Skip to content



Istio is a popular service mesh with below functionalities:

  • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.

  • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.

  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.

  • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.

  • Secure service-to-service communication in a cluster with strong identity-based authentication and authorization.

What Will You Do

In this exercise,

  • You will create a cluster blueprint with "Istio" addon
  • You will then apply this cluster blueprint to a managed cluster


This tutorial describes the steps to create and use a Istio based blueprint using the Web Console. The entire workflow can also be fully automated and embedded into an automation pipeline.


  • You have already provisioned or imported a Kubernetes cluster using the controller

Step 1: Create Istio addons

In this example we will be using Rafay's Catalog feature to install Istio addons.

  • Login into the Web Console and navigate to your Project as an Org Admin or Infrastructure Admin
  • Under Infrastructure, select "Namespaces" and create a new namespace called "istio-system"
  • Navigate to Catalog and select "default-istio" from Filter by catalog. You should see istio components as below Create Istio addon

  • Click on "base", select a stable version from top right and click "Create-Add-on"

  • Give "istio-base" name and select the "istio-system" namespace that we created earlier. Click "Create"
  • Give a suitable version number and click "Save Changes"
  • Repeat the process for istiod and gateway addons with the same version selected with names "istiod" and "istio-gateway"

Step 2: Create Blueprint

Now, we are ready to assemble a custom cluster blueprint using this addon.

  • Under Infrastructure, select "Blueprints"
  • Create a new blueprint and give it a name such as "istio"
  • Select "New Version" and give it a version name. Ex: istio-1.6.8
  • Under Add-Ons, select "ADD MORE" and chose the "istio-base" addon created from Step 1.
  • Add "istiod" and "istio-gateway" in the same way.
  • You need to add a dependency for istiod and istio-gateway as they both are dependent on istio-base to be istalled first. Click "Add Dependency" below istiod and istio-gateway and select istio-base as dependency.

Add dependency

  • Click "Save Changes" to save the blueprint.

Step 3: Apply Blueprint

Now, we are ready to apply this blueprint to a cluster.

  • Click on Options for the target Cluster in the Web Console
  • Select "Update Blueprint" and select the "istio" blueprint from the dropdown and for the version select "istio-1.14.3" from the dropdown.
  • Click on "Save and Publish".

This will start the deployment of the addons configured in the "istio" blueprint to the targeted cluster. The blueprint sync process can take a few minutes. Once complete, the cluster will display the current cluster blueprint details and whether the sync was successful or not.

Apply Custom Blueprint

Step 4: Verify Deployment

Users can optionally verify whether the correct resources have been created on the cluster.

  • Click on the Kubectl button on the cluster to open a virtual terminal

First, we will verify if the istio-system namespace has been created

kubectl get ns istio-system

Next, we will verify if the pods are healthy in the "istio-system" namespace

kubectl get po -n istio-system
NAME                             READY   STATUS    RESTARTS   AGE
istio-gateway-d8f94d7c6-q5c2n    1/1     Running   0          3m
istiod-75f5dd9b8-x2zp9           1/1     Running   0          15m

Optionally you can check from Rafay console by navigating to the cluster > Resources > Istio-system namespace > Pods

Verify Istio Installation


Congratulations! You have successfully created a custom cluster blueprint with the "istio" addon and applied to a cluster.