How I Keep a Kubernetes CLI Lean: Vault + Jenkins + Istio, Loaded Only On Demand

Why This Exists — The Real Story I work in a large enterprise IT department. Some downtime between projects gave me space to think about the problems I'd been quietly accumulating for years — the kind of problems that never make it onto the official backlog because they're too small to justify a ticket and too big to fix in a lunch break. The Jenkins cluster needed an upgrade. It was 10,000 miles away from actually happening — the Kubernetes cluster was completely locked down, access restricted, every change requiring approvals through a process that had more steps than the actual work. One person could request it. A different team owned it. A third team controlled the firewall. Nobody could move fast enough to matter. Manual TLS certificate updates were breaking things constantly. Every rotation was a ceremony — someone had to remember, someone had to do it, something always went wrong. Password expiry was the same story. Credentials rotated on a schedule nobody tracked, services brok