Through the Cluster Explorer, when installing or upgrading Istio through Apps & Marketplace,

    1. Click Components.
    2. Check the box next to Enabled CNI.

    3. Add a custom overlay file specifying cniBinDir and cniConfDir. For more information on these options, refer to the Istio documentation. An example is below:

      1. apiVersion: install.istio.io/v1alpha1
      2. kind: IstioOperator
      3. spec:
      4.   components:
      5.     cni:
      6.       enabled: true
      7.   values:
      8.     cni:
      9.       image: rancher/istio-install-cni:1.7.3
      10.       excludeNamespaces:
      11.         - istio-system
      12.         - kube-system
      13.       logLevel: info
      14.       cniBinDir: /opt/cni/bin
      15.       cniConfDir: /etc/cni/net.d

    4. After installing Istio, you’ll notice the cni-node pods in the istio-system namespace in a CrashLoopBackoff error. Manually edit the istio-cni-node daemonset to include the following on the install-cni container:

      1. securityContext:
      2.     privileged: true

    Result: Now you should be able to utilize Istio as desired, including sidecar injection and monitoring via Kiali.