Reference Documentation

Complete reference for ambient mesh configuration, APIs, and resources.

Installation Configuration

Ambient Mesh Installation Options
Key configuration parameters for installing Istio with ambient mesh support.
# Complete installation command with all options
istioctl install --set values.pilot.env.EXTERNAL_ISTIOD=false \
  --set values.istiodRemote.enabled=false \
  --set values.pilot.env.ENABLE_WORKLOAD_ENTRY_AUTOREGISTRATION=true \
  --set values.ztunnel.enabled=true \
  --set values.cni.ambient.enabled=true \
  --set values.cni.ambient.redirectMode="iptables" \
  --set values.cni.ambient.dnsCapture=true \
  --set values.ztunnel.resources.requests.cpu="100m" \
  --set values.ztunnel.resources.requests.memory="128Mi" \
  --set values.ztunnel.resources.limits.cpu="1000m" \
  --set values.ztunnel.resources.limits.memory="1Gi" \
  -y

Core Parameters

  • ztunnel.enabled - Enable ztunnel DaemonSet
  • cni.ambient.enabled - Enable ambient CNI
  • cni.ambient.redirectMode - Traffic redirection mode

Optional Parameters

  • cni.ambient.dnsCapture - DNS traffic capture
  • ztunnel.resources - Resource limits for ztunnel
  • pilot.env.ENABLE_WORKLOAD_ENTRY_AUTOREGISTRATION - Auto workload registration

Namespace Configuration

Ambient Mode Labels
kubectl label namespace <namespace> istio.io/dataplane-mode=ambient

This label enables ambient mesh for all workloads in the namespace.

Waypoint Configuration
# Deploy namespace waypoint
istioctl x waypoint apply --namespace production

# Deploy service account waypoint
istioctl x waypoint apply --service-account bookinfo-reviews --namespace production

# Deploy service waypoint
istioctl x waypoint apply --service reviews --namespace production
Built with v0