Istio Security

1. Within a single Istio mesh, Istio ensures each workload instance has an appropriate certificate representing its own identity, and the trust bundle necessary to recognize all identities within the mesh and any federated meshes. The CA only creates and signs the certificates for those identities.
2. TLS with SNI (Server Name Indication)
3. Service-level security is another key benefit of having a service mesh in a Kubernetes cluster

Istio and Prometheus

1. Secure communication between Prometheus and Istio components