telemetry/attribute-vocabulary/Metric settings in Istio bypass adaptor• Service. Represent a set/group of workloads to provide the same behaviors for incoming requests. You can define the service name name you defined in platform such as Istio. • Service Instance. Each one workload in the Service group is named as an instance. Like pods in Kubernetes, it doesn't need to be a single process in OS com/apache/incubator-skywalking/blob/master/docs/en/ concepts-and-designs/oal.md • Extendable Aggregation Functions • Aggregation Function • Count • Calls per minute • Avg response time • Sum • Thermodynamic

More services = more complexity ○ Need consistent policy enforcement ○ Need consistent metrics aggregation ● Traffic management ○ Load balancing for VMs, failover, A/B testing, modern rollouts for VM non-Kubernetes workload ○ mTLS using service account ○ work with an Istio ServiceEntry ● Workload Group ○ a collection of non-K8s workloads ○ metadata and identity for bootstrap ○ mimic the sidecar proxy

observability power tool that provides distributed tracing, service mesh telemetry analysis, metric aggregation and visualization for cloud-native workloads in a single platform. Leading Cloud Native Varun

-43b7-ad68-af515a9ed2e0 Executive Summary Synopsis In the summer of 2020, Google enlisted NCC Group to perform an assessment on the open-source version of Istio and all of its components. Istio is a worked on the project in tight partnership with Google’s Istio subject matter experts. Scope NCC Group’s evaluation of Istio included: • Istio Architecture: The overall design and archi- tecture of Istio services • Istio Documentation: The documentation and secu- rity guides hosted on istio.io. NCC Group started the assessment with an overall architecture review which extrapolated areas of focus for subsequent

didn’t have a process #IstioCon Led To ● Upgrade Working Group ● Release Note Generation ● Definition of Done #IstioCon Upgrade Working Group Mission: To improve the stability, user experience, and and test infrastructure around Istio upgrades #IstioCon Upgrade Working Group - Stability ● Standards and processes ○ Control plane behavior ○ Data plane communication ● Promote revision-based upgrades #IstioCon Upgrade Working Group - User Experience ● Add pre-checks to identify and warn about known potential issues ○ Provide a clear path forward #IstioCon Upgrade Working Group - Test Infrastructure

o-shadows/ #IstioCon Listening to our users UX Working Group - Upgrade Survey 2020 #IstioCon Listening to our users ... UX Working Group - Upgrade Survey 2020 Do users on old versions understand understand their security and support posture? #IstioCon Listening to our users ... UX Working Group - Upgrade Survey 2020 #IstioCon Theme for Istio 2021 #IstioCon Day 2 operations https://dzone.com/ar Operations’ #IstioCon Stability & Maintainability ● Improved upgrade experience ○ Upgrade Working Group ○ Promoting revision based upgrades ○ Support skip-level upgrades ○ Pre & Post Upgrade checks

with security. In particular, it is worth highlighting that: ● The Istio Product Security Working Group responds swi�ly to security disclosures. ● The documentation on the projectʼs security is comprehensive privilege and that are able to escalate to higher privileges. There are a number of areas where either group could exceed their assumed privilege boundaries. We enumerate these below: Policy Enforcement Points previous security audit disclosed here: https://istio.io/latest/blog/2021/ncc-security-assessment/NCC_Group_Google_GOIST2005 _Report_2020-08-06_v1.1.pdf. These issues were found in an audit performed in 2020

configurations to be added to the group will use macro APIs that automatically generate Istio APIs under the hood. ● Direct: Indicates that the configurations to be added to the group will directly use Istio

Version1(canary) group=dev svcB svcA Rules API Pilot apiVersion: … kind: VirtualService metadata: name: ratings-route spec: hosts: - svcb http: - match: - headers: cookie: exact: “group=dev” route:

Version1(canary) group=dev svcB svcA Rules API Pilot apiVersion: … kind: VirtualService metadata: name: ratings-route spec: hosts: - svcb http: - match: - headers: cookie: exact: “group=dev” route: