This post has spent so much time in my draft folder that I am finally pulling the trigger even though I would styll very much find the time to tell you about these additional points:
If you have been playing/using a service mesh for any length of time, you may have noticed that there is a certain cognitive overhead in trying to figure out traffic flows. Even using the CLI to understand injected routes can require spending a good long time in the “zone.”
What is this? It is very easy to find blog posts and articles explaining how to make some of these components work together. They are also completely outdated.
It is not their fault: Kubernetes moves fast, Istio’s development seems to move even faster, and cert-manager breaks backward compatibility. Chances are, by the time you read it it will be too late!
Anyway, in a futile attempt to remain somewhat ahead of the curve, this article was written for Istio-1.