repository Repository https://github.com/istio/istio Language Golang Istio API definitions Repository https://github.com/istio/api Language Golang Istio documentation Repository https://github.com/istio/istio This is already well known to the Istio maintainers, and the documentation also mentions this1: 1 https://istio.io/latest/docs/setup/install/operator/ 7 Istio Security Audit, 2023 It was also stated io/istio/pkg/bootstrap https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/pkg/bootstrap/fuzz_t est.go#L26 2 FuzzRunTemplate istio.io/istio/pkg/kube/inje ct https://github.com/istio/istio/blob/6

Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup.com/feedback/67b627f7-a0a2-43b7-ad68-af515a9ed2e0 Executive Summary Synopsis In the Deploy the customized default policy • Start a Pod in a namespace that is not managed by Istio 1https://istio.io/latest/news/releases/1.5.x/announcing-1.5/upgrade-notes/#control-plane-security 5 | Google Exploitability: Medium Identifier NCC-GOIST2005-016 Category Configuration Component Istio Location https://istio.io/latest/docs/ Impact WIthout clear documentation, administrators cannot make accurate security

China 2019 about Istio integration with containerized Cloud Foundry Yu Zhuang, yuzcdl@cn.ibm.com, https://www.linkedin.com/in/yu-zhuang- 51915287/ Architect and Senior Software Engineer in IBM Cloud. Working to monitor and mount secrets under istio-system to ingress gateway which contains credentials for https support of multi tenants. • Knative has knative-ingress-gateway for external access and knative-local-gateway How Istio is leveraged in a Knative based platform Traffic on Knative with mesh enabled (based on https://github.com/knative/serving) #IstioCon Performance bottleneck analysis and tuning • Performance

Networking/Security APIs ○ Virtual Machine expansion/Multi cluster mesh https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Impact on users https://thenewstack.io/when-service-meshes-can-emerge-from-envoy-istio-shadows/ Working Group - Upgrade Survey 2020 #IstioCon Theme for Istio 2021 #IstioCon Day 2 operations https://dzone.com/articles/defining-day-2-operations #IstioCon What does it mean for our users? ● Project Measured feature introduction ● Reducing operational overhead ○ Maintenance ○ Upgrades ○ Debugging https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Early adopter vs Maintainer ● Consumes latest

CHRISTIAN POSTA Global Field CTO, Solo.io @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta 3 | Copyright © 2020 4 | Copyright © 2020 5 | Copyright 2020 13 | Copyright © 2020 • https://solo.io • https://solo.io/blog • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io

#IstioCon Agenda Developer Advocate at Tetrate 前蚂蚁集团云原生布道师 CNCF Ambassador ServiceMesher 及云原生社区创始人 https://jimmysong.io • ServiceMesher • 行业现状 • 资料分享 • 社区计划 #IstioCon ServiceMesher 是在中国推广 Service Mesh • 共发表 41 场演讲 Meetup PPT 下载： https://github.com/servicemesher/meetup-slides #IstioCon Istio Handbook • 于 2019 年发起 • 共 26 人参与，已创作超过 7 万字 • 预计 2021 年出版 • 预览地址：https://www.servicemesher.com/istio-handbook com/istio-handbook #IstioCon Istio Handbook • 入门实践 • 进阶实践 • 概念与生态 #IstioCon ServiceMesher 数据来源：https://cloudnative.to/blog/service-mesh-end-user-survey-report/ 罗广明（百度） 马若飞（Freewheel） 邱世达（Alibaba） 宋净超（Tetrate）

lifecycle 22 | Copyright © 2020 • https://solo.io • https://solo.io/blog • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io

Page 17 Envoy过滤器架构-相关代码 • Istio项目中Envoy代码分为两部分： • Envoy原始项目的clone，在 https://github.com/istio/envoy.git • Istio中适配所使用的的插件 https://github.com/istio/proxy.git • 编译时由proxy项目作为入口，自动引用envoy项目 • 主要框架代码位于envoy项目，包含进程启动，线程 json • 查看endpoint：istioctl pc endpoint backend-welink-649fdfd55d-2xhzw • 运行期日志 • Accesslog：格式 https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage • 调试日志：pilot-agent 相关内容的华为云官网链接： https://support.huaweicloud.com/usermanual-cce/cce_01_0006.html 详细ASM官网资料：https://support.huaweicloud.com/istio/ Istio官方文档： https://istio.io/latest/docs/ envoy官方文档：https://www.envoyproxy

Maintainability ● Usability #IstioCon Platform One #IstioCon Big Bang https://repo1.dso.mil/platform-one/big-bang/bigbang https://p1.dso.mil/#/products/big-bang #IstioCon Welcome App #IstioCon Welcome @nmnellis Adam Toy @adam_toy1 github.com/atoy3731 https://p1.dso.mil/#/products/big-bang https://repo1.dso.mil/platform-one/big-bang/bigbang https://github.com/atoy3731/istiocon-demo (WIP)

corresponding virtual service which configuring traffic routes Secure ingress gateway via TLS terminating https http http http mTLS mTLS #IstioCon Secure ingress traffic ● SIMPLE/ MUTUAL: terminate TLS ingressgateway # use istio default controller servers: - port: number: 443 name: https protocol: HTTPs tls: mode: SIMPLE credentialName: productpage-credential hosts: traffic via JWT 1) Apply RequestAuthentication to ingress gateway Authorize ingress traffic via JWT https + JWT http http http mTLS mTLS Send request via curl command ： 1) Invalid token can not pass