with application layer error codes ○ HTTP status code ○ Redis Get error ○ ... ● Observability with application layer metrics ○ HTTP status code ○ Thrift request latency ○ ... ● Application layer AwesomeRPC in Istio? #IstioCon How to Manage AwesomeRPC Traffic in Istio? Pilot Envoy Code changes at the Pilot side: ● Add AwesomeRPC support in VirtualService API ● Generate LDS/RDS for 通过 Provider 的 deployment 设置 SERVICE_GROUP 环境变量 3. 在 consumer 发起调用时设置 batchJob header 4. 设置相应的 DR 和 VS 流量规则 https://docs.qq.com/doc/DVnlqUVB1ek1laFBQ #IstioCon Aeraki Demo: 地域感知负载均衡(Dubbo) 场景：在开通地域感知负载均衡功能时，consumer

service | "unknown" destination_version: destination.labels["version"] | "unknown" response_code: response.code | 200 Istio & Kubernetes: 总结 对于云原生应用，采用Kubernetes构建微服务部署和集群管理能力，采用 Istio构建服务治理能力，将逐渐成为应用微服务转型的标准配置。 Controller List/watch reLoad Istio灰度发布：基于权重 apiVersion: … kind: VirtualService metadata: name: vs-svcb spec: hosts: - svcb http: route: - destination: name: v1 weight: 20 - destination: name:

service | "unknown" destination_version: destination.labels["version"] | "unknown" response_code: response.code | 20015 Istio & Kubernetes: 总结 对于云原生应用，采用Kubernetes构建微服务部署和集群管理能力，采用 Istio构建服务治理能力，将逐渐成为应用微服务转型的标准配置。16 Ingress-Controller List/watch reLoad22 Istio灰度发布：基于权重 apiVersion: … kind: VirtualService metadata: name: vs-svcb spec: hosts: - svcb http: route: - destination: name: v1 weight: 20 - destination: name: v2

Upgrades ○ Debugging https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Early adopter vs Maintainer ● Consumes latest & greatest Istio ● Utilize new capabilities ● Desire tooling to ensure Detecting backwards incompatible changes ● Measuring developer efficiency ○ Test flakes ○ Feature and code coverage ● Feature promotion efficacy ● Improving overall developer experience https://istio.i

Provide a minimal declarative configuration describing where to onboard the workload to Bridged Mode vs Direct Mode ● Bridged: Indicates that the configurations to be added to the group will use macro APIs

SNI and virtual Service ● AUTO_PASSTHROUGH: pass through the TLS traffic purely using SNI without VS apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec:

model of Istio to guide the security audit as well as future security audits. 2. Carry out a manual code audit for security issues. 3. Review the fixes for the issues found in an audit from 2020. 4. Review obtained in parts of code bases that receive less attention. Our assessment is that, not counting the Operator, Istio is a very well-maintained and secure project with a sound code base, well-established test coverage with little to no room for improvement. We identified a few APIs in security-critical code parts that would benefit from fuzzing and wrote fuzzers for these. In total, 6 fuzzers were written

its control plane. The goal of the assessment was to identify security issues related to the Istio code base, highlight high risk configurations commonly used by administrators, and provide perspective areas of focus for subsequent phases of the assessment. A test plan was created which matched areas of code with specific security controls (e.g. service discovery, certificate lifecycle, side car injection) architectures were used to provide testers with a way of validating that security expectations in the code were implemented when deployed. Each environment was deployed following Istio Documentation using

com/gracezhang1110, www.linkedin.com/in/gong-zhang-75560670/ Advisory Software Engineer of IBM Cloud Code Engine team focusing on Knative Serving and Istio, contributor of the Knative and Cloud Foundry com/in/yu-zhuang- 51915287/ Architect and Senior Software Engineer in IBM Cloud. Working on IBM Cloud Code Engine (Serverless platform), focusing on Knative, Istio, and Tekton, community, leading team to running, and managing serverless, cloud- native applications. It provides benefits: Focus on code Scale to zero Quick entry to serverless computing … … traffic management observability security

wizards of Stack Overflow. Bugs And Security ● Read this quick explanation on how to report bugs, in code or in documentation. ● The Istio security team responds rapidly to vulnerability reports. Read how Contributor ● The Istio Community README is the starting point for contributors who want to work on code, docs or other parts of Istio. ● You can access our trove of technical content and working documents the Value of Community Housekeeping • View the full IstioCon-VIRTUAL schedule • Abide by CNCF Code of Conduct • Use the official #IstioCon in your social conversations • Join #istiocon slack channel