Deploying Istio on EKS: Traffic Management and Service Mesh with Envoy Sidecar

In this article, we will walk through the process of deploying Istio on Amazon EKS, setting up a service mesh, and enabling traffic management with Envoy sidecar proxies. Istio provides advanced traffic routing, security, monitoring, and resilience for microservices, while Envoy acts as the data plane, intercepting and managing communication between services. You’ll learn how to install Istio on EKS, inject Envoy sidecars into your services, configure routing rules, and expose services securely through an Istio-managed ALB (Application Load Balancer). This setup ensures better observability, control, and security of your microservices architecture.

Install istio from following url:

https://github.com/istio/istio/releases/tag/1.24.2

1) istioctl install --set profile=demo

2) kubectl get pods -n istio-system

3) kubectl get svc -n istio-system

4) kubectl label namespace default istio-injection=enabled

This command applies a label (istio-injection=enabled) to the default namespace, which tells Istio to automatically inject Envoy sidecar proxies into all the pods created in that namespace.

Namespace Labeling:
- By labeling the namespace with istio-injection=enabled, you enable automatic sidecar injection for Istio in that namespace. This means any pod created in the default namespace will have an Envoy proxy container automatically added to it.
- This is a key part of Istio's service mesh architecture, enabling advanced traffic management, observability, and security features.

To see effects of istio-injection

kubectl delete pods --all -n default