Through the Cluster Explorer, when installing or upgrading Istio through Apps & Marketplace,

  1. Click Components.
  2. Check the box next to Enabled CNI.
  3. Add a custom overlay file specifying cniBinDir and cniConfDir. For more information on these options, refer to the Istio documentation. An example is below:

    apiVersion: install.istio.io/v1alpha1
    kind: IstioOperator
    spec:
        components:
        cni:
            enabled: true
        values:
        cni:
            image: rancher/istio-install-cni:1.7.3
            excludeNamespaces:
            - istio-system
            - kube-system
            logLevel: info
            cniBinDir: /opt/cni/bin
            cniConfDir: /etc/cni/net.d
  4. After installing Istio, you’ll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the istio-cni-node daemonset to include the following on the install-cni container:

    securityContext:
        privileged: true

Result: Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.