Linux Foundation ICA glossary of Istio service mesh, traffic, policy, and telemetry terms.
Use this glossary when Istio Certified Associate (ICA) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| Sidecar | Proxy container attached to a workload to handle mesh traffic. |
| VirtualService | Istio resource that defines routing behavior for requests. |
| DestinationRule | Istio resource that defines subsets, load balancing, and traffic policy for destinations. |
| mTLS | Mutual TLS where both sides authenticate and encrypt traffic. |
| Gateway | Istio resource for mesh ingress or egress traffic entry points. |
| Control plane | Components that configure and manage mesh behavior. |
| Pair | How to separate them |
|---|---|
| Traffic management vs Security | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.