Istio in favour of non-security-sensitive parts. Some components that are particularly exposed had been tediously audited, whereas other components had practically been le� unaudited. There are pros and exhaustion issues and other issues stemming from improper usage of the language. Istio consists of two components: The controlplane and the dataplane. The data plane handles the connection between services and Egress Sidecar External Apis High to low Traffic leaving the dataplane for external APIs. Security Components One of the advantages of using Istio is that it offers a series of security features related to

enlisted NCC Group to perform an assessment on the open-source version of Istio and all of its components. Istio is a modern service mesh technology stack often used within Kubernetes clusters to provide in this case means enabling the Distroless image which can be used by other Istio control plane components (like Pilot) as well as the sidecars used by Pods and workloads. Make this configuration the default directly accessed by workload containers, and, ideally, also cannot be directly accessed by non-Istio components such as users and general service 36 | Google Istio Security Assessment Google / NCC Group Confidential

Knative ingress controller for Istio. Knative is an open source project which provides a set of components (Serving and Eventing) that introduce event-driven and serverless capabilities for Kubernetes issue. • Tune CPU/MEM to ensure enough capacity Leveraged Metrics to monitor Istio & Knative components’ CPU and MEM under workload to avoid CPU throttling and OOM and ensure enough capacity. In Istio

configs for VMs, incl. `cluster.env`, DNS config, Istio authN secrets etc. ○ Setup dnsmasq, Istio components in the VM and verify functionality ○ Configure sidecar interception; restart Istio and manually Protection ● SDS (Secret Discovery Service) ● A stricter security model ○ Protections for inline components & workflows ○ Trust model augmentation ■ Impersonating ■ Secret clear in memory ■ Secret persistence

Namespace isolation helps reduce Istio proxy resources #IstioCon Next Steps ● Move stateful components in to mesh discovery and routing ● Expose gateway services via Istio Gateway ● Towards RESTRICTED

understanding of how monitored services are interacting, both with other services and with the Istio components themselves. Metrics Distributed Traces Access Logs #IstioCon Excellent Observability Istio(envoy)

NodePort service type instead of a LoadBalancer Architecture ● Multi cluster ● Multi mesh ● Components ○ Management plane ○ Global control plane ○ Local control plane TSB Management Plane ● Front

MTTR, #bugs-in-production, Reduced eng effort for testing, velocity) – Early testing of services components auto-generated from end-to-end tests – Significantly reduced time and cost for API testing for