Istio is a service mesh that enables teams to manage traffic in distributed workloads without modifying the workloads themselves, making it easier to implement load balancing, canarying, circuit breakers, and other design choices. Istio's monolithic architecture has two main implications for monitoring: you'll need to monitor istiod alongside the services it manages, and since Mixer is no longer used in newer versions of Istio, you'll need to ensure that your environment is configured to collect mesh metrics directly from Envoy containers. Istio works as a service mesh by deploying an Envoy sidecar to each pod that runs application workloads, which routes traffic through the sidecars within their local pods. istiod manages the Envoy proxies in your mesh, running four services: an xDS server, a sidecar injection webhook, a configuration validation webhook, and a certificate authority. Istio's telemetry component has changed over time, with newer versions using Envoy's WebAssembly-based plugin system to collect metrics automatically from traffic handled by Envoy proxies. To monitor istiod and understand the health and performance of your mesh, you should track key metrics such as istio_requests_total, istio_request_duration_milliseconds, istio_response_bytes, istio_tcp_received_bytes_total, istio_tcp_connections_opened_total, and istio_tcp_connections_closed_total. You can use these metrics to optimize performance, troubleshoot issues, and ensure that your Istio deployment is working correctly. Additionally, you should monitor istiod's xDS server, sidecar injection webhook, configuration validation webhook, and certificate authority, as well as Envoy proxies, to gain comprehensive visibility into your Istio cluster. You can use monitoring tools such as Datadog to get the visibility you need into istiod's performance, automate alerts, and reduce the time it takes to identify issues in a complex Istio deployment.