Istio main repository Repository https://github.com/istio/istio Language Golang Istio API definitions Repository https://github.com/istio/api Language Golang Istio documentation Repository https://github integrated into OSS-Fuzz with 63 fuzzers running continuously. ● All fuzzers are hosted in the Istio repository along with the OSS-Fuzz build script. ● The OSS-Fuzz build is maintained to avoid disruption. total, 6 fuzzers were written during this audit and have all been merged into the upstream Istio repository. # Name Package Link 1 FuzzWriteTo istio.io/istio/pkg/bootstrap https://github.com/istio/istio/blob/6

risk configurations commonly used by administrators, and provide perspective on whether security features sufficiently address the concerns they are designed to provide. Four consultants over a period of is not recommended in this case but a similar approach could be build a self- hosted checklist of features and configuration options that Istio believes match security best practices. See Appendix B on page are debug interfaces exposed that cannot be disabled by Istio, so that even when all the security features are enabled, there does not appear to be a way to restrict a Pod’s access to them. Attempts to modify

End of 2021 100% services migrated to Istio 8 Features currently used: ● HTTP/2 Load-balancing ● Traffic Shifting ● mTLS Features under investigation: ● Retries ● Circuit breaking Istio Istio Main time consumers with Istio: 1. Troubleshooting 2. Spreading adoption 3. Supporting new features 29 To succeed in Istio adoption you need to have: Stabilizing Istio ● Dedicated resources for temptations from users to open features too early ● Mechanisms to improve the reliability of Istio 30 Choose your fights, start small Stabilizing Istio Start with few simple features such as: ● Injecting

optimization during Knative Service provisioning ○ Unleash maximum scalability by fully leveraging Istio features in Knative with service mesh enabled ● Reference Agenda #IstioCon Knative and Istio Istio high configuration churn 30s #IstioCon Unleash maximum scalability by fully leveraging Istio features in Knative with service mesh enabled • Enable Istio mesh on Knative – Data flow with Istio mesh/mTLS seconds for Knative application pod cold start. Unleash maximum scalability by fully leveraging Istio features in Knative with service mesh enabled • Enable Istio mesh on Knative – Impact without optimization

You Are Innovating Too Fast! #IstioCon Istio Feature Process Tracked at the Istio enhancements repository Checklist and approval required for feature promotions: Experimental->Alpha->Beta->Stable #IstioCon

com/blablacar/istio-redirector And leave a star ? #IstioCon How can we use istio-redirector ? The GitHub repository host also a HelmChart that you can use to deploy istio-redirector on your own cluster. Feel free

An API Gateway Discussion Flow ● What is an API Gateway? ● What is a Service Mesh? ● Common Features ● API Gateway + Service Mesh together! ● Istio as the API Gateway ● Advantages ● Challenges ● Where It Isn’t a Good Fit? What is an API Gateway? What is a Service Mesh? Common Features Common Features ● Load Balancing ● Request Routing ● Service Discovery ● JWT Authentication ● Traffic

appropriate documentation, testing, and code completion is done for each level ● Making sure that features continue to mature #IstioCon Release Maturity ● Provide a consistent list of requirements for announcements ● What to look for when examining releases ○ Performance ○ Resource usage ○ Open issues ○ Features being promoted ○ Release notes and upgrade notes #IstioCon Continuous Release Health ● New dashboard to allow visibility of release health ● Open issues and priorities ● Issues being promoted ● Features awaiting documentation ● Weekly performance ● Open release blockers #IstioCon Thanks also to

of projects, deployed on cloud. They have common features, also have project specified feature. We provide a common platform includes all common features, connect all projects with istio. #IstioCon Common

for workloads in a uniform way • Envoy WASM filters opens the gates for a whole array of useful features such as Kafka protocol level metrics, extended client throttling, audit logs to name a few Takeaway