Known Issues

Istio-CNI and Cilium

When running Istio in Ambient Mode, the istio-cni component fails to start.

Issue

In clusters using Cilium as the CNI plugin together with Istio in Ambient Mode, this combination may prevent the istio-cni pods from starting correctly. This happens because Cilium overwrites the configuration that istio-cni attempts to append to the Cilium CNI config file. This cycle keeps on repeating itself, causing the pods to fail. For more details, see #26760

Solution

To resolve this, set the following Cilium parameter: cni.exclusive: false.

Important: Many cloud providers manage the CNI configuration, so you may not be able to modify it directly. For example, Cyso automatically reconciles the Cilium config, overriding any manual changes. In such cases, if you need to run Istio in Ambient Mode, consider switching to Calico as your CNI plugin instead of Cilium. Furthermore, be aware that Istio Sidecar Mode does not need Istio-CNI and therefore doesn't have any issues in combination with Cilium.

Istio-CNI and Cilium​

Issue​

Solution​

Istio-CNI and Cilium

Issue

Solution