& thousands of Pods with sidecar Envoys ○ Measure Config convergence time ■ Time taken by all sidecars to get config from Pilot without any errors ■ For thousands of services & endpoints ■ With different ○ Disabled egress traffic to restrict config pushed to sidecars ● Main Takeaways ○ P99.9 time from single Pilot instance to 0 - 3,000 sidecars < 1 second ○ Pilot CPU & memory within acceptable limits:

is natively encrypted, such as HTTPS 3. use k8s network policies to limit traffic bypassing sidecars Cluster security best practices: safely handle policy exceptions Cluster security Access control

service access cross user namespace. o The sidecar CR helps to limit the known egress hosts for sidecars, sidecar needs to knows mesh in his own user namespace only. o We can limit the mesh size to