Istio As An API Gateway Discussion Flow ● What is an API Gateway? ● What is a Service Mesh? ● Common Features ● API Gateway + Service Mesh together! ● Istio as the API Gateway ● Advantages ● ● Challenges ● Where It Isn’t a Good Fit? What is an API Gateway? What is a Service Mesh? Common Features Common Features ● Load Balancing ● Request Routing ● Service Discovery ● JWT Authentication Logging, Monitoring, Tracing API Gateway + Service Mesh together! Limitations of This Approach ● Maintaining Two Tools ● Maintaining Two Expert Pools Istio as the API Gateway Advantages Advantages

Creating API Tests Low Effort API Testing for Microservices | CONFIDENTIAL • What has changed? – Migration to microservices triggering need for extensive API tests • Problem: – Creating API tests • What is our solution? – Leverage Istio sidecar to listen to API traffic data and create tests from the data – 10x speed in creating API tests • Can also be sped up by just navigating the application Significantly reduced time and cost for API testing for microservices architectures with Istio – Fewer failures higher up the test pyramid as a result of improved API tests • Istio benefits – Venky / Prasad

currently have a reference design for what an ideal Kubernetes cluster with Istio running within it. Instead, NCC Group used various hosting options (i.e. Minikube, GKE, KOPS) to build reference clusters and and test various configurations. These reference architectures were used to provide testers with a way of validating that security expectations in the code were implemented when deployed. Each environment a great goal and should continue to expand upon it. Consider whether this could be expanded to reference other documentation that provides deeper insight. • /docs/setup/additional-setup/config-profiles/:

svcB svcA Rules API Pilot 80% Istio 灰度发布：基于请求内容 Version2 Envoy SVC Envoy SVC Pod1 Pod2 Pod3 Envoy SVC Pod1 Pod2 Version1(canary) group=dev svcB svcA Rules API Pilot apiVersion: expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information 在Google：microservices become API Apigee API Management complements Istio with the robust features of Google Cloud's Apigee API management platform, Apigee Edge, by extending API management natively into

affordable shipping options. 5 6 ● 200+ microservices (200+ namespaces) ● 100K RPS at peak on API Gateway ● 1 main production Google Kubernetes Engine (GKE) cluster ● 12k+ pods ● 750+ nodes Istio resources to each proxy in the mesh. It is written in the official documentation, and actually, reference values are only disclosed for when namespace isolation is enabled. 34 The Sidecar CRD to save Putting sidecars everywhere has a cost ○ Latency ○ Compute resources The Istio 1.9 community reference values for sidecar performance are: ● Latency: +2.65 ms at p90 (no telemetry) ● Compute resources:

svcB svcA Rules API Pilot 80%23 Istio 灰度发布：基于请求内容 Version2 Envoy SVC Envoy SVC Pod1 Pod2 Pod3 Envoy SVC Pod1 Pod2 Version1(canary) group=dev svcB svcA Rules API Pilot apiVersion: expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information

maximum scalability by fully leveraging Istio features in Knative with service mesh enabled ● Reference Agenda #IstioCon Knative and Istio Istio is the default networking layer solution of Knative mesh enabled • Enable Istio mesh on Knative – Pod IPs addressable directly in mesh #IstioCon Reference ● IBM Cloud Code Engine which fully managed, serverless platform(including knative and istio) ● Pilot agent config https://istio.io/latest/docs/reference/commands/pilot-agent/ ● Istio Sidecar Configuration https://istio.io/latest/docs/reference/config/networking/sidecar/ ● Istio CNI plugin https://istio

gRPC/HTTP Analysis Core Query CoreIstio telemetry Attribute Vocabulary https://istio.io/docs/reference/config/policy-and- telemetry/attribute-vocabulary/Metric settings in Istio bypass adaptor• Service

#IstioCon Demo time #IstioCon Thank you ! ● Your laptop as part of the service mesh @ Medium ● Reference implementation and run-it-yourself-demo at github.com/omio-labs/devro ute

environmental variables that can be set. For more information see https://istio.io/latest/docs/reference/commands/pilot-agent/#envvars Remember: Always look to see if there are other, better ways of