#IstioCon Service Mesh in China 宋净超（Jimmy Song） Tetrate #IstioCon Agenda Developer Advocate at Tetrate 前蚂蚁集团云原生布道师 CNCF Ambassador ServiceMesher 及云原生社区创始人 https://jimmysong.io • ServiceMesher #IstioCon ServiceMesher 是在中国推广 Service Mesh 技术的核心力量。 Istio 是中国最流行的 Service Mesh 实现。 2018 年 5 月至今 #IstioCon ServiceMesher 大事记 • 2017 年 12 月，由数人云发起的 meetup，下一代微服务： Service Mesh is Coming • 2018 年 5 月，servicemesher 发起了 Istio 官网翻译活动 • 2019 年 3 月，社区发起了《Istio Handbook》共创活动 翻译 -> 线下交流（经验分享）->原创、实践与上游贡献 #IstioCon Service Mesh Meetup • 九届线下 meetup • 走过北京、上海、广州、深圳、杭州、成都 • 38 位讲师 • 共发表 41 场演讲 Meetup PPT 下载： https://github

#IstioCon Your laptop as part of the service mesh by Lorenzo Fundaró SRE @ Omio #IstioCon What’s on the menu today ● EnvoyFilter in practice ● Demo ● Inspiration #IstioCon Questions #istiocon through the call chain #IstioCon Demo time #IstioCon Thank you ! ● Your laptop as part of the service mesh @ Medium ● Reference implementation and run-it-yourself-demo at github.com/omio-labs/devro

Vrushali Joshi Istio Service Mesh at Enterprise Scale Feb, 2021 Who are we? Founded 5,000 Developers 50M Customers 1993 IPO $6.8B FY19 Revenue 20 Locations 1983 Why Service Mesh? Microservices Microservices Kubernetes Service Mesh Istio Monolith Era Intuit Statistics ● 900+ Teams ● 5000+ Developers ● 200+ Clusters ● 7000+ Namespaces ● ~9200 Nodes varies with autoscaling Hub and Spoke Product Info ✓ Security ✓ Visibility ✓ Traffic Shaping ✘ Latency ✘ Single Point of Failure Service Mesh API Gateway Book Info Payments Product Info Proxy Proxy Proxy Proxy +

Anthony Roman, Lei Tang Google April 26, 2022 Service mesh security best practices: from implementation to verification Who are we? Anthony Roman Istio Github: anthony-roman Lei Tang Istio lei-tang Session agenda 1. Service mesh security architecture and implementation. 2. Service mesh security best practices. 3. Lifecycle of service mesh security and demo. Service mesh security architecture architecture ● Attack vectors. ● Service mesh security architecture and implementation. 1 Attack Vectors and Surfaces Istio is both a collection of security controls and an attack target. Workload Cluster

#IstioCon Extending service mesh capabilities using a streamlined way based on WASM and ORAS 王夕宁 | 阿里云服务网格ASM 2 Envoy’s Filter Chain Listener Downstre am Filter Filter Filter Cluster Upstrea Controller (Watch & Reconcile) Istio EnvoyFilter CR wasm filter二进 制文件 服务网格ASM Pod K8s集群 Proxy Service A Volume 挂载 Envoy配置 17 ASMFilterDeployment CR示例 ● 创建ASMFilterDeployment Custom Resource 18

#IstioCon Building resilient systems inside the mesh: abstraction and automation of Virtual Service generation Vladimir Georgiev, Thought Machine #IstioCon Sync calls failures inside the mesh All Service Owners must be aware of the Virtual Services API in order to define their SLOs. ● Potential typing errors when dealing with YAMLs. ● Potential drift between the state of the service API API and the Virtual Service config. ● Hard to manage when having hundreds of services. #IstioCon Abstracting to proto files Annotations API definition Greeting service example #IstioCon Please Build

How eBay is building a massive Multitenant Service Mesh using Istio Sudheendra Murthy #IstioCon Agenda ● Introduction ● Applications Deployment ● Service Mesh Journey ● Scale Testing ● Future Direction catering to the AZ, e.g., AZ IPAM, Network Load-balancers, etc. ■ Full isolation by confining service failures to AZ boundary AZ 1 AZ 2 AZ n Data Center DC1 K8s Cluster K8s Cluster K8s balancing & Traffic Flow ● Two tiers of hardware Load-Balancers (LB) ● Application-Tier LB ○ K8s service realized on Application-Tier LBs ● Web-Tier LB to control - ○ Percentage of traffic sent to an

@zhaohuabing #IstioCon Agenda ❏ Service Mesh 中的七层流量管理能力 ❏ 几种扩展 Istio 流量管理能力的方法 ❏ Aeraki - 在 Isito 服务网格中管理所有七层流量 ❏ Demo - Dubbo Traffic Management ❏ MetaProtocol - Service Mesh 通用七层协议框架 #IstioCon Protocols Application Service Service Service Service Service Service Message Broker RPC RPC RPC Message Message Message Cache RDB NoSQL We need to manage multiple types of layer-7 traffic in a service mesh We Expect From a Service Mesh? 为了将基础设施的运维管理从应用代码中剥离，我们需要七层的流量管 理能力： ● Routing based on layer-7 header ○ Load balancing at requet level ○ HTTP host/header/url/method, ○ Thrift service name/method name

多点生活在 Service Mesh 上的实践 Istio + MOSN 在 Dubbo 场景下的探索之路 陈鹏 多点生活 平台架构组研发工程师1/23 自我介绍 • 陈鹏、多点生活平台架构组研发工程师 • 开源项目与云原生爱好者 • 多年网上商城、支付系统相关开发经验 • 2019 年至今从事云原生和 Service Mesh 相关开发工作2/23 /01 /02 /03 为什么需要 为什么需要 Service Mesh 改造 探索 Istio 技术点 Dubbo 场景下 的改造 • 对比传统微服务架构 • 和 Service Mesh 化 之后有哪些优缺点 • MCP • Pilot • xDS • MOSN 结合 Istio 的技术点， 介绍多点生活目前的 探 索 以 及 服 务 发 现 Demo 的演示3/23 为什么需要 Service Mesh Mesh 改造 /01 对比传统微服务架构和 Service Mesh 化之后有哪些优缺点4/23 微服务 模块 • 安全 • 配置中心 • 调用链监控 • 网关 • 监控告警 • 注册和发现 • 容错和限流 特点 • 独立部署 • 强化模块边界 • 技术多样性5/23 Service Mesh 优点 • 统一的服务治理 • 服务治理和业务逻辑解藕 缺点 • 增加运维复杂度

contributing companies 500+ PR authors 1900+ contributors Istio Community #IstioCon Service Mesh Surveys Using service mesh in production, from CNCF 2020 Survey What I like most about Istio Continuous and transformation with users in mind #IstioCon Developer (service owner) Platform owner Mesh operator (could be your cloud provider) 3 Key Personas install verify-install upgrade Istio simplify istio-system Node Pod Sidecar Pilot Agent Ingress Egress Istio Single Cluster Simplified #IstioCon Service Proxy Authentication Authorization Telemetry Extensibility New Extension Model Mixer #IstioCon