About the add-on

The EKS add-on reduces the amount of work for you to install, configure, and update Istio. AWS validates that the add-on works on EKS, so you can be confident in using a secure, stable release. Each Istio version has two modes: Sidecar or Ambient. If you select the Ambient mode, Istio is configured in Ambient mode out of the box, requiring no additional adjustments or changes. Your organization might encourage you to use the add-on to meet internal compliance requirements or account spending obligations. For more information, see the AWS docs.

Before you begin

  1. Create or use existing EKS clusters. Keep in mind the following points:

    • The cluster must be able to run Istio, such as meeting the performance, platform, and application requirements.
    • The cluster must run on a supported Kubernetes version. You can enable each version of the addon on an EKS cluster that supports the corresponding version of Istio.
    • The cluster name must be alphanumeric with no special characters except a hyphen (-), lowercase, and begin with a letter (not a number).
    • If you plan to use Gloo Mesh, you typically install Istio in data plane clusters that run your workloads. You don’t need to install Istio in the cluster that you plan to use for the Gloo Mesh management plane.
  2. Install any CLI tools that you might need to work with your cluster, such as the following:

    • aws cli, the Amazon Web Services command line tool.
    • eksctl, the AWS EKS command line tool.
    • kubectl, the Kubernetes command line tool. Download the kubectl version that is within one minor version of the Kubernetes clusters you plan to use.
    • istioctl, the Istio command line tool.
    • terraform, the infrastructure-as-code configuration language command line tool from HashiCorp.
  3. If you plan to install the add-on via automation such as Terraform, you must first accept the subscription terms in the AWS Marketplace console.

Install the EKS add-on

You can install the EKS add-on via the AWS console, the eksctl or aws CLI tools, or a GitOps tool such as Terraform.

Verify your installation

After the add-on is installed, verify that Istio is working.

  1. Verify that the istiod pod has a status of Running.

  2. Verify that istiod uses the solo-io distribution of Istio.

      kubectl describe pod -n istio-system -l app=istiod | grep -i image:
      

    Example output: Note solo-io in the image repository.

      Image:         709825985650.dkr.ecr.us-east-1.amazonaws.com/solo-io/f1d618dd76/pilot:1.22.3
      
  3. If you applied custom configurations, you can verify them within the related components of your EKS cluster. For instance, to confirm the meshConfig example mentioned earlier, check the configuration via the ConfigMap with the following command.

      kubectl get configmap -n istio-system istio -o yaml | grep accessLog
      

    Example output:

      accessLogFile: /dev/stdout
      

    If you customized a setting such as the number of replicas in the previous example, verify that your changes are made. For example, the following command verifies that the replicas are now set to 2.

      kubectl describe deployments.apps -n istio-system istiod | grep Replicas:
      

    Example output:

      Replicas:               2 desired | 2 updated | 2 total | 2 available | 0 unavailable
      

Next steps

Now that Istio is installed in your cluster, review the following next steps you can take.

Uninstall the add-on

You can uninstall the Solo distribution of Istio from by using AWS. Keep in mind that this action removes the Istio service mesh from your cluster.

For more information about removing an EKS add-on, see the AWS docs.

  1. Remove the Solo distribution of Istio add-on for EKS.

  2. Clean up the istio-system namespace in your cluster.

      kubectl delete namespace istio-system