holistic security audit that had several high-level goals: 1. Formalise a threat model of Istio to guide the security audit as well as future security audits. 2. Carry out a manual code audit for security findings Issue 10 - “H2c handlers are uncapped” - was an interesting finding, in that it affected Googleʼs managed Istio offering, and it led to further investigation that revealed a vulnerability in Golang assigned this vulnerability. Some managed service providers were vulnerable to the issue, including Googleʼs managed Istio offering which has MultiplexHTTP configured. A�er issue 10 had been reported to

Istio Security Assessment Google August 6, 2020 – Version 1.1 Prepared for Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup com/feedback/67b627f7-a0a2-43b7-ad68-af515a9ed2e0 Executive Summary Synopsis In the summer of 2020, Google enlisted NCC Group to perform an assessment on the open-source version of Istio and all of its components multiple shadows (provided at no additional cost) worked on the project in tight partnership with Google’s Istio subject matter experts. Scope NCC Group’s evaluation of Istio included: • Istio Architecture:

anything larger or bug fixes, create an issue and ask around for opinions ● General Contributing Guide ● Contributing Documentation: https://istio.io/latest/about/contribute/ #IstioCon Design Docs Istio.io page content is automatically verified through tests, and you can help by creating one! ● Guide for creating tests ● Sample page with a test ● make test_status ● make snips #IstioCon The Pull issues, ask around, and share your ideas ● Join the Working Group ● Contributing ○ Check out the style guides for documentation ○ Look into writing tests and how they work ○ We are here to help you

从宏观上快速定位问题，在微观上找到问题根因的 监控方案问题二：现有的系统能否完全满足需求 现有系统如何满足运维需求Istio现有的监控体系 指标监控 分布式追踪 日志系统Zipkin的架构图 Google Dapper Zipkin的实现EFK和Prometheus的架构图 DC1 DMZ Intranet Elascticsearch cluster APP logfile APP 2018-0930(time) 日志输出 Get the corresponding logs for one time request by transaction ID Request(Transaction ID)Java探针的基本原理 A.class 1 2 3 4 5 8 9 Request Response JVM 6 10 7 Class Loader Engine Agent A’

scale Improving security with Istio What Envoy hears when Istio speaks Company presenting Google and IBM Aspen Mesh & independent contributor Solo.io Intuit RedHat Descartes Labs # live viewers istio.io/ The team (1/3) Organizer’s Committee Co-lead Aizhamal Nurmamat kyzy (Google) Co-lead María Cruz (Google) Member Rose Sawvel (Aspen Mesh) Member Kevin Conner (RedHat) Member Aditya Prerepa Bueno (RedHat) The team (2/3) Program Committee Co-lead Lin Sun (IBM > Solo.io) Co-lead Craig Box (Google) Member Christian Posta (Solo.io) Member Neeraj Poddar (Aspen Mesh) Member Brain Tannous (RedHat)

sponsor will provide the rewards. 1st place: Bose headset $400 usd 2nd place: Google Nest hub 10" $230 usd 3rd place: Google Nest hub 7" $70 usd Trivia winners gifts Available sponsorship: 1 ● Only available unique piece that combines all the themes that are addressed during the conference. ● Sponsored by Google (Example from the Royal Society of the Arts (London) “Animate” series, “Re-imagining work”) Artist be incorporated during the Roadmap session. It is used to explain a process. ● Sponsored by Google (Example from Wikimedia movement 2030 strategy) Graphic recording Process and implementation

Service Mesh Multi-tenant Istio Service Mesh with Gloo Mesh Company presenting Tetrate Red Hat Google Soloio Participants 73 53 46 40 Satisfaction score 4.44/5 4.28/5 4.65/5 4.58/5 Making Istio accessible http://eng.istio.io/ The team (1/3) Program Committee Co-lead Lin Sun (Solo.io) Co-lead Mitch Connor (Google) Member Neeraj Poddar (Solo.io) Member Iris Ding (Intel) Member Zhonghu Xu (Intel) Member Srihari team (2/3) Organizer’s Committee Co-Lead María Cruz (Google) Co-Lead Sakhi Patel (Google) Member Rose Sawvel (Solo.io) Member Alex Bush (Google) The team (3/3) Event Production (Software Guru)

只需在创建集群时选 择“启用服务网格” 即可使用Istio服务治 理功能 Istio在华为云： 灰度发布流程 Y N Y N Istio在华为云： 灰度发布 Istio & Kubernetes 在Google Cloud Services Platform: bringing the best of the cloud to you Copyright©2018 Huawei Technologies You. Istio & Kubernetes 在Google：Managed Istio Istio & Kubernetes 在Google：microservices become API Apigee API Management complements Istio with the robust features of Google Cloud's Apigee API management Apigee Edge, by extending API management natively into the microservices stack Istio & Kubernetes 在Google： Knative Knative Serving builds on Kubernetes and Istio to support deploying and serving of serverless

Haoyuan Ge #IstioCon Quick Summary (from Google Cloud Next ’19 [1]) VM works on Istio! [1] Istio Service Mesh for VM Native, Chris Crall, Jianfei Hu, Google Cloud Next ‘19 #IstioCon Why Add VMs to mtls) ■ Extensibility (to cherry pick extensions) [1] Service Mesh use cases for Telco and Edge – Google, ServiceMeshCon NA 2020 Key Drivers [1] #IstioCon What Do We Need Else to Augment Istio? ● Strong

a CNCF project Release v1.0 Istio is ready for production Started Started by teams from Google and IBM 2017 2018 2022-04 2023 2022-09 Community Growth New Contributors up 32% YoY 2022 2023 access our trove of technical content and working documents by joining the istio-team-drive-access@ Google Group. ● Interested in helping with Chinese language documentation? Join the Cloud Native Community(China)