Continental Innovates with Rancher and Kubernetes
Note: The following guide is only for RKE provisioned clusters.
If you have restrictive Pod Security Policies enabled, then Istio may not be able to function correctly, because it needs certain permissions in order to install itself and manage pod infrastructure. In this section, we will configure a cluster with PSPs enabled for an Istio install, and also set up the Istio CNI plugin.
The Istio CNI plugin removes the need for each application pod to have a privileged NET_ADMIN container. For further information, see the Istio CNI Plugin docs. Please note that the Istio CNI Plugin is in alpha.
NET_ADMIN
release-1.4
--- logLevel: "info" excludeNamespaces: - "istio-system" - "kube-system"
Follow the primary instructions, adding a custom answer: istio_cni.enabled: true.
istio_cni.enabled: true
After Istio has finished installing, the Apps page in System Projects should show both istio and istio-cni applications deployed successfully. Sidecar injection will now be functional.
istio-cni