Istio does not appear on your infrastructure budget as a line item. It appears as a gradual expansion of your node count, an unexplained increase in CPU utilization across the cluster, and a growing gap between what your application pods request and what nodes actually deliver. The mechanism is the sidecar. Every pod in an Istio mesh gets an Envoy proxy injected at admission. That proxy handles mTLS termination, telemetry collection, and traffic management. At idle, it consumes 50-100 millicores of CPU and 50-100MiB of memory per pod. Under load it consumes more. At 10 pods, the overhead is noise. At 100 pods, it is 10 extra CPU cores running 24/7. At 500 pods, it is a dedicated node tier — infrastructure you are paying for but not using for your application.…