Quick Summary (from Google Cloud Next ’19 [1]) VM works on Istio! [1] Istio Service Mesh for VM Native, Chris Crall, Jianfei Hu, Google Cloud Next ‘19 #IstioCon Why Add VMs to the Mesh? ● = Why Service Istio control plane services (Pilot, Mixer, CA) accessible from the VMs ○ (optional) Kubernetes DNS server accessible from the VMs ● Onboard steps ○ Setup Internal Load Balancers (ILBs) for Kube DNS, bootstrap certificate, then place that bootstrap certificate on the VM ■ Dependency on K8s API server ■ Requires creating an RBAC impersonation rule for each user ■ Private key and CSR generation limited

20/ ● Fixed budget for infrastructure maintenance ● Desire predictability ● Longer support windows ● Skip releases for upgrades #IstioCon Focus areas for ‘Day 2 Operations’ #IstioCon Stability experience https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Other improvement areas ● Native Kubernetes API integration ○ Kubernetes Service APIs ○ Kubernetes Multi-cluster APIs ● Adopt

com/. Recommendation Within the Webhook.admitPilot() method in istio/pkg/webhooks/validation/server/ server.go, modify the call to Schema.ValidateProto() — and the definition of the method itself — to NCC-GOIST2005-007 Category Access Controls Component Istio Location • istio/istio/security/pkg/nodeagent/sds/server.go#276 • istio/istio/security/pkg/nodeagent/util/util.go#71,#76,#81 • istio/istio/operator/pkg/helm/urlfetcher the codebase where files are being written insecurely: • istio/istio/security/pkg/nodeagent/sds/server.go (line 276) // Update SDS UDS file permission so that istio- proxy has permission to access it

Istio OSS to Enterprise Service Mesh 宋净超（Jimmy Song） September 24, 2022 Shanghai, China Cloud Native Application Networking Secure, Observe and manage microservices Outline ● Background ● Enterprise complexity and lack of operational agility ● You can't be Cloud Native at scale without a modern application- aware network Cloud!=Cloud Native Bare metal VMs Kubernetes VMs ● Monolith was decoupled to

Steering Committee Cloud Native Developer TOC, UX Lead Sr Principal Engineer Schedule Preview Ambient Mesh Made Simple 8:05 Welcome Keynote 7:30 Ambient As Managed Infra 9:25 Roadmap Update 9:35 ess@ Google Group. ● Interested in helping with Chinese language documentation? Join the Cloud Native Community(China). Istio Trends ιστίο • (istío) n (plural ιστία) 1. sail What about the rest of

SidecarIstio + Envoy Representative Service Mesh implementorObserve on mesh Metric from Service Mesh by native supportedPower of out of process adaptor Bypass adpator Adaptor In process Bypass adaptor SkyWalking URI path or gRPC service class + method signature. Core ConceptsIstio telemetry formatSkyWalking native telemetry formatTelemetry to Analysis scope • After you received the telemetry, either from

mesh telemetry analysis, metric aggregation and visualization for cloud-native workloads in a single platform. Leading Cloud Native Varun Talwar Co-founder/CEO Co-creator gRPC, Istio Jeyappragash (JJ)

Workshop attendance Workshop Istio 0 to 60 Workshop Hands-on practices for Controlling Kubernetes Native Apps with Service Mesh Manage and Secure Distributed Services with Anthos Service Mesh Multi-tenant "Need more workshops! :) " Participants agreed that captioning was very helpful for the non-native English speakers. "Wonderful event and speakers,looking forward to join future events" "I enjoy

运行时数据区如何基于Istio的现有组件去实现 Kubernetes Cluster MIxer 全链路关联 平台 Cloud Native App POD Agent logfile Proxy Transaction ID Transaction ID Cloud Native App POD Agent logfile Proxy Transaction ID Transaction

serverless capabilities for Kubernetes clusters for deploying, running, and managing serverless, cloud- native applications. It provides benefits: Focus on code Scale to zero Quick entry to serverless fully managed, serverless platform(including knative and istio) that can host all of your cloud native workloads: https://www.ibm.com/cloud/code-engine ● Kperf, a public Knative benchmark tool helps