way of validating that security expectations in the code were implemented when deployed. Each environment was deployed following Istio Documentation using istioc tl. The assessment included many open ing guidelines first as it will give administrators more confidence that they are building an environment following best practices. Pursuing something formal such as CIS benchmarks is not recommended in Method Code-assisted Platforms Golang, Kubernetes Dates 2020-07-06 to 2020-07-31 Environment Local Test Environment Consultants 4 Level of Effort 50 person days Targets istio/istio Istio Source code

- Very different from production environment, may not be representative - Harder to test actual traffic, especially iptables - May be dependant on local environment - Challenging to have multiple proxies - Very different from production environment, may not be representative - Harder to test actual traffic, especially iptables - May be dependant on local environment - Challenging to have multiple proxies reproductions + Great for rapid iteration of Envoy options - Very different from production environment - May be challenging to reproduce Istio configurations #IstioCon Direct clients grpcurl localhost:15012

REQUEST RESPONSE API MOCKS ASSERTION RULES CONTEXT RULES … … … … … … Test Driver TEST ENVIRONMENT Derive different types of tests Mocks for External APIs Istio enables learning tests from REQUEST RESPONSE API MOCKS ASSERTION RULES CONTEXT RULES … … … … … … Test Driver TEST ENVIRONMENT Derive different types of tests Mocks for External APIs Creating test suites from API traffic

(istio #23029, envoyproxy #13037) o envoy still suffers from overload of XDS pushes in a high churn environment. Istio scalability optimization during Knative Service provisioning • Random missing endpoint churn. This is disabled by default and can be enabled by setting the PILOT_ENABLE_FLOW_CONTROL environment variable in Istiod. o Final solution is envoy delta-XDS push in future Istio release. Istio scalability

puts users at risk from untrusted input. If debug mode should never be enabled in a production environment, then this should be clear through ample warnings in documentation and perhaps when the STS Server Scripted build ✓ ✓ ✓ ✓ Build - Build service ✓ ✓ ✓ Build - Build as code ✓ ✓ Build - Ephemeral environment ✓ ✓ 52 Istio Security Audit, 2023 Build - Isolated ⛔ ⛔ Build - Parameterless ✓ Build - Hermetic

required 1. Resource consumption 2. Resource Mounts (#15517) 4. Tests on the production-size environment aren’t a waste of time 1. Istio Discovery Restarts (#25495) 2. Proxy Probes (#26792) Further

Experiences from running Istio in a k8s production environment Line Moseng @linemoseng Johnny Horvi Norwegian Labour and Welfare Administration 5,2 million nais.io github.com/nais CD CD metrics

in Istio ● Bridging trust between gateways of different AZs ○ Mutual TLS between Pods of same environment across AZs ● Scaling Authorization Policies ○ Millions of policies ○ Global Identity federation

safe and secure transactions. Mercari offers a unique customer experience, with a transaction environment that uses the payments Mercari holds in escrow, and simple and affordable shipping options.