exploit this by repeatedly sending large http requests that would keep the STS server offline. Mitigation This issue raises the question whether debug mode should ever be used in production. If it should started out the review by requesting internal documentation that had been produced as part of the mitigation process. We then looked for public documentation related to the issues in the audit report. Finally of that, no fixes had been tracked at a per-issue level either. Some documentation about Istioʼs mitigation of the identified issues is the blog post written about the audit and how the issues were approached:

kubernetes planned extension (Node Readiness Gate) Useful links CNI beta RFC Istio CNI Race Condition Mitigation CNI beta Graduation Kubernets Node Readiness Gates Q&A @tetrateio Tetrate https://tetrate.io