Through the Cluster Explorer, when installing or upgrading Istio through Apps & Marketplace,

  1. Click Components.
  2. Check the box next to Enabled CNI.

  3. Add a custom overlay file specifying cniBinDir and cniConfDir. For more information on these options, refer to the Istio documentation. An example is below:

    apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
    components:
    cni:
        enabled: true
    values:
    cni:
        image: rancher/istio-install-cni:1.7.3
        excludeNamespaces:
        - istio-system
        - kube-system
        logLevel: info
        cniBinDir: /opt/cni/bin
        cniConfDir: /etc/cni/net.d

  4. After installing Istio, you’ll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the istio-cni-node daemonset to include the following on the install-cni container:

    securityContext:
    privileged: true

Result: Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.