#IstioCon Is Your Virtual Machine Really Ready-to-go with Istio? Kailun Qin, Intel Haoyuan Ge #IstioCon Quick Summary (from Google Cloud Next ’19 [1]) VM works on Istio! [1] Istio Service Mesh Hybrid and Multi Clouds #IstioCon Istio VM Integration is? A Tumultuous Odyssey… [1] Istio 1.8: A Virtual Machine Integration Odyssey, Jimmy Song #IstioCon V0.2 Mesh Expansion ● Prerequisites ○ IP connectivity the workloads themselves #IstioCon V1.6-1.8 Better VM Workload Abstraction Item Kubernetes Virtual Machine Basic schedule unit Pod WorkloadEntry Component Deployment WorkloadGroup Service registry

#IstioCon Building resilient systems inside the mesh: abstraction and automation of Virtual Service generation Vladimir Georgiev, Thought Machine #IstioCon Sync calls failures inside the mesh implement this to be language agnostic? #IstioCon Virtual Services API ● Solves our problems, but… ● All Service Owners must be aware of the Virtual Services API in order to define their SLOs. ● Potential errors when dealing with YAMLs. ● Potential drift between the state of the service API and the Virtual Service config. ● Hard to manage when having hundreds of services. #IstioCon Abstracting to proto

event page ● Each sponsoring company and committee chairs will be individually called out in social media posts for their contributions. Tier level Commitment Platinum Participants gifts (t-shirts) Gold selected category and facilitate all the conversations. Vendor logos representation 1. Social Media mentions of presenter and their company a. Keynotes: 2x b. Tech talks, lightning talks, workshops: all event partner logos displayed according to the level they are engaging at. 3. Swag bags. The virtual swag bag will have the logos of all the companies offering swag. 4. Slack / event chat mentions:

backend 8123 Virtual outbound -15001 Envoy backend:8123 127.0.0.1:8123 zipkin Pod1 Pod2 业务容器 业务容器 Istio-proxy容器 Istio-proxy容器 Istio-init 容器 Istio-init 容器 Pod内共享网络 Pod内共享网络 Virtual inbound -15006 local_rateli mit L4网络过滤器 基于L4层网络限流，通过令牌桶防止定期时间间隔内 过多下游连接。 envoy.filters.network.http_conne ction_manager L4网络过滤器 专门用于处理HTTP请求的网络过滤器，根据协议类型 处理HTTP编解码并调用L7层HTTP过滤器。 envoy.filters.http.lua L7 HTTP过滤器 基于 iptables :15001 original _dst 10.110. 59.75:8 0 tls_ins pector http_in spector http_connecti on_manager … router upstream conn pool codec codec metadata_ex change iptables http/1.x h2c cluster

https://github.com/istio-ecosystem/consul-mcp 欢迎大家试用、共建！ 4 Istio 流量管理 – 控制面 – 流量管理模型 Gateway Virtual Service Destination Rule 外部请求 内部客户端 Service2 Service1 网格内部 定义网格入口 • 服务端口 • Host • TLS 配置 • 路由配置 • LB 策略 • 连接池配置 • 断路器配置 • TLS 配置 Gateway External Service 统一网格出口 • 出口地址（Gateway Workload） • 出口端口 Virtual Service CLB 对外请求 对外请求（Passthrough/ServiceEntry） 缺省路由 （服务名） 5 Istio 流量管理 – 数据面 – Envoy配置模型和xDS协议 IP（通配）和端口（9080）转发到 0.0.0.0_9080 这个 outbound listener。 5. 根据 0.0.0.0_9080 listener 的 http_connection_manager filter 配置，该请求采用 9080 route 进行分发。 6. 9080 这个 route 的配置中，host name 为 reviews:9080 的请求对应 的 cluster 为

America 1.5% from Oceania Participant demographics 20.4% of attendees were CxO / Engineering manager / Tech Lead 43.8% of attendees were either evaluating Istio for production use, or have tried Guru) Event Manager Mara Ruvalcaba Content Coordination Pedro Galván Streaming and website Alberto Rodríguez Streaming Alex Palomo Speaker Advocacy Alma María Rinasz Promotion and social media Fernando Luis Sánchez Streaming Uriel García #IstioCon María Cruz Program manager mpcruz@google.com Aizhamal Nurmamat kyzy Program manager aizhamal@google.com Thank you!

Where did people join from? Participant demographics 28% of attendees were CxO / Engineering manager / Tech Lead 57% of attendees were either evaluating Istio for production use, or have tried really informative!" "This is the best conference software i've used, and i've been to so many virtual conferences in the past two years. Super simple to register and navigate through live and (Solo.io) Member Alex Bush (Google) The team (3/3) Event Production (Software Guru) Event manager Mara Ruvalcaba Content coordination Pedro Galván Streaming and website Alberto Rodríguez Streaming

http_connection_manager config: #access_log: #name: "envoy.file_access_log" #config: #path: "/tmp/request.log" stat_prefix: ingress_http server_header_transformation: APPEND_IF_ABSENT route_config: virtual_hosts: Security Consultant andy.olsen@nccgroup.com • Bryan Solari — Account Manager bryan.solari@nccgroup.com • Kivanç Tos — Project Manager kivanc.tos@nccgroup.com The team from Google has the following primary

productpage-credential 3) Define a gateway which specifying above secret and define corresponding virtual service which configuring traffic routes Secure ingress gateway via TLS terminating Using ingress productpage-credential 3) Define a gateway which specifying above secret and define corresponding virtual service which configuring traffic routes Secure ingress gateway via TLS terminating https http terminate TLS in gateway using istio cert ● PASSTHROUGH: pass through the TLS traffic using SNI and virtual Service ● AUTO_PASSTHROUGH: pass through the TLS traffic purely using SNI without VS apiVersion:

Discovery Service (SDS) ○ Auto mTLS ● API and feature promotion ○ Networking/Security APIs ○ Virtual Machine expansion/Multi cluster mesh https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon #IstioCon Feature Graduation ● Enhancement workflow ○ CNI ○ IPv6 ○ Dual-stack (IPv6/IPv6) ○ Virtual Machine Expansion ○ Multi cluster mesh ○ Helm v3 life-cycle management ● Evaluate current feature