they are designed to provide. Four consultants over a period of five weeks along with the help of multiple shadows (provided at no additional cost) worked on the project in tight partnership with Google’s risk, application’s exposure and user population, technical difficulty of exploitation, and other factors. For an explanation of NCC Group’s risk rating and finding categorization, see Appendix A on page risk, application’s exposure and user population, technical difficulty of exploitation, and other factors. The risk rating is NCC Group’s recommended prioritization for addressing findings. Every organization

financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied

financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied

AZ 1 AZ 2 AZ n Data Center DC1 Region Rn #IstioCon Application Deployment: Cloud Layout ● Multiple K8s Clusters in an AZ ○ Each K8s cluster ~ 200 - 5,000 nodes ○ Upto 100,000 Pods in a cluster including prod, pre-prod, staging, etc. ● Applications deployment for HA ○ In all regions ○ In multiple AZs in each region ○ Capability to run all applications from a single region or AZ in a worst-case workload environments ■ Prod, Pre-prod, PCI, Staging, etc. ○ To support multiple trust domains in a single K8s cluster ■ Deploy multiple Istio deployments within a K8s cluster ■ Each Istio deployment manages

workloads to Kubernetes workloads. #IstioCon VM Support – Single Network #IstioCon VM Support – Multiple Networks #IstioCon Current State of VM Support ● Traffic flow ○ VM connects up to the Istio data plane traffic ■ Single network ● direct communication w/o requiring intermediate Gateway ■ Multiple networks ● all goes though the Gateway ● via L3 networking (if enhanced performance is desired) much more demanding for some VM use cases (w/ strict requirements) ● No first-class support for VM Multiple Networks ○ All traffic goes though the Gateway ○ Need to setup L3 networking if enhanced performance

actual traffic, especially iptables - May be dependant on local environment - Challenging to have multiple proxies #IstioCon Cluster Remote Istiod, local proxy go run ./pilot/cmd/pilot-agent #IstioCon actual traffic, especially iptables - May be dependant on local environment - Challenging to have multiple proxies #IstioCon Local Istiod, remote proxy Cluster go run ./pilot/cmd/pilot-discovery #IstioCon

VerticalPodAutoscaler (VPA) Unfortunately, Kubernetes is (was) not very smart at scaling out pods with multiple containers with HPA. ● Fixed in Kubernetes 1.20 by specifying a container resource as an HPA ask: ○ How many RPS without Istio? ○ How many hops per request? ■ Single request per call? ■ Multiple requests per call? ■ Calling authn/z service on each call? Depending on the answers, the application

less exposed parts of Istio had several issues. In particular, the Istio Operator was found to have multiple security and reliability issues. This is already well known to the Istio maintainers, and the documentation could lead to remote code execution. Even without sudo privileges, the vulnerability could have multiple attack vectors. The root cause of the vulnerability is that tgz.Extract() does not sanitise file

Egress mutual TLS ● Challenge & Future Works GoPay & Istio About ● A few hundred developers ● Multiple Kubernetes Clusters ● 250+ microservices ● 150M+ internal API calls ● 3000+ deployments every

implement requirements on platform level, reduces application workload. Intelligence Platform for Multiple Tenant Support • Support multi-tenants (Add extra http header/ logs wisely) • Verify whether JWT