Extending service mesh capabilities using a streamlined way based on WASM and ORAS#IstioCon Extending service mesh capabilities using a streamlined way based on WASM and ORAS 王夕宁 | 阿里云服务网格ASM 2 Envoy’s Filter Chain Listener Downstre am Filter Filter Filter Cluster Upstrea0 码力 | 23 页 | 2.67 MB | 1 年前3- Istio Security AssessmentField Do Not Validate Certificates 019 Low Default Injected Init Container Requires Sensitive Capabilities 021 Low Execution of System Commands without Validation 008 Informational Weak Trust Boundary Assessment Google / NCC Group Confidential Finding Default Injected Init Container Requires Sensitive Capabilities Risk Low Impact: Medium, Exploitability: Low Identifier NCC-GOIST2005-021 Category Access Controls a cluster using Istio, the attacker would be able to run containers with sensitive networking capabilities and may be able to abuse such access to compromise the environment. Description By default, Istio0 码力 | 51 页 | 849.66 KB | 1 年前3
- IstioCon2023 Welcome KeynoteCode of Conduct • Use the official #IstioCon in your social conversations • Join #istiocon slack channel on slack.istio.io for follow up questions • Reach out to cncfcolocatedevents@linuxfoundation.org0 码力 | 14 页 | 1.31 MB | 1 年前3
- IstioCon 2021 Partner Packagesselfies with IstioCon logo in frame, post on social media, and add conference hashtags ● A slack channel will be dedicated to the photo booth activities, and it will be named as the sponsor: #photobooth-by-SPONSORNAME0 码力 | 23 页 | 3.18 MB | 1 年前3
- Is Your Virtual Machine Really Ready-to-go with Istio?direct user space access ○ Transport fully offloaded to the NIC HW ○ Zero-copy operation ○ Secure, channel based IO ● Application advantage ○ Low latency ○ High bandwidth ○ Low CPU consumption ● Istio:0 码力 | 50 页 | 2.19 MB | 1 年前3
- Istio 2021 Roadmap A heartwarming work of staggering predictabilityArchitectural simplification ○ Monolith control plane ○ Mixerless telemetry ● New extension capabilities ○ WebAssembly (Wasm) support ● Secure by default ○ Secret Discovery Service (SDS) ○ Auto mTLS #IstioCon Early adopter vs Maintainer ● Consumes latest & greatest Istio ● Utilize new capabilities ● Desire tooling to ensure frictionless upgrade https://istio.io/latest/blog/2020/tradewinds-2020/0 码力 | 17 页 | 633.89 KB | 1 年前3
- Performance tuning and best practices in a Knative based, large-scale serverless platform with Istiofocusing on Knative, Istio, and Tekton, community, leading team to develop and offer serverless capabilities in IBM Cloud, which based on these Opensource technologies. Before he was architect for Cloud provides a set of components (Serving and Eventing) that introduce event-driven and serverless capabilities for Kubernetes clusters for deploying, running, and managing serverless, cloud- native applications0 码力 | 23 页 | 2.51 MB | 1 年前3
- Accelerate Istio-CNI with ebpflife-cycle’s network setup phase, ● Removing the requirement for the NET_ADMIN and NET_RAW capabilities for users deploying pods into the Istio mesh. ● The Istio CNI plugin replaces the functionality0 码力 | 15 页 | 658.90 KB | 1 年前3
- 全栈服务网格 - Aeraki 助你在
Istio 服务网格中管理任何七层流量Header Layer-7 Header Data Traffic Management for HTTP/gRPC - all good ● We get all the capabilities we mentioned on the previous slide Traffic Management for non-HTTP/gRPC - only layer-3 to layer-60 码力 | 29 页 | 2.11 MB | 1 年前3
- Istio is a long wild river: how to navigate it safelybrighter days with Istio Adopting Istio ● Then Istio came, with its awesome HTTP/2 load-balancing capabilities out-of-the-box ● We tried it as-is, with existing gRPC services ● Result: Weird 5XXs on upstream0 码力 | 69 页 | 1.58 MB | 1 年前3
共 10 条
- 1