m/httpfetcher.go#L138 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 // wasm plugin should be the only file in the tarball. func getFirstFileFromTar(b []byte) []byte { buf := bytes https://github.com/solo-io/wasm/blob/master/spec/spec-compat.md#specificati on const wasmPluginFileName = "plugin.wasm" // Search for the file walking through the archive. tr := tar.NewReader(gr) for { h, err 43 44 45 46 47 48 49 50 func AtomicCopy(srcFilepath, targetDir, targetFilename string) error { info, err := os.Stat(srcFilepath) if err != nil { return err } input, err := os.ReadFile(srcFilepath)

support 1000 sequential (interval 5s) Knative service provisionings with route ready time <= 30s. Type Info K8s Cluster Capacity 12 nodes in 3 zones, 16 vCPU * 64 Gi MEM Knative Version Knative 0.16, 0.17 enabled • Enable Istio mesh on Knative – Impact without optimization #IstioCon o With istio CNI plugin, we can move the iptables configuration parts to CNI. But another init- container, the istio-validation injection template. Mitigations: o When adding new worker node, make sure daemonset pod of istio CNI plugin is up and running before knative pods scheduling on the node. o Crontab job could help to detect

of ebpf ● Acceleration for Inbound/Outbound/Envoy to Envoy #IstioCon Istio-CNI ● The Istio CNI plugin performs the Istio mesh pod traffic redirection in the Kubernetes pod life-cycle’s network setup NET_ADMIN and NET_RAW capabilities for users deploying pods into the Istio mesh. ● The Istio CNI plugin replaces the functionality provided by the istio-init container. #IstioCon Tcp/ip stack overhead

Demo: Dubbo 协议支持 ● Dubbo2Istio 连接 Dubbo 服务注册表，支持： ○ ZooKeeper ○ Nacos ○ Etcd ● Aeraki Dubbo Plugin 实现了控制面的管理，支持 下述能力： ○ 流量管理： ■ 七层（请求级别）负载均衡 ■ 地域感知负载均衡 ■ 熔断 ■ 基于版本的路由 ■ 基于 Method 的路由 ■ 基于 中支持一个新的七层协议 ● 为七层协议如 Dubbo、Thrift 等等添加 RDS 能力 #IstioCon MetaProtocol：控制面 通过 Aeraki MetaProtocol Plugin 实现控制面的流量管理规则下发 ： 1. Aeraki 从 Istio 中获取 ServicEntry，通过端口命名判断 协议类型（如 tcp-metaprotocol-thrift） 2

sail What about the rest of the boat? Upcoming Talks: Aperture - Load Management Meshery - WASM plugin management Argo - Multi-cluster orchestration JP Morgan SLO Generation Reflecting on the Value

Gateway Book Info Payments Product Info ✓ Security ✓ Visibility ✓ Traffic Shaping ✘ Latency ✘ Single Point of Failure Service Mesh API Gateway Book Info Payments Product Info Proxy Self-service mesh enablement for service owners Demo Admiral API Gateway Payments Product Info Proxy Proxy Proxy Book Order Proxy + k8s Istio mTLS mTLS mTLS +

"-o", rdrct.excludeOutboundPorts, "-x", rdrct.excludeIPCidrs, "-k", rdrct.kubevirtInterfaces, } log.Info("nsenter args", zap.Reflect("nsenterArgs", nsenterArgs)) out, err := exec.Command("nsenter", nsenterArgs convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig- architecture/api-conventions infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig- architecture/api-conventions

Signature Algorithm: sha256WithRSAEncryption … Subject: Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit)

VirtualService file. ● Golang service ○ Convert .csv to VirtualService ○ Open Pull Request on Github ○ Fetch info from Kubernetes cluster ○ Expose an API to be used with REST or a CLI ● React.js SPA ○ Allow non

@tetrateio Tetrate https://tetrate.io THANK YOU For any further queries, feel free to contact us at info@tetrate.io