hardware Load-Balancers (LB) ● Application-Tier LB ○ K8s service realized on Application-Tier LBs ● Web-Tier LB to control - ○ Percentage of traffic sent to an AZ, region, etc. ○ L7 routing ○ Hardware closest Web-Tier LB based on DNS lookup Application-Tier Load-Balancer Web-Tier Load-Balancer Application-Tier Load-Balancer Web-Tier Load-Balancer Application-Tier Load-Balancer Web-Tier Load-Balancer apps.cloud.io/v1 kind: AccessPoint metadata: name: my-accesspoint spec: accessPoints: - name: web-tier scopeIDs: - az1 scopeType: AvailabilityZone traffic: gateways: - apiVersion:

Copyright © 2020 Portable Secure Fast Any Language Outside the Web Web Assembly 7 | Copyright © 2020 Extend Envoy Proxy with Web Assembly (Wasm) Polyglot: Envoy Filters are written in C++ and Wasm Copyright © 2020 SECURITY Technology User Experience 11 | Copyright © 2020 11 | Copyright © 2020 Web Assembly lifecycle 12 | Copyright © 2020 Build > meshctl wasm init addheader-filter --language 20 | Copyright © 2020 Build Store Deploy Debug Debug in Production 21 | Copyright © 2020 Web Assembly Envoy Filter: User Experience Simplified tooling to bootstrap Wasm modules in Rust, C++,

Mercari What Is Mercari? ● Service start: July 2013 ● OS: Android, iOS *Can also be accessed by web browsers ● Usage fee: Free *Commission fee for sold items: 10% of the sales price ● Regions/languages even in a same product. Some examples: ○ Latency-sensitive workloads ○ Long-lived batches (ML) ○ Web platforms ● How do you define a common answer to the previous questions? ○ It’s nearly impossible

it exposes. One of which is the “/debug” API hosted on 15014/TCP by default. This service exposes a web interface that is accessible without authentication to anything that is able to access it’s network Pilot. This has a risk of containing certificates, keys, and secrets used by Pilot at runtime. This web interface also allows unauthenticated users to force force all Istio objects to sync their current

infrastructure is deployed on GKE, with GCLB and Istio IngressGateway User Google Cloud Load Balancer Gateways Web App How do we use Istio? [...] spec: gateways: - istio-system/istio-ingressgateway hosts:

Service Proxy Ingress 1. Define ingress security policies to control accesses to services. Deploy web application firewall to defend against DDoS, injection, remote execution attacks. Edge security

未来工作 • FreeWheel的痛点 我们是谁？ • FreeWheel 是一家为客户提供数字视频广告管理技术和服务的公司。其业务端产 品需要对接客户，提供视频广告投放优化界面，类似于 Web ERP，是一个典型 的三层架构。 微服务之痛 • 两年来，我们将若干复杂的Rails单体应用拆分、迁移到微服务架构， 逻辑用Golang重写，引入了Kubernetes。随着模块越来越多，复杂