mitigate errors and their impact? Stabilizing Istio ● Leverage linters (conftest) to catch issues at CI-level, keeping a short feedback loop ● Leverage admission webhooks (OPA Gatekeeper) to ○ protect selector updates for app and version labels Adopting Istio A more sustainable approach: ● Use your CD tooling (i.e. Spinnaker) to automate this migration ● Ask users to use the migration pipeline when abstract Istio Adopting Istio ● We are using Terraform to handle the Sidecar CRD Policy and GitOps CI/CD pipeline to apply them ● We are exploring Cuelang to template a simple DSL for managing various

● The OSS-Fuzz build is maintained to avoid disruption. ● Istio does not run the fuzzers in its CI pipeline. Istio has had its fuzzing suite for around a year and has previously found high severity HandshakeContext(ctx); err != nil { rawConn.Close() return nil, err } https://github.com/is tio/istio/blob/cd19f89 a6c27e77b6f6509ad 015b9b5c3a3e4c0c/ pkg/config/crd/valida tor.go#L104 closers := make([]io.Closer return fmt.Errorf("copy: %v", err) } outFile.Close() https://github.com/is tio/istio/blob/f0d144 128cd1a4f7d815271 e0f6a30c699df7b28/ istioctl/pkg/validate/ validate.go#L292 warning, err := v.validateFile(istioNamespace

Envoy原理介绍及线上问题踩坑 介绍人：张伟 Copyright © Huawei Technologies Co., Ltd. All rights reserved. Page 2 个人介绍 张伟 华为云容器网格数据面技术专家 拥有10年以上中间件及高性能系统开发经验， 作为架构师及核心开发人员发布过传输网管系 统、Tuxedo交易中间件、ts-server多媒体转码服 ASM数据面等多个产品。先后就职于亿阳信通、 北电、甲骨文、polycom、阿里巴巴等公司；目 前在华为云云原生团队负责网格数据面的架构 设计及开发工作。 Copyright © Huawei Technologies Co., Ltd. All rights reserved. Page 3 目录 1. Envoy启动及配置文件 2. Envoy流量拦截原理、常用部署方式 3. Envoy可扩展过滤器架构、可观测性 生产环境问题分析及解决方法 6. 针对Envoy做的一些优化及效果 7. 常用性能分析测试工具及使用方法 8. 华为ASM产品介绍 Copyright © Huawei Technologies Co., Ltd. All rights reserved. Page 4 前言 • 微服务架构最早由Fred George在2012年的一次技术大会上所提出，他讲到如何通过拆分SOA服务实现服务之间的解耦，

project Source: http://eng.istio.io/ The team (1/3) Organizer’s Committee Co-lead Aizhamal Nurmamat kyzy (Google) Co-lead María Cruz (Google) Member Rose Sawvel (Aspen Mesh) Member Kevin Conner (Highschool student) Member Alex Soto Bueno (RedHat) The team (2/3) Program Committee Co-lead Lin Sun (IBM > Solo.io) Co-lead Craig Box (Google) Member Christian Posta (Solo.io) Member Neeraj Poddar (Aspen

Impact for the project Source: http://eng.istio.io/ The team (1/3) Program Committee Co-lead Lin Sun (Solo.io) Co-lead Mitch Connor (Google) Member Neeraj Poddar (Solo.io) Member Iris Ding (Intel) Angaluri (IBM) Member Jason Webb (Intuit) The team (2/3) Organizer’s Committee Co-Lead María Cruz (Google) Co-Lead Sakhi Patel (Google) Member Rose Sawvel (Solo.io) Member Alex Bush (Google) The

Mesh Creators Zack Butcher Istio Steering Committee Jeyappragash (JJ) Co-founder Chair CNCF SIG Security Varun Talwar Co-founder Co-creator gRPC, Istio Lizan Zhou Senior Maintainer, Envoy Community & 800-204 series on microservice security ● R&D on Next Generation Access Control (NGAC) ● Exclusively co-host annual zero trust multi-cloud conference Best in Class Team ● Creators of the service mesh

cloud-native workloads in a single platform. Leading Cloud Native Varun Talwar Co-founder/CEO Co-creator gRPC, Istio Jeyappragash (JJ) Co-founder Chair CNCF SIG Security Zack Butcher Istio Steering Committee

Learnt by Mesh API Studio Third-party apps Manual QA trace: r trace: r trace: r trace: r CI Pipeline | CONFIDENTIAL 9 Process flow using Istio Deploy Lua filters (kubectl apply -f ) Created by Mesh API Studio Third-party apps Manual QA trace: r trace: r trace: r trace: r CI Pipeline | CONFIDENTIAL 16 ML-assisted Context Rule Learning createProduct(…): Response {

Observability And Istio Telemetry 吴 晟 Apache SkyWalking Creator Apache ShardingSphere Co-founder Microsoft MVP Tetrate founding Engineer Bitmain tech expert Service Mesh Meetup #4 上海海站

essgateway hosts: - www.blablacar.fr http: - match: - uri: exact: /co2 redirect: uri: /blablalife/lp/zeroemptyseats redirectCode: 301 [...] Istio