At SimilarWeb we use Istio in all of our Kubernetes clusters and utilize Istio’s Authorization and Authentication policies for each service. As a small production engineering team, we wanted to let our developer’s full autonomy for writing new services with Helm without needing to know Istio internals.
To solve that problem we abstracted Istio completely inside a generic Helm chart for common use cases. For more complex cases create a MutatingWebhook in k8s that reads annotations from the deployments and configures the deployment to support all Istio related logic.