Does anybody have a good way to work with istioctl from a Pulumi project? I would like to include the set-up of Istio in my IaC specification as some parts of it depends on AWS EIPs and similar. I can see that I can create a pulumi_command provider, but I'm not sure this is the right way

Two ways I would look at: 1. Templating out the istio files and using the k8s.yaml component. 2. Seeing if there is (or generating) istio CRDs into a provider and importing / using them natively inside Pulumi.

for solution 2: https://www.pulumi.com/blog/introducing-crd2pulumi

Interesting... 1 should work, but we still need to install a lot of CRDs first for it to work. 2 might be cleaner, but then you have to replicate a fair bit of the work done by istioctl when it converts the IstioOperator to the other types of files - which I would think is done by 1 by running "istioctl manifest generate" In both 1 and 2, I will have handle some of the timing issues that is currently handled by istioctl - the very reason the Istio team initially moved from Helm charts (AFAIK). If you want to avoid loosing data when making changes to the control plane, then you have to follow some strict rules - which is built into istioctl. Instead, I wondered if it was possible to use istioctl directly in a remote command provider and then register the source resources - the IstioOperator specs - in Pulumi.