#IstioCon Getting Started and Beyond: Istio Multicluster with GitOps Ryota Sawada / @rytswd / CTO at UPSIDER, Inc. #IstioCon Welcome to the IstioCon 2021 IstioCon 2021 is the inaugural community conference showcasing the lessons learned from running Istio in production, hands-on experiences from the Istio community, and featuring maintainers from across the Istio ecosystem. The conference offers a mix of mesh with the Istio community, vendors, and maintainers! #IstioCon Agenda ● Introduction ● Target Audience ● Topics covered / NOT covered ● About Istio Multicluster ● Brief brush up on Istio resources

IPVLAN based Networking (beta) Transparent Encryp�on (beta) Operations Running Prometheus & Grafana Istio Ge�ng Started Using Is�o Other Orchestrators Cilium with Docker & libnetwork Cilium with Mesos/Marathon :31001 Examples Generic Network Policy Endpoints Controllers Kubernetes Getting Started Using Istio This document serves as an introduc�on to using Cilium to enforce security policies in Kubernetes GSGs. 5 GB and 4 CPUs should be enough for this GSG ( --memory=5120 --cpus=4 ). Step 2: Install Istio Note Make sure that Cilium is running in your cluster before proceeding. Install the Helm client

Overview Getting Started Guides Installation Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Configuration Network Policy Endpoint CRD Kubernetes Compatibility Troubleshooting Istio Getting Started Using Istio Docker Cilium with Docker & libnetwork Mesos Cilium with Mesos/Marathon Envoy modes Operations Running Prometheus & Grafana Limiting Identity-Relevant Labels Istio Getting Started Using Istio Other Orchestrators Cilium with Docker & libnetwork Cilium with Mesos/Marathon The

Getting Started Guides Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Endpoint CRD Kubernetes Compatibility Cilium CRD schema validation Troubleshooting Istio Getting Started Using Istio Docker Cilium with Docker & libnetwork Mesos Cilium with Mesos/Marathon Envoy modes Operations Running Prometheus & Grafana Limiting Identity-Relevant Labels Istio Getting Started Using Istio Other Orchestrators Cilium with Docker & libnetwork Cilium with Mesos/Marathon The

Installation Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability up Support for External Workloads (beta) Operations Running Prometheus & Grafana Istio Getting Started Using Istio The best way to get help if you get stuck is to ask a question on the Cilium Slack when a custom redirection/operation relies on the original ClusterIP within pod namespace (e.g., Istio side-car) or due to the Pod’s nature the socket-level loadbalancer is ineffective (e.g., KubeVirt

Installation Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability up Support for External Workloads (beta) Operations Running Prometheus & Grafana Istio Getting Started Using Istio The best way to get help if you get stuck is to ask a question on the Cilium Slack when a custom redirection/operation relies on the original ClusterIP within pod namespace (e.g., Istio side-car) or due to the Pod’s nature the socket-level loadbalancer is ineffective (e.g., KubeVirt

Getting Started Guides Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Operations Networking and security observability with Hubble Running Prometheus & Grafana Istio Getting Started Using Istio Other Orchestrators Cilium with Docker & libnetwork The best way to get help if Getting Started Using Istio This document serves as an introduction to using Cilium Istio integration to enforce security policies in Kubernetes micro-services managed with Istio. It is a detailed walk-through

Getting Started Guides Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Operations Networking and security observability with Hubble Running Prometheus & Grafana Istio Getting Started Using Istio Other Orchestrators Cilium with Docker & libnetwork The best way to get help if Getting Started Using Istio This document serves as an introduction to using Cilium Istio integration to enforce security policies in Kubernetes micro-services managed with Istio. It is a detailed walk-through

use the Istio service mesh, and that’s the foundation of everything in terms of security.” — Nicolas Chaillan, former Chief Software Officer of the U.S. Air Force The DoD leverages Istio as its service service mesh, and one aspect of Istio is its reliance on sidecars for secure network communication. Sidecars, which are language agnostic, act as service proxies and allow for all traffic (ingress and Nicolas Chaillan, DoD Along with Flux and Flagger, leveraging open source tools like Prometheus, Istio, Helm, and Elasticsearch can bring much momentum to the transition from traditional to the platform

latency and overhead. For example, the service mesh software Istio increases the single-hop service access latency by 2 ms to 3 ms, making Istio unable to meet the Service Level Agreement (SLA) requirements OS. Kmesh supports the following features: • Kmesh can connect to a mesh control plane (such as Istio) that complies with the Dynamic Resource Discovery (xDS) protocol. • It orchestrates application short videos. Kmesh brings a 5-fold forwarding performance increase in HTTP tests, compared to Istio. Repositories https://gitee.com/openeuler/Kmesh As shown in the figure, the Kmesh software architecture