The use of Istio operator pod (i.e. istioctl operator init) is discouraged. However, the IstioOperator API (and the resource) is all good. So doing istioctl operator init and using kubectl to apply the IstioOperator resource is discouraged, however, doing istioctl install -f or just Helm is the recommended way to install Istio.

The idea is to use the intermediate certificates and not the root cert directly. You can configure cert-manager to manage and handle cacerts and then have istiod automatically reload them.

The github repo for all episodes is here: github.com/solo-io/hoot

Thank you@@learncloudnative