Breakdown Access Controls 7 Configuration 5 Cryptography 1 Data Exposure 3 Data Validation 2 Component Breakdown Istio 10 Istio Sidecar 3 Istioctl 2 Pilot 3 Key Critical High Medium Low Informational High Impact: High, Exploitability: Medium Identifier NCC-GOIST2005-004 Category Data Exposure Component Istio Location Istio Control Plane: • controlPlaneSecurityEnabled istioctl configuration option High Impact: High, Exploitability: Medium Identifier NCC-GOIST2005-016 Category Configuration Component Istio Location https://istio.io/latest/docs/ Impact WIthout clear documentation, administrators

Problem: – Creating API tests is effort intensive – Creating + maintainting E2E, service tests, component tests adds up very quickly • What happens if you do not address the problem? – Thorough test coverage creating API tests • Can also be sped up by just navigating the application UI – Create E2E tests, component tests and service tests from the same data • Key product benefits (#releases, #rollbacks, MTTR Questions 2 Structure | CONFIDENTIAL 3 API-driven applications exploding Service Testing Component Testing E2E API Tests Engineering effort grows superlinearly as #APIs grow Customer services

In Istio 1.5.4: Istio scalability optimization during Knative Service provisioning Project Component CPU MEM HorizontalPodAutoscaler (HPA) request limit request limit Istio (1.7.3) istio- ingressgateway

Workload Abstraction Item Kubernetes Virtual Machine Basic schedule unit Pod WorkloadEntry Component Deployment WorkloadGroup Service registry and discovery Service ServiceEntry K8s Pods labels:

don’t have to maintain a fork of Istio ● Easy to integrate with Istio, deployed as a stand-alone component ● Provides an abstract layer with Aeraki CRDs, hiding the trivial details of the low-level envoy

productivity, not decreasing it. 66 Abstracting Istio Adopting Istio The same way as we build libraries and interfaces to improve productivity, we need to build proper abstractions to maximize the added