Deploying Istio on EKS: Traffic Management and Service Mesh with Envoy Sidecar

In this article, we will walk through the process of deploying Istio on Amazon EKS, setting up a service mesh, and enabling traffic management with Envoy sidecar proxies. Istio provides advanced traffic routing, security, monitoring, and resilience for microservices, while Envoy acts as the data plane, intercepting and managing communication between services. You’ll learn how to install Istio on EKS, inject Envoy sidecars into your services, configure routing rules, and expose services securely through an Istio-managed ALB (Application Load Balancer). This setup ensures better observability, control, and security of your microservices architecture.

Install istio from following url:

https://github.com/istio/istio/releases/tag/1.24.2

1) istioctl install --set profile=demo

2) kubectl get pods -n istio-system

3) kubectl get svc -n istio-system

4) kubectl label namespace default istio-injection=enabled

This command applies a label (istio-injection=enabled) to the default namespace, which tells Istio to automatically inject Envoy sidecar proxies into all the pods created in that namespace.

  • Namespace Labeling:

    • By labeling the namespace with istio-injection=enabled, you enable automatic sidecar injection for Istio in that namespace. This means any pod created in the default namespace will have an Envoy proxy container automatically added to it.

    • This is a key part of Istio's service mesh architecture, enabling advanced traffic management, observability, and security features.


To see effects of istio-injection

kubectl delete pods --all -n default

In same deployment , now we’ve multi-container pods

kubectl get pods -n default

Download yaml file to create gateway

curl raw.githubusercontent.com/pratik2630/DevSec.. -o bookinfo-gateway.yaml

Push code to github

git add .

git commit -m “uploading yaml file for istio routes” .

git push origin main

Istio provides loadbalancer using ELB . Check using following cmd:

Kubectl get svc -n istio-system

Access using http://<alb-dns>/productpage

Now anyone can access over website with alb dns .

Next part tracing and monitoring

Did you find this article valuable?

Support Pratik's Blog by becoming a sponsor. Any amount is appreciated!