Nearly every item on this list is how I would go, too.

Not sure about the network mesh -- to be sure a PITA to configure, but when you have 100 services many with 10 or 20 replicas, it's really nice to have addressing not be an issue. We moved from Istio to LinkerD and it was much better and more reliable.

I wish we had used Nginx for ingress; instead we chose a complicated and expensive setup of ALB / NLB that both do less than desired.

SealedSecrets are a totally pointless and flawed idea. A zillion simpler secrets solutions.

IDP -- totally. Okta rocks.

Not sure about FaaS. Ours (Lambda) have become a wild-west of unmanaged and outdated code.

AWS vs GCP. GCP just hasn't gotten there but AWS is a mess, too. The only compelling product GCP has that I know of is BigQuery, which blows Athena out of the water. That said, AWS is a disaster of complicatedness and shitty doc. EKS is pretty good, but so many other things are solutions to all known possible problems ... except that one you have, OR god forbid you just want to do the simple thing. Each service has its own little quirks and doc and limitations, and assumptions. I have been using AWS since it existed and still often feel like a toddler diving into shark-infested ocean in the middle of a hurricane.