SberBank story:
moving Istio from PoC to productionEgress Istio Ingress Istio Egress Istio 1.6 Istio 1.6 Service Mesh Operator Istio Ingress Istio Egress Istio Ingress Istio Egress Istio 1.6 Istio 1.6 Service Mesh Operator Lessons Learned 10 码力 | 14 页 | 1.68 MB | 1 年前3- Is Your Virtual Machine Really Ready-to-go with Istio?○ ExternalName ■ Service <-> DNS name ○ External IPs #IstioCon V1.1 ServiceEntry #IstioCon V1.6-1.8 Better VM Workload Abstraction A K8s Service and Pods Two separate object with distinct lifecycles implementing it, w/o giving a first-class representation for the workloads themselves #IstioCon V1.6-1.8 Better VM Workload Abstraction Item Kubernetes Virtual Machine Basic schedule unit Pod WorkloadEntry ServiceEntry selector: app: foo Istio Workload Entries labels: app: foo class: vm #IstioCon V1.6-1.8 Better VM Workload Abstraction ● Workload Entry ○ single non-Kubernetes workload ○ mTLS using0 码力 | 50 页 | 2.19 MB | 1 年前3
- Automate mTLS
communication with
GoPay partners with
IstioMigrating Egress TLS origination mechanism to using Egress Gateway, we block because we are using Istio 1.6 and Egress gateway not support adding certificate via SDS (Istio #14039). Thank You #ThereIsAlwaysAWay0 码力 | 16 页 | 1.45 MB | 1 年前3
- Using ECC Workload
Certificates
(pilot-agent environmental variables)need for x509 certificates that use Elliptical Curve Cryptography (ECC) is a requirement ● In Istio 1.6, support for workloads to use ECC certificates for mTLS in sidecar-to-sidecar communication was added0 码力 | 9 页 | 376.10 KB | 1 年前3
- Performance tuning and best practices in a Knative based, large-scale serverless platform with Istionodes in 3 zones, 16 vCPU * 64 Gi MEM Knative Version Knative 0.16, 0.17, 0.18 Istio Version 1.5, 1.6, 1.7 Istio scalability optimization during Knative Service provisioning • Benchmark: Kperf (https://github0 码力 | 23 页 | 2.51 MB | 1 年前3
共 5 条
- 1