Istio integration

Calico uses a Container Storage Interface (CSI) driver to enable secure connectivity between Felix and the Dikastes container running in each pod. It mounts a shared volume into which Felix inserts a Unix Domain Socket.

Execute the following command to install the CSI driver.

You should see something similar to the following:

Follow the instructions here to enable application layer policy, install Istio, update the Istio sidecar injector and add Calico authorization services to the Istio mesh.

You can control this on a per-namespace basis. To enable Istio and application layer policy in a namespace, add the label istio-injection=enabled.

Label the default namespace, which you will use for the tutorial.