risk configurations commonly used by administrators, and provide perspective on whether security features sufficiently address the concerns they are designed to provide. Four consultants over a period of is not recommended in this case but a similar approach could be build a self- hosted checklist of features and configuration options that Istio believes match security best practices. See Appendix B on page are debug interfaces exposed that cannot be disabled by Istio, so that even when all the security features are enabled, there does not appear to be a way to restrict a Pod’s access to them. Attempts to modify

End of 2021 100% services migrated to Istio 8 Features currently used: ● HTTP/2 Load-balancing ● Traffic Shifting ● mTLS Features under investigation: ● Retries ● Circuit breaking Istio Istio Main time consumers with Istio: 1. Troubleshooting 2. Spreading adoption 3. Supporting new features 29 To succeed in Istio adoption you need to have: Stabilizing Istio ● Dedicated resources temptations from users to open features too early ● Mechanisms to improve the reliability of Istio 30 Choose your fights, start small Stabilizing Istio Start with few simple features such as: ● Injecting

users easy access to features such as observability, traffic management and security without requiring users to add these to their application code. It also offers more advanced features to support A/B testing Security Components One of the advantages of using Istio is that it offers a series of security features related to identity, policies, TLS encryption, authentication, authorization and internal auditing the proxies and checks whether the policy of each proxy is up to date. Authentication has two core features in Istio: 1. Peer authentication: used for service-to-service authentication to verify the client

optimization during Knative Service provisioning ○ Unleash maximum scalability by fully leveraging Istio features in Knative with service mesh enabled ● Reference Agenda #IstioCon Knative and Istio Istio are created to Knative probe thinks the configuration works. o [Istio 1.5.4] Istio is picking up new VirtualService slowly 30s #IstioCon Istio scalability optimization during Knative Service provisioning high configuration churn 30s #IstioCon Unleash maximum scalability by fully leveraging Istio features in Knative with service mesh enabled • Enable Istio mesh on Knative – Data flow with Istio mesh/mTLS

release note. ● If it doesn’t, then the developer can check a box and the pull request will merge. New System Release Notes #IstioCon Release Notes: As a result... ● Release notes are thought of up-front appropriate documentation, testing, and code completion is done for each level ● Making sure that features continue to mature #IstioCon Release Maturity ● Provide a consistent list of requirements for Performance ○ Resource usage ○ Open issues ○ Features being promoted ○ Release notes and upgrade notes #IstioCon Continuous Release Health ● New dashboard being created to allow visibility of release

of projects, deployed on cloud. They have common features, also have project specified feature. We provide a common platform includes all common features, connect all projects with istio. #IstioCon Common Use EnvoyFilter to modify values for certain fields, add specific filters, or even add entirely new listeners, clusters, etc. #IstioCon Wise Platform K8s custom resource definition HTTP filters

for a VM instance that connects with a valid identity token ● All we have to do is ○ specify a new WorkloadGroup with a template (to create WorkloadEntry) ○ create a ServiceEntry (to select specific from the internal mesh traffic ○ One of the viable solutions to communicate between Legacy VNFs and new CNFs ● Need a stricter security model for end-to-end key protection #IstioCon Legacy VNF  CNF: ○ Limited number of nodes ○ More traffic across Pod/VMs on the same node #IstioCon QUIC ● A new transport protocol ● A little like TCP + TLS, but build on top of UDP ○ Uses UDP like TCP uses IP

Satisfaction score 2,467 Unique live viewers 219 Unique recording viewers #IstioCon New features at 2022 edition: ● Captioning for sessions in English ● Live transmission of Chinese sessions teamwork, where participants solve together different challenges. Impact for the project 1,818 New followers on Twitter since event was announced (January to date). 383,428 Twitter impressions

svc proxy svc Logging Backend Quota Backend Auth Backend Metric Backend Prometheus AWS New Relic Huawei-APM apiVersion: "config.istio.io/v1alpha2" kind: metric metadata: name: requestduration limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to Kubernetes 在Google：microservices become API Apigee API Management complements Istio with the robust features of Google Cloud's Apigee API management platform, Apigee Edge, by extending API management natively

Automate the Istio setup during Kubernetes cluster creation ● Automated endpoint config creation on new micro-service creation or updation ● Templatise the Kubernetes deployment including Virtual Service #IstioCon Takeaways ● Identify the problems and improvements ● POCs for all known use-cases and features say mTLS, Outlier detection etc,. ● Passthrough mode downgrades gRPC/http2 protocol to Http/1.1