Add screenshot to show valid TLS cert

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

Author: alexellis

_posts/2021-05-19-istio.md

@@ -4,9 +4,10 @@ description: "Learn how to enable Istio for OpenFaaS to take advantage of Mutual
 date: 2021-05-12
 image: /images/2021-05-istio/background.jpg
 categories:
- - live
- - use-cases
+ - security
+ - enterprise
  - functions
+ - istio
 author_staff_member: alex
 dark_background: true
 
@@ -33,8 +34,8 @@ Thank you to [John Howard](https://github.com/howardjohn) from Google for helpin
 
 In this blog post we'll give you a quick introduction so that you can start integrating Istio with OpenFaaS. We'll then go on to show you how to measure the resource consumption of the cluster, and how to create a TLS certificate for the Istio Gateway.
 
-There are many service mesh products available. Other popular options include: [Linkerd](https://linkerd.io), [Kuma](https://kuma.io/) and [Consul](https://learn.hashicorp.com/tutorials/consul/service-mesh).
-
+> There are many service mesh products available. Other popular options include: [Linkerd](https://linkerd.io), [Kuma](https://kuma.io/) and [Consul](https://learn.hashicorp.com/tutorials/consul/service-mesh).
+> 
 > You may also like the workshop we created to show how to do mutual TLS and traffic shifting with [OpenFaaS and Linkerd](https://github.com/openfaas/openfaas-linkerd-workshop).
 
 ## Tutorial
@@ -78,7 +79,7 @@ arkade install openfaas \
 
 At this point everything is configured and you can use OpenFaaS.
 
-### Deploy a test function
+### Access OpenFaaS with an Istio Gateway
 
 Create an Istio Gateway so that we can connect to the OpenFaaS Gateway and log in.
 
@@ -141,6 +142,8 @@ PASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath="{.data.basic-a
 echo -n $PASSWORD | faas-cli login --username admin --password-stdin
 ```
 
+### Deploy a test function
+
 ```bash
 # Find something you are interested in with:
 faas-cli store list
@@ -194,6 +197,43 @@ kubectl top node
 kubectl top pod -A
 ```
 
+These are my results after having completed the whole tutorial including: KinD, cert-manager, openfaas, inlets-operator and the metrics-server itself.
+
+```bash
+kubectl top node
+NAME                           CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
+openfaas-istio-control-plane   399m         4%     1693Mi          5% 
+
+kubectl top pod -A
+NAMESPACE            NAME                                                   CPU(cores)   MEMORY(bytes)   
+cert-manager         cert-manager-7998c69865-ljf2h                          7m           22Mi            
+cert-manager         cert-manager-cainjector-7b744d56fb-5blx4               3m           40Mi            
+cert-manager         cert-manager-webhook-7d6d4c78bc-k58l8                  3m           14Mi            
+default              inlets-operator-65d855b646-d7hrb                       1m           14Mi            
+istio-system         istio-ingressgateway-5bcdc9b77f-knrpz                  12m          41Mi            
+istio-system         istio-ingressgateway-tunnel-client-8676784869-wcbdc    1m           6Mi             
+istio-system         istiod-865fd47fcc-24vdp                                4m           48Mi            
+kube-system          coredns-f9fd979d6-8mr5v                                4m           11Mi            
+kube-system          coredns-f9fd979d6-gbmjz                                5m           11Mi            
+kube-system          etcd-openfaas-istio-control-plane                      32m          66Mi            
+kube-system          kindnet-mjntd                                          1m           9Mi             
+kube-system          kube-apiserver-openfaas-istio-control-plane            83m          412Mi           
+kube-system          kube-controller-manager-openfaas-istio-control-plane   19m          52Mi            
+kube-system          kube-proxy-jfgtc                                       1m           17Mi            
+kube-system          kube-scheduler-openfaas-istio-control-plane            4m           18Mi            
+kube-system          metrics-server-56c4ff648b-jzkrq                        2m           15Mi            
+local-path-storage   local-path-provisioner-78776bfc44-tgr64                2m           8Mi             
+openfaas             alertmanager-7cb8f6487d-ch4fp                          9m           53Mi            
+openfaas             basic-auth-plugin-565b7cbc48-h9t8d                     10m          51Mi            
+openfaas             gateway-5fb6bf58dd-74j8c                               15m          65Mi            
+openfaas             nats-76b689f8d8-mkwtl                                  10m          51Mi            
+openfaas             prometheus-5664d7cbb9-kchff                            20m          101Mi           
+openfaas             queue-worker-5b7c5b898d-fqkv5                          7m           47Mi            
+openfaas-fn          nodeinfo-857d9c469b-ww66k                              12m          63Mi 
+```
+
+If this seems like a lot of infrastructure for running a single function, then you may be interested in taking a look at a more minimal stack with [faasd](https://github.com/openfaas/faasd). faasd runs on a single host and makes different tradeoffs so that it requires very minimal resources to run functions.
+
 ### Getting a TLS certificate
 
 Let's now get a TLS certificate so that we can serve traffic to clients securely.
@@ -321,15 +361,23 @@ Invoke the function:
 curl -s -d "" $OPENFAAS_URL/function/nodeinfo
 ```
 
+![Valid TLS cert](/images/2021-05-istio/valid.png)
+> You can also see the certificate if you open your browser
+
 ## Wrapping up
 
 In a short period of time we were able to deploy Istio and OpenFaaS on a local KinD cluster and see Envoy's sidecar providing mutual TLS encryption. We then went on to explore the additional resource consumption added by using Istio, and finally showed you how to create a TLS certificate for external traffic using a free certificate from Let's Encrypt.
 
-If you wanted to take things further, you could look into more advanced policies for routing and traffic shifting or partial weighting using [VirtualServices](https://istio.io/latest/docs/reference/config/networking/virtual-service/) for individual functions.
+Istio is feature-rich, with extensive documentation and examples.
+
+I found the FAQ answered many questions I had whilst preparing this tutorial and recommend taking a read: [Istio FAQ](https://istio.io/latest/about/faq/).
+
+A good place to start exploring what is possible, would be the [Task-based section](https://istio.io/latest/docs/tasks/) of the documentation. For instance, you could look into more advanced policies for routing and traffic shifting or partial weighting using [VirtualServices](https://istio.io/latest/docs/reference/config/networking/virtual-service/) for individual functions.
 
 > You may also like the workshop we created to show how to do mutual TLS and traffic shifting with [OpenFaaS and Linkerd](https://github.com/openfaas/openfaas-linkerd-workshop).
 
 Do you have questions, comments or suggestions?
 
 * Find out more about [Istio](https://istio.io)
+* Browse the [OpenFaaS documentation](https://docs.openfaas.com)
 * Join [OpenFaaS Slack](https://slack.openfaas.io/)