首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(19)Istio(19)

语言

全部英语(12)英语(5)中文(简体)(2)

格式

全部PDF文档 PDF(18)PPT文档 PPT(1)
 
本次搜索耗时 0.016 秒,为您找到相关结果约 19 个.

  • pdf文档 Istio Security Assessment

    handles service discovery. • Istio Ingress/Egress: Networking controls allowing inbound and outbound access of Istio services. • Istio Envoy Usage: The configuration and implemen- tation of Envoy within Istio issues 4 Medium issues 5 Low issues 7 Informational issues 2 Total issues 18 Category Breakdown Access Controls 7 Configuration 5 Cryptography 1 Data Exposure 3 Data Validation 2 Component Breakdown when all the security features are enabled, there does not appear to be a way to restrict a Pod’s access to them. Attempts to modify the settings to “controlPlaneAuth Policy: MUTUAL_TLS” did not appear
    0 码力 | 51 页 | 849.66 KB | 1 年前
    3

  • pdf文档 Istio audit report - ADA Logics - 2023-01-30 - v1.0

    com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/pkg/bootstrap/fuzz_t est.go#L26 2 FuzzRunTemplate istio.io/istio/pkg/kube/inje ct https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/security/pkg/k8s/chir on/fuzz_test.go#L22 4 FuzzIstioCASign istio.io/istio/security/pkg/ pki/ca https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 go#L24 5 FuzzValidateCSR istio.io/istio/security/pkg/ pki/ra https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/security/pkg/pki/ra/fu zz_test.go#L23 9 Istio Security Audit, 2023
    0 码力 | 55 页 | 703.94 KB | 1 年前
    3

  • pdf文档 Is Your Virtual Machine Really Ready-to-go with Istio?

    V0.2 Mesh Expansion (cont.) ● Traffic flow (VM -> Container) 1. Dnsmasq accepts DNS queries 2. Access the built-in Kube DNS (exposed by ILB) 3. Obtain the Cluster IP resolved 4. Traffic intercepted create a ServiceEntry (to select specific workloads) #IstioCon What Else Did Not Solve? ● VM access to K8s services ○ needs convoluted workarounds ○ exposes security risks ● External TCP services support for workload certificate attributes #IstioCon Security & Usability Limitations (cont.) ● Access management: CNI needs improvements ○ Much required to avoid escalated Pod privileges ○ No support
    0 码力 | 50 页 | 2.19 MB | 1 年前
    3

  • pdf文档 Envoy原理介绍及线上问题踩坑

    [2021-02-09T06:29:10.489Z] "GET /v1/xx/xx/xx/xx HTTP/1.1" 503 UF "-" "-" 0 91 288 - "100.95.165.3" “xx-xx" "513cca39-1ea7-47db- 8c04-a5827464ce22" "100.85.225.193" "10.17.10.181:xx" outbound|xx|191130102|xx.xx.svc.cluster • 运行期日志 • Accesslog:格式 https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage • 调试日志:pilot-agent request POST /logging?connection=trace #Cxxx • 抓包 • 进入pod容器网络空间执行
    0 码力 | 30 页 | 2.67 MB | 1 年前
    3

  • pdf文档 Istio is a long wild river: how to navigate it safely

    ds to be more than the sum of all sleeps in the preStop hooks. ➔ If the pod is terminated too early, connection draining may not complete, leading to 5xx errors Example: for sleep 30 + sleep 45 in Kubernetes and Envoy ● Be patient and resisting the temptations from users to open features too early ● Mechanisms to improve the reliability of Istio 30 Choose your fights, start small Stabilizing
    0 码力 | 69 页 | 1.58 MB | 1 年前
    3

  • pdf文档 Building resilient systems inside the mesh: abstraction and automation of Virtual Service generation

    mesh ● Everyone says to fail fast and retry quickly, but... ● How fast to timeout? ○ If it’s too early then failed the request for no reason. ○ If it’s too late then the calling client might be left hanging
    0 码力 | 9 页 | 1.04 MB | 1 年前
    3

  • pdf文档 Istio 2021 Roadmap A heartwarming work of staggering predictability

    Maintenance ○ Upgrades ○ Debugging https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Early adopter vs Maintainer ● Consumes latest & greatest Istio ● Utilize new capabilities ● Desire
    0 码力 | 17 页 | 633.89 KB | 1 年前
    3

  • pdf文档 Leveraging Istio for Creating API Tests - Low Effort API Testing for Microservices

    benefits (#releases, #rollbacks, MTTR, #bugs-in-production, Reduced eng effort for testing, velocity) – Early testing of services components auto-generated from end-to-end tests – Significantly reduced time
    0 码力 | 21 页 | 1.09 MB | 1 年前
    3

  • ppt文档 Secure your microservices with istio step by step

    istio-injection=disabled/enabled ) http http http http http http http Result: can access reviews-v1, reviews-v2 and reviews-v3 Access productpage #IstioCon Istio Identity Istiod Istio Agent Envoy 1. Start to send request: can access reviews-v1, reviews-v2 and reviews-v3 can reach v2 as peer-authentication only defines behavior of server side and auto-mTLS is on by default Access productpage 1) Apply and ingress host to send request: can access reviews-v1, reviews-v3 can not access reviews-v2 since we have enabled ISTIO_MUTUAL mode on client side Access productpage 1) Apply destination rule
    0 码力 | 34 页 | 67.93 MB | 1 年前
    3

  • pdf文档 How HP set up secure and wise platform with Istio

    with Istio multi-cluster - Replicated control planes Some standalone cluster without Istio can access core cluster also, as tenant. HP Horizon Platform Connect With Istio #IstioCon Secure Platform service. #IstioCon Secure Platform – Authorization Policy Using Authorization Policy enables access control on workloads in the mesh. For request from ingressgateway, need verify token For request Version 1 : Istio Mixer authz adapt Implement role-based authorization – whether this user can access this api based on its role => Version 2: Envoyfilter ext_authz #IstioCon Wise Platform #IstioCon
    0 码力 | 23 页 | 1.18 MB | 1 年前
    3
共 19 条
  • 1
  • 2
前往
相关搜索词
IstioSecurityAssessmentauditreportADALogics20230130v1Envoy原理介绍及线问题islongwildriverhowtonavigateitsafelyBuildingresilientsystemsinsidethemeshabstractionandautomationofVirtualServicegenerationd1kIstio2021RoadmapNeerajLouisLeveragingforCreatingAPITestsLowEffortTestingMicroservicesSecureyourmicroserviceswithistiostepbyHowHPsetupsecurewiseplatform