Getting Started with Ambient Mesh
Follow this guide to install and configure Istio ambient mesh in your Kubernetes cluster.
This guide assumes you have a Kubernetes cluster (1.25+) with at least 4 vCPUs and 8GB RAM.
Prerequisites
- Kubernetes cluster - Version 1.25 or later
- kubectl - Configured to access your cluster
- istioctl - Version 1.18 or later for beta ambient support
- CNI support - Your cluster must support CNI plugins
Installation Steps
1
Install Istio with Ambient ProfileInstall Istio with the ambient mesh configuration enabled:
# Install Istio with ambient mesh support
istioctl install --set values.pilot.env.EXTERNAL_ISTIOD=false \
--set values.istiodRemote.enabled=false \
--set values.pilot.env.ENABLE_WORKLOAD_ENTRY_AUTOREGISTRATION=true \
--set values.ztunnel.enabled=true \
--set values.cni.ambient.enabled=true \
--set values.cni.ambient.redirectMode="iptables" \
-y2
Verify InstallationCheck that all components are running correctly:
# Check Istio components
kubectl get pods -n istio-system
# Verify ztunnel DaemonSet
kubectl get daemonset -n istio-system ztunnel
# Check CNI installation
kubectl get pods -n istio-system -l k8s-app=istio-cni-node3
Enable Ambient ModeAdd a namespace to the ambient mesh:
# Enable ambient mode for the default namespace
kubectl label namespace default istio.io/dataplane-mode=ambient
# Verify the label
kubectl get namespace default --show-labelsNext Steps
Deploy Sample Application
Deploy the Bookinfo sample application to test your ambient mesh installation.
Add Your Applications
Learn how to add your existing applications to the ambient mesh.
Configure Security
Set up mTLS and authorization policies for your services.
Enable L7 Features
Deploy waypoint proxies for advanced traffic management.