documented (see finding NCC-GOIST2005-004 on page 5). This is always a challenge especially for community-driven projects but as Istio’s complexity grows, there will be growing need to be clear about what single location where the most impactful and likely security questions are answered. Consider a community push to focus on improving documentation. Many open-source com- munities have attempted to focus efforts towards less “fun” tasks such as documentation by building social events or incentivizing community support with some token of appreciation. This has historically been a successful way of getting

2022-09 Community Growth New Contributors up 32% YoY 2022 2023 Contributor Experience Get Involved Ask Questions ● Join our Slack and interact live with other members of the Istio community. ● Bring rapidly to vulnerability reports. Read how to submit an issue. Become a Contributor ● The Istio Community README is the starting point for contributors who want to work on code, docs or other parts of Istio Google Group. ● Interested in helping with Chinese language documentation? Join the Cloud Native Community(China). Istio Trends ιστίο • (istío) n (plural ιστία) 1. sail What about the rest of the boat

Istio Meetup China About me Istio 1.10 Release Manager, Istio Community, 2021-Present GetMesh(GetIstio) core contributor, Istio Community, 2021-Present Tetrate Service Bridge developer, Tetrate.io, 2021-Present Istio Developer(Security SIG), Istio Community, 2020-Present Anthos Service Mesh, Google Inc, 2020 Envoy is an edge and service proxy that allows traffic in an infrastructure to flow in Introduction to Istio Networking and CNI Race Condition issues in istio CNI during Node bootstrap Community Solutions to istio CNI CNI Basics Kube Proxy: exists in each node and manage iptable IPTables:

ajayaram@google.com Andrea Ma So�ware Engineer ayma@us.ibm.com Craig Box VP of Open Source and Community craigb@armosec.io Didier Grelin Sr. Technical Program Manager dgrelin@google.com Ethan Jackson prioritised. This is already a great foundation for a secure product, and it demonstrates that the Istio community has formulated a threat model that is used to assess which parts of Istio are particularly exposed Nevertheless, the operator has not been fully deprecated and is likely used in production by the community which makes some users prone to security issues. Furthermore, successful cyber attacks can and do

Engine team focusing on Knative Serving and Istio, contributor of the Knative and Cloud Foundry community, maintainer of a Knative benchmarking tool called kperf, speaker of Open Source Summit China 2019 Working on IBM Cloud Code Engine (Serverless platform), focusing on Knative, Istio, and Tekton, community, leading team to develop and offer serverless capabilities in IBM Cloud, which based on these Opensource efficiency. o When mesh enabled, all traffic through Kube service managed by istio mesh. o Knative community is working to use Destination rules for Pod IPs addressable directly. Knative issue: https://github

Prometheus ○ Grafana ○ Zipkin or Jaeger ○ Kiali #IstioCon GetIstio #IstioCon Community discuss.istio.io #IstioCon Community #IstioCon Thank you! Nick Nellis @nmnellis Adam Toy @adam_toy1 github.com/atoy3731

#IstioCon Speaker Intro #IstioCon Istio Community Number of contributors last 12 months: 350+ contributing companies 500+ PR authors 1900+ contributors Istio Community #IstioCon Service Mesh Surveys

the perfect place to start committing. #IstioCon Connect With the Community ● Working groups - great way to get to know the community ● Join the Discuss, Slack, and Team Drive ● Meeting Agendas and

loose coupling? This issue opened last year explains the problem and its fatality. Thankfully, the community is working on a solution. (Contributing is important!!!) But we didn’t have the time to wait for Istio ● Putting sidecars everywhere has a cost ○ Latency ○ Compute resources The Istio 1.9 community reference values for sidecar performance are: ● Latency: +2.65 ms at p90 (no telemetry) ● Compute

maintenance ● Rich Network functionalities across the ecosystem ● Kubernetes Native ● Large and active community Challenges Challenges ● Doing Service Mesh is complicated ● Writing EnvoyFilters is hard! ●