com/solo-io/wasm/blob/master/spec/spec-compat.md#specificati on const wasmPluginFileName = "plugin.wasm" // Search for the file walking through the archive. tr := tar.NewReader(gr) for { h, err := tr.Next() if err for each of the issues were incomplete. Publicly, the issues had not been tracked. Ada Logics did a search for each issue in the Istio github repository and only found mention of one by a contributor: ● been tracked at a per-issue level either. Some documentation about Istioʼs mitigation of the identified issues is the blog post written about the audit and how the issues were approached: https://istio

community-driven projects but as Istio’s complexity grows, there will be growing need to be clear about what security choices are relevant, standards for hardening, and clear direction on which features behavior runs counter to the Gateway documentation, which states the following:3 The scope of label search is restricted to the configuration namespace in which the the resource is present. In other words the existing ingress gateway and Istio Gateway documentation should be updated to include warnings about the risks of shared ingress gateways. Furthermore, it may be worth- while to create an additional

Istio is a long wild river: how to navigate it safely 2 About me Raphael Fraysse @la1nra (Twitter) Github / @lainra Tech Lead, Networking Mercari, Inc. 3 Today’s agenda ● Istio at Mercari purchased and used by buyers who need them, and buyers enjoy the feeling of hunting for treasure as they search through unique and diverse items for lucky finds. In addition to buying and selling, users actively other big problem is estimating what is the Istio sidecar container CPU usage, which we’ll talk about in the second part of the presentation. 28 Are you prepared to handle Istio? Stabilizing Istio

Applications eBay is powered by ● More than 5,000 Microservices ranging from ○ API services, Search Engine, etc. ○ Databases, Key-Value stores - Oracle, MySQL, etc. ○ Big data systems & Pipelines Application-Tier Load-Balancer Web-Tier Load-Balancer Pods Pods Pods AZ 1 AZ 2 AZ n Client #IstioCon What about Security? ● L4 Micro-segmentation Solution ○ Central Policy store capturing Application-to-Application configuration does not scale ○ Results in high memory usage & convergence times since each sidecar knows about all services in the cluster ○ Disabled egress traffic to restrict config pushed to sidecars ● Main

SEO popularity from the old ones and I don’t have to start from scratch New URLs are shown in the Search Engine Results ?????? ? #IstioCon Our infrastructure is deployed on GKE, with GCLB and Istio IngressGateway

Customer services Order services Catalog Customer history … Order details Payments Audit Search Suggest … Order validation Fraud Alerts … | CONFIDENTIAL Service testing Test a single service

APP logfile Kubernetes console APP logfile APP logfile APP logfile Kubernetes console search &analysis Prometheus TSDB基于请求和日志的关联性改进架构 A Agent B Agent C Agent Request(Transaction ID)

your first Istio.io Contribution Albert Sun | @albertsun0 #IstioCon About Me I’m a high schooler who loves learning about everything related to computers, especially interface design. I started for opinions ● General Contributing Guide ● Contributing Documentation: https://istio.io/latest/about/contribute/ #IstioCon Design Docs Hongyi Zhang - Link #IstioCon Writing Tests ● Istio.io page

Virtual Machine Architecture to learn about the high level architecture of Istio’s virtual machine integration. ○ Debugging Virtual Machines to learn more about troubleshooting issues with virtual machines machines. ○ Bookinfo with a Virtual Machine to learn more about connecting virtual machine workloads to Kubernetes workloads. #IstioCon VM Support – Single Network #IstioCon VM Support – Multiple

Management ○ Ingress mutual TLS ○ Egress mutual TLS ● Challenge & Future Works GoPay & Istio About ● A few hundred developers ● Multiple Kubernetes Clusters ● 250+ microservices ● 150M+ internal a lot of endpoint for each GoPay partner with specific IP seems burden job. ● Security concern about internal attacks (we don’t know who are using those IP, only service that communicate with us or