Integrate cluster services into the mesh

[xunholy]

Details

Currently, istio has no active workloads deployed into the mesh, this issue would require that most services be integrated and tested whilst running in the mesh using mTLS and no direct external internet facing traffic other than via the egress gateway.

Namespaces to add to the mesh:

• [ ] actions-runner-system
• [ ] backups
• [ ] flux-system
• [ ] gatekeeper-system
• [ ] home-system
• [ ] istio-operator - Should not be added to the mesh
• [ ] istio-system - Should not be added to the mesh
• [ ] kube-system - Should not be added to the mesh
• [ ] litmus
• [ ] network
• [ ] observability
• [ ] openebs
• [ ] security

[issue-label-bot[bot]]

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.91. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

[xunholy]

Once migrating to strict mTLS prometheus will need to be configured to continue to still be able to scrape targets in the mesh https://istio.io/latest/blog/2020/proxy-cert/

All add-on applications in istio also need to be considered for re-deployment via their respective operators or deployments outside the IstioOperator resource https://istio.io/latest/blog/2020/addon-rework/

[xunholy]

Testing in the network namespace was successful, several new service entries were required and have since been added into the istio-system namespace.