■ hardware Firewalls, Bare Metals, legacy OpenStack, etc. ● Transport Layer Security (TLS) ● Custom OpenID implementation for L7 AuthN #IstioCon Why Service Mesh? ● Current challenges include - Create the Specs on our Global Control Plane ● Realized on hardware LBs ● Internal orchestration & UI tools to use Access Point specs ● Standardization provides flexibility to switch backend implementations

Meeting Agendas and Recordings are available #IstioCon Commits ● Small Commits - Documentation fixes, UI adjustments #IstioCon Commits ● For anything larger or bug fixes, create an issue and ask around

com/apache/incubator- skywalking-query-protocolEcosystem powered by GraphQL and SkyWalking core • Open source UI project for SkyWalking • https:// github.com/ TinyAllen/ rocketbotServiceMesher公众号 SOFAStack公众号

Multi-cluster and VM (lower onboarding cost) ○ Enterprise team structure gap (Workspace, Tenants, etc) ○ UI&UX Background ● Leads to complexity and lack of operational agility ● You can't be Cloud Native

data – 10x speed in creating API tests • Can also be sped up by just navigating the application UI – Create E2E tests, component tests and service tests from the same data • Key product benefits (#releases

核心组件少安装简单，轻量的架构赋予SolarMesh极低的资源占用以及极低的维护成本 •规范 标准的istio规范操作，实时反映真实集群状态，告别terminal。 •便捷 一键安装，UI操作，流量策略模板复用，批量设置 •多集群支持，零成本接入 流量视图提供统一的拓扑图界面，让您的视角可以统揽全局 •附加组件 •Jaeger，为SolarMesh提供分布式链路追踪的能力

trols), one such isolation scheme could be implemented with ValidatingAdmissionWebhooks that introduce custom access control checks to prevent users from directly accessing sidecar proxy binding secrets, and gid=1337(istio-proxy) groups=1337(istio-proxy) kind: ConfigMap apiVersion: v1 metadata: name: custom-envoy-config data: envoy.yaml: | admin: access_log_path: /dev/null address: pipe: path: "@testenvoy" Google / NCC Group Confidential sidecar.istio.io/userVolume: '{"envoyconfig":{"configMap":{"name":"custom-envoy- config","items":[{"key":"envoy.yaml","path":"envoy.yaml"}]}}}' sidecar.istio.io/userVolumeMount:

recompile and maintain a build of Envoy EXTERNAL AUTH RATE LIMITING ROUTER UPSTREAM CUSTOM gRPC TRANSCODER Build Custom Envoy Filter 6 | Copyright © 2020 Portable Secure Fast Any Language Outside

isolation is enabled. 34 The Sidecar CRD to save the mesh Stabilizing Istio The Sidecar CRD (Custom Resource Definition) allows to control the exposure of mesh configuration to a specific proxy, based /* - istio-system/* 35 The Sidecar CRD to save the mesh Stabilizing Istio The Sidecar CRD (Custom Resource Definition) allows to control the exposure of mesh configuration to a specific proxy, based

NIST CURVE: P-256 istiod will generate a self-signed CA certificate using RSA if plugged in custom CA certificates aren’t specified #IstioCon MeshConfig support In Istio 1.10 I am currently working