#IstioCon Istio Project Update Lin Sun @linsun_unc #IstioCon Speaker Intro #IstioCon Istio Community Number of contributors last 12 months: 350+ contributing companies 500+ PR authors 1900+

Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup.com/feedback/67b627f7-a0a2-43b7-ad68-af515a9ed2e0 Executive Summary Synopsis five weeks along with the help of multiple shadows (provided at no additional cost) worked on the project in tight partnership with Google’s Istio subject matter experts. Scope NCC Group’s evaluation of Configuration Generation Enables Route Hijacking 023 High Pilot Debug Interface Exposes Sensitive Information 002 Medium Default Production Profile Not Sufficiently Hardened 003 Medium Weak Hash Used for

Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project summary 4 Audit scope 6 Overall assessment 7 Fuzzing 9 Threat model 11 Issues found 17 Review Executive summary In September and October 2022 Ada Logics carried out a security audit of the Istio project. The audit was sponsored by the CNCF and facilitated by OSTIF as a step towards graduation for Istio team who fixed the vulnerability and assigned it CVE-2022-41721. 3 Istio Security Audit, 2023 Project summary Ada Logics auditors Name Title Email Adam Korczynski Security Engineer Adam@adalogics

Participant feedback The majority of participants agree that they had enough information about the future of Isito project. Most participants felt empowered to use Istio after attending the conference hour fun! Impact for the project 23% Audience growth on Twitter, which is 10 percentile points higher than other conference months. 18.6% New users to the project from beginning of Jan to to end of Feb. 87% Of Istio users are new users at the end of February 2021. Impact for the project Source: http://eng.istio.io/ The team (1/3) Organizer’s Committee Co-lead Aizhamal Nurmamat

specific developments in the project. Participant feedback The majority of participants agree that they had enough information about the future of Istio project. Most participants felt empowered fun time and teamwork, where participants solve together different challenges. Impact for the project 1,818 New followers on Twitter since event was announced (January to date). 383,428 Twitter 81% Of Istio.io users were first-time users during the month of April 2022. Impact for the project Source: http://eng.istio.io/ The team (1/3) Program Committee Co-lead Lin Sun (Solo.io) Co-lead

leveraged for Net-istio is A Knative ingress controller for Istio. Knative is an open source project which provides a set of components (Serving and Eventing) that introduce event-driven and serverless capacity. In Istio 1.5.4: Istio scalability optimization during Knative Service provisioning Project Component CPU MEM HorizontalPodAutoscaler (HPA) request limit request limit Istio (1.7.3) istio- which cost ~5 seconds for Knative application pod code start. o Every sidecar needs full mesh information by default. Not a scalability solution. o Activator needs to probe the service endpoint since

best of the cloud to you Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Thank

of the cloud to you3334 Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Thank

Horizon Platform HP has lots of projects, deployed on cloud. They have common features, also have project specified feature. We provide a common platform includes all common features, connect all projects Common services are in core cluster Projects shared solution cluster • Different namespace • Project runs as tenant, need control rights Solution cluster connect core cluster with Istio multi-cluster

structure/name convention of the generated xDS by Pilot ● It depends on some cluster-specific information such as service cluster IP ● We need to manually create tons of EnvoyFilter, one for each of the the port name because it's a TCP service from the standpoint of Istio. Visit Github to get more information https://github.com/aeraki-framework/aeraki #IstioCon Aeraki Configuration Example: Dubbo Service