices, standalone API gateway configuration without mesh needs, basic Kubernetes networking without service mesh requirements, or simple load balancing that kubectl port-forward or a single Ingress controller can handle.
istiod) that configures proxies,
distributes policy, and issues certificates.Istio uses Envoy (C++ L7 proxy) as its data plane and istiod as unified control plane.
curl -L https://istio.io/downloadIstio | sh -
export PATH=$PWD/istio-*/bin:$PATH
istioctl install --set profile=demo -y
kubectl label namespace default istio-injection=enabled
istioctl verify-install
helm repo add istio https://istio-release.storage.googleapis.com/charts && helm repo update
helm install istio-base istio/base -n istio-system --create-namespace
helm install istiod istio/istiod -n istio-system --wait
helm install istio-ingress istio/gateway -n istio-ingress --create-namespace
Profiles: default (production), demo (evaluation), minimal (control plane only),
ambient (sidecar-less).
apiVersion: networking.istio.io/v1beta1