#IstioCon Building resilient systems inside the mesh: abstraction and automation of Virtual Service generation Vladimir Georgiev, Thought Machine #IstioCon Sync calls failures inside the mesh miscellaneous rules Misc please rule for autogeneration K8s Greeter service example #IstioCon Building the new rule #IstioCon Deploying to a cluster #IstioCon ● Easy way to manage Virtual Service

#IstioCon Istio at Scale: How eBay is building a massive Multitenant Service Mesh using Istio Sudheendra Murthy #IstioCon Agenda ● Introduction ● Applications Deployment ● Service Mesh Journey

Having a secured profile with an opinionated cluster configuration will help guide users towards building secured environments. • Expand hardening documentation: While there were a variety of areas where with the harden- ing guidelines first as it will give administrators more confidence that they are building an environment following best practices. Pursuing something formal such as CIS benchmarks is not documented (see finding NCC-GOIST2005-004 on page 5). This is always a challenge especially for community-driven projects but as Istio’s complexity grows, there will be growing need to be clear about what

Security Varun Talwar Co-founder Co-creator gRPC, Istio Lizan Zhou Senior Maintainer, Envoy Community & Industry Leaders ● Founded CNCF SIG Security ● Secure and Hardened Istio and Envoy builds ● and internal traffic starts to look less and less different from the perspective of a developer building and operating an application Why is Istio? TSB: The Application-Aware Networking Platform Istio:

2022-09 Community Growth New Contributors up 32% YoY 2022 2023 Contributor Experience Get Involved Ask Questions ● Join our Slack and interact live with other members of the Istio community. ● Bring rapidly to vulnerability reports. Read how to submit an issue. Become a Contributor ● The Istio Community README is the starting point for contributors who want to work on code, docs or other parts of Istio Google Group. ● Interested in helping with Chinese language documentation? Join the Cloud Native Community(China). Istio Trends ιστίο • (istío) n (plural ιστία) 1. sail What about the rest of the boat

Istio Meetup China About me Istio 1.10 Release Manager, Istio Community, 2021-Present GetMesh(GetIstio) core contributor, Istio Community, 2021-Present Tetrate Service Bridge developer, Tetrate.io, 2021-Present Istio Developer(Security SIG), Istio Community, 2020-Present Anthos Service Mesh, Google Inc, 2020 Envoy is an edge and service proxy that allows traffic in an infrastructure to flow in Introduction to Istio Networking and CNI Race Condition issues in istio CNI during Node bootstrap Community Solutions to istio CNI CNI Basics Kube Proxy: exists in each node and manage iptable IPTables:

ajayaram@google.com Andrea Ma So�ware Engineer ayma@us.ibm.com Craig Box VP of Open Source and Community craigb@armosec.io Didier Grelin Sr. Technical Program Manager dgrelin@google.com Ethan Jackson prioritised. This is already a great foundation for a secure product, and it demonstrates that the Istio community has formulated a threat model that is used to assess which parts of Istio are particularly exposed Nevertheless, the operator has not been fully deprecated and is likely used in production by the community which makes some users prone to security issues. Furthermore, successful cyber attacks can and do

Engine team focusing on Knative Serving and Istio, contributor of the Knative and Cloud Foundry community, maintainer of a Knative benchmarking tool called kperf, speaker of Open Source Summit China 2019 Working on IBM Cloud Code Engine (Serverless platform), focusing on Knative, Istio, and Tekton, community, leading team to develop and offer serverless capabilities in IBM Cloud, which based on these Opensource efficiency. o When mesh enabled, all traffic through Kube service managed by istio mesh. o Knative community is working to use Destination rules for Pod IPs addressable directly. Knative issue: https://github

Prometheus ○ Grafana ○ Zipkin or Jaeger ○ Kiali #IstioCon GetIstio #IstioCon Community discuss.istio.io #IstioCon Community #IstioCon Thank you! Nick Nellis @nmnellis Adam Toy @adam_toy1 github.com/atoy3731

#IstioCon Speaker Intro #IstioCon Istio Community Number of contributors last 12 months: 350+ contributing companies 500+ PR authors 1900+ contributors Istio Community #IstioCon Service Mesh Surveys