ISTIO Multi tenant support



ISTIO supports soft-multi-tenancy, with multiple Istio control planes, one control plane and one mesh per tenant. The cluster administrator gets control and visibility across all the Istio control planes, while the tenant administrator only gets control of a specific Istio instances. Separation between the tenants is provided by kubernetes namespaces and RBAC.

Deployment example



Generate SDS config:

helm template install/kubernetes/helm/istio --name istio --namespace istio-system --values install/kubernetes/helm/istio/values-istio-sds-auth.yaml > istio-auth-sds.yaml

Add command line option to the citadel 

--listened-namespaces=istio-system,foo

Add command line option for pilot discovery

--appNamespace=foo



Deploy ISTIO and application in foo namespace. Apps running in different namespace will not be under this contol plane.