Deploying Istio Service Mesh

This topic describes how to deploy Istio Service Mesh on a Kubernetes cluster in HPE Ezmeral Runtime Enterprise.


Required access rights: Kubernetes Administrator

You have chosen a Kubernetes cluster for which cluster-level installation of Istio is appropriate. For information about the kinds of Kubernetes clusters on which you can use this procedure to deploy Istio Service Mesh, see Istio Service Mesh.

About this task

You can deploy Istio Service Mesh while creating or editing Kubernetes clusters in HPE Ezmeral Runtime Enterprise. You can also enable or disable Istio Service Mesh and enable mTLS for each tenant within the cluster.


If you are not using the HPE Ezmeral Runtime Enterprise web interface to create or edit the Kubernetes cluster, then mtls mode must have a valid value, even if Istio is not enabled.


  1. Add or assign Istio Ingress gateway nodes.

    To allow incoming traffic into the mesh, all Istio-enabled Kubernetes clusters require one or more Istio Ingress gateways. Assigning multiple nodes as Istio Ingress Gateways adds load balancing for improved performance in large deployments.

    If you added a public SSH key when adding the node, adding an Istio Ingress Gateway node automatically creates a key value pair for that node. See Kubernetes Host Step 1: Add the Public SSH Key.

  2. Create or edit a Kubernetes cluster, and during the cluster creation or editing process, on the Application Configurations screen, select Istio.

    This step deploys "standalone" Istio on the Kubernetes cluster. Not all Kubernetes clusters support the use of standalone Istio. See Istio Service Mesh.

    For detailed information about creating or editing Kubernetes clusters, see Creating a New Kubernetes Cluster or Editing an Existing Kubernetes Cluster.

    For example:
    Add-ons with Istio selected
  3. When creating or editing a Kubernetes tenant, enable Istio Service Mesh and set the Mutual TLS Mode.

    Mutual TLS Mode specifies the security level to apply to envoy communications.

    For detailed instructions, see one of the following:

    For example:

  4. Add Kubernetes applications as described in Deploying Applications and Onboarding Applications.
  5. Access Istio virtual services using the Virtual Endpoints tab of the Kubernetes Applications screen.

    For example: