According to https://istio.io/docs/concepts/security/#node-agent-in-kubernetes Citadel stores certificate and key as k8s secrets, so does Node Agent actually fetches certificate and key from k8s secrets and share them with Istio-proxy sidecar via a Unix domain Socket?
My understanding is that the node agent contacts Citadel like you said and transports the keys/certs from citadel to the proxies. The node agent doesn’t have access to the secrets directly.
For workload SDS, Node agent will use the jwt associated with the workload service account, then creates a CSR for Citadel to sign the workload certificate, and delivers the key + cert back to the workload sidecar.