Istio Security AssessmentNCC-GOIST2005-017 Category Access Controls Component Istio Location The ValidateVirtualService function defined in istio/pkg/config/validation/valid ation.go Impact An attacker that is able to create *kubeApiAdmission.AdmissionRequest parameter, such that the at-issue ValidateVirtualService function, and the validateGatewayNames() function, can ensure that the provided namespace is one wherein the client could perform PushContext.initGateways and PushContext.mergeGateways methods and the sortConfigByCreationTime function within istio/pilot/pkg/model/push_context.go Impact An attacker that is able to create an Istio0 码力 | 51 页 | 849.66 KB | 1 年前3- Observability and Istio Telemetrylking/blob/master/docs/en/ concepts-and-designs/oal.md • Extendable Aggregation Functions • Aggregation Function • Count • Calls per minute • Avg response time • Sum • Thermodynamic •0 码力 | 21 页 | 5.29 MB | 6 月前3
- Istio audit report - ADA Logics - 2023-01-30 - v1.0communicates with Istiod to automate key and certificate rotation, like so: Istio-agent has two functions: 1. To receive SDS requests from Envoy and send certificate signing requests to the CA which typically to system resource exhaustion if a large byte buffer is read into memory. Case 1 A general Get function that makes an http request and reads the entire response into memory: https://github.com/istio/0 码力 | 55 页 | 703.94 KB | 1 年前3
- Accelerate Istio with ebpfebpf Background Knowledge Prog type ● SOCK_OPS ➢ Set callbacks for TCP state changing ➢ Help functions: BPF_MAP_UPDATE_ELEM, BPF_SOCK_HASH_UPDATE ● SK_MSG ➢ Attach to a SOCKHASH map, capture the packets packets sent by a socket in SOCKHASH map and determine its destination socket ➢ Help functions: BPF_MSG_REDIRECT_HASH Istio Meetup China Work Flow of Acceleration ● sock_ops o Capture socket in specific0 码力 | 15 页 | 591.60 KB | 1 年前3
- Istio at Scale: How eBay is building a massive Multitenant Service Mesh using Istioimplement common Security, Observability, Service Routing & Discovery functions as features of the infrastructure - ○ Functions: TLS Termination, Traffic Management, Tracing, Rate Limiting, Protocol0 码力 | 22 页 | 505.96 KB | 1 年前3
- Kubernetes容器应用基于Istio的灰度发布实践builds on Kubernetes and Istio to support deploying and serving of serverless applications and functions. http://www.servicemesher.com0 码力 | 38 页 | 14.93 MB | 1 年前3
- Is Your Virtual Machine Really Ready-to-go with Istio?and shift ● Packaged software ○ Non-Linux ○ unikernels ● Domain specific workloads ○ Network Functions (NFV) #IstioCon Hybrid and Multi Clouds #IstioCon Istio VM Integration is? A Tumultuous Odyssey…0 码力 | 50 页 | 2.19 MB | 1 年前3
- Your laptop as part
of the service mesh#IstioCon What if ? #IstioCon EnvoyFilter - #IstioCon Envoy HTTP LuaFilter function envoy_on_request(request_handle) function envoy_on_response(request_handle) #IstioCon Who and where to reroute ? 1 X-devroute: { “foo”:”192.168.1.12:8001” } Accept: */* #IstioCon Pseudo implementation 1 function envoy_on_request(request_handle) 2 contract = request_handle:headers():get("x-devroute") 30 码力 | 30 页 | 555.24 KB | 1 年前3
- Using Istio to Build the Next 5G PlatformAuthorization between CNFs 5 ©2021 Aspen Mesh. All rights reserved. 5G Network Function Decomposition Microservice Network Function Implementation 5G Architecture Looks a Lot Like a Mesh? 6 ©2021 Aspen0 码力 | 18 页 | 3.79 MB | 1 年前3
- Accelerate Istio-CNI with ebpfprovide various programs type for different purpose ● We choose SOCK_OPS & SK_SKB to implement function #IstioCon ebpf Background Knowledge map ● Share collected information and to store state0 码力 | 15 页 | 658.90 KB | 1 年前3
共 10 条
- 1