How to Install Istio on Amazon EKS [6 Easy Steps]

What is Istio ?

In this tutorial, we will learn about how to install Istio on Amazon EKS using 6 easy steps. Istio is an open source service mesh that basically provides two pieces of architecture for a cluster i.e data plane and control plane. Data plane’s job is to handle the network traffic between the services in the service mesh environment. Control plane on the other hand is Istio’s core that manages and secures the data plane. Let’s understand some basic concept of Istio before proceeding to the installation in Amazon EKS cluster.


How to Install Istio on Amazon EKS [6 Easy Steps]

What are Configuration Profiles ?

Also read: How to Install Istio on Windows 10 [4 Easy Steps]

In Istio, Configuration Profiles are a way to manage and customize the configuration settings for different environments or deployment scenarios. They provide a mechanism to define variations of Istio configuration that can be applied to different clusters, namespaces, or workloads. They also provide customization of the Istio control plane and of the sidecars for the Istio data plane. Istio supports following built-in configuration profiles.

Default Profile -This profile provides a baseline configuration suitable for most scenarios. It includes features like traffic routing, load balancing, retries, timeout and more.

Demo Profile – This profile is designed to showcase the features of Istio in a single namespace. It provides more advanced configurations for observability, tracing and routing.

Minimal Profile – This profile is optimized for resource-constrained environments. It includes only the essential components necessary for basic service mesh functionality.

Remote Profile – This profile is used for configuring a remote cluster that is managed by an external control plane or by a control plane in a primary cluster of a multi-cluster mesh.

Empty Profile –  This profile contains no Istio configuration. It’s useful if you want to start with a clean slate and add configurations manually.

Preview Profile – This profile contains features that are experimental. This is intended to explore new features coming to Istio. Stability, security and  performance is not guaranteed in this profile so one should use this at own risk.


How to Install Istio on Amazon EKS [6 Easy Steps]


  • Existing AWS EKS Cluster
  • Kubectl Configured to interact with kube api
  • Client VM to connect to EKS cluster

Step-1: Install Latest Istioctl CLI 

In this step, download the latest Istio version  and configure Istioctl using below command. You can also refer to Istio github page to see stable and beta version of Istio.

[linuxnasa@ip-10-176-128-108 istio]$ curl -L | sh -

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   101  100   101    0     0    433      0 --:--:-- --:--:-- --:--:--   435
100  4899  100  4899    0     0   6805      0 --:--:-- --:--:-- --:--:--     0

Downloading istio-1.18.2 from ...
Istio 1.18.2 Download Complete!
Istio has been successfully downloaded into the istio-1.18.2 folder on your system.

Next Steps:
See to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /home/linuxnasa/istio/istio-1.18.2/bin directory to your environment path variable with:
export PATH="$PATH:/home/linuxnasa/istio/istio-1.18.2/bin"
Begin the Istio pre-installation check by running:

istioctl x precheck

Need more information? Visit
Once download completes, A new folder in the current working directory  is created inside which there is bin folder which contains the istio binary  along with other files and folders.
[linuxnasa@ip-10-176-128-108 istio]$ ls


Step-2: Configure Istioctl binary Path

In this step, add the Istioctl binary path to PATH variable using below command.

[linuxnasa@ip-10-176-128-108 istio]$ export PATH="$PATH:/home/linuxnasa/istio/istio-1.18.2/bin"

Next, check which version of Istio is installed using below command.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ istioctl version
no ready Istio pods in "istio-system"

Next, do the Istio pre-installation check by running below command.

[linuxnasa@ip-10-176-128-108 ~]$ istioctl x precheck
✔ No issues found when checking the cluster. Istio is safe to install or upgrade!
To get started, check out


Step-3: Install Istio

In this step, install Istio using Istioctl cli. There are many configuration profile option available to use for Istio installation as we have discussed in the beginning of this tutorial, we will use demo configuration profile for installing the Istio.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ istioctl install --set profile=demo -y
WARNING: Istio control planes installed: 1.15.1.
WARNING: A newer installed version of Istio has been detected. Running this command will overwrite it.Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete Making this installation the default for injection and validation.

Once installation completes, a new namespace is created in which there will be three pods created as shown below.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl get ns
NAME            STATUS     AGE
default         Active     36d
istio-system    Active     63s
kube-node-lease Active     36d
kube-public     Active     36d
kube-system     Active     36d

Check the pods in istio-system namespace using below command. There is egress and ingress gateway pod created which will control the incoming and outgoing traffic. Third pod is istiod  which is nothing but the istio control plane.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl get po -n istio-system
NAME                                   READY    STATUS     RESTARTS AGE
istio-egressgateway-6c4796c98-nmd9s     1/1      Running     0      2m19s
istio-ingressgateway-d94b4444b-gm9bw    1/1      Running     0      2m18s
istiod-85669db8fd-k6rck                 1/1      Running     0      2m31s


Step-4: Deploy Sample Application 

In this step, deploy the sample application which comes with the istio package that we had downloaded in step-1. Create the sample application as shown below. Notice that the sample application .yaml configuration file is creating different K8 resources i.e multiple service, deployment, service account etc.

Firstly, create a new namespace istio-app where we will deploy the sample application instead of default namespace using below command.

[linuxnasa@ip-10-176-128-108 kube]$ kubectl create ns istio-app
namespace/istio-app created

Next, Switch to directory path where application configuration file is kept.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ cd samples/bookinfo/platform/kube/

Next, Create the sample application in istio-app namespace using below command.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl create -f  bookinfo.yaml -n istio-app 
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

Check the pods in istio-app namespace using below command.

[linuxnasa@ip-10-176-128-108 kube]$ kubectl get po -n istio-app
NAME                           READY   STATUS    RESTARTS AGE
details-v1-5ffd6b64f7-885jv     1/1     Running   0       3m55s
productpage-v1-8b588bf6d-fncc8  1/1     Running   0       3m55s
ratings-v1-5f9699cfdf-vkqzj     1/1     Running   0       3m55s
reviews-v1-569db879f5-pdtx7     1/1     Running   0       3m55s
reviews-v2-65c4dc6fdc-jtkcp     1/1     Running   0       3m55s
reviews-v3-c9c4fb987-8j49g      1/1     Running   0       3m55s

Notice that all the microservices are in 1/1 READY state which means there is only 1 container in all the microservice and that is main container . In the next step, we will inject the Istio sidecar in all these microservices.


Step-5: Inject Istio sidecar 

In this step, inject the Istio sidecar i.e Envoy that actually injects the data plane with main conatiner. Envoy sidecar becomes the channel to  communicate with the Istio Control plane and Data plane. To inject the istio sidecar, easiest way is to delete all the pods as these pods are created as replica. This way new pods will be automatically recreated and this time it will come up with 2 container i.e main container and istio sidecar container. Execute the command in same  order as shown below.

Firstly, label the namespace where pods are deployed using below command.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl label namespace istio-app istio-injection=enabled
namespace/istio-app labeled

Next, Delete all the pods in istio-app namespace

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ for i in `kubectl get po -n istio-app | awk -F" " '{print $1}'| grep -vE "Post|Error:|NAME"`; do kubectl delete po $i -n istio-app; done
pod "details-v1-5ffd6b64f7-ps8bp" deleted
pod "productpage-v1-8b588bf6d-bhgwf" deleted
pod "ratings-v1-5f9699cfdf-p9n9t" deleted
pod "reviews-v1-569db879f5-sx8rn" deleted
pod "reviews-v2-65c4dc6fdc-cxwwv" deleted
pod "reviews-v3-c9c4fb987-ktt4g" deleted

Check pods again in istio-app namespace. This time all pods will come up with 2 containers as shown below.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl get po -n istio-app
NAME                                  READY           STATUS       RESTARTS   AGE
details-v1-5ffd6b64f7-jfrhm           2/2             Running         0        74s
productpage-v1-8b588bf6d-j5lxl        2/2             Running         0        73s
ratings-v1-5f9699cfdf-dxnk2           2/2             Running         0        71s
reviews-v1-569db879f5-lts8m           2/2             Running         0        69s
reviews-v2-65c4dc6fdc-w9987           2/2             Running         0        66s
reviews-v3-c9c4fb987-z8jwq            2/2             Running         0        63s


Step-6: Verify Application Up and  Running

In this step, login to ratings-v1-5f9699cfdf-dxnk2 pod and try to get the response using curl command as shown below.

[linuxnasa@ip-10-176-128-108 istio-1.18.2]$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0]}' -n istio-app)" -c ratings -n istio-app -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>



Refer to Istio official documentation for more guide on installation.

Leave a Comment