Istio Meetup China 服务网格安全 理解 Istio CNIip addresses for workloads exist in nodes CNI interface Calico Antrea Flannel Istio CNI CNI Daemonset Calico Antrea Flannel Istio CNI Networking lifecycle (Istio Init) Start istio init container through nsenter Check CNI logs in kubelet (journalctl) Will do: grafana board istio CNI logging on daemonset istioctl scanning tool designed for CNI Repair controller Valid through istio-init (iptable) Detect0 码力 | 19 页 | 3.17 MB | 1 年前3- Accelerate Istio with ebpfLatency ◦ 11-17% improvement Istio Meetup China Summary ● eBPF functionality enabled with a DaemonSet pod ○ eBPF program tracks connections from client to redirected Envoy (127.0.0.1) and back (outbound)0 码力 | 15 页 | 591.60 KB | 1 年前3
- Extending service mesh capabilities using a streamlined way based on WASM and ORASaliyun servicemesh UpdateMeshFeature -- ServiceMeshId=xxxxxx --WebAssemblyFilterEnabled=true ○ 部署一个DaemonSet(asmwasm-controller)到K8s集群中 ○ asmwasm-controller监听一个configmap, 该configmap存放要拉取的wasm filter 的地址,0 码力 | 23 页 | 2.67 MB | 1 年前3
- Performance tuning and best practices in a Knative based, large-scale serverless platform with Istiocontainer by modifying the injection template. Mitigations: o When adding new worker node, make sure daemonset pod of istio CNI plugin is up and running before knative pods scheduling on the node. o Crontab0 码力 | 23 页 | 2.51 MB | 1 年前3
共 4 条
- 1