services in the cluster. Description The controlPlaneSecurityEnabled feature has recently been refactored and had a storied past. This feature was originally intended to enforce that all communications to and the service mesh, mTLS, and in particular, no plaintext commu- nication should be possible. This feature was enabled by default in Istio 1.4 but in Istio 1.5, it was disabled again with notes that it should anything of meaning, remove it completely. Alternatively, modify the controls such that using this feature does in fact enable security between these services. The current documentation states: “In Istio

WebAssembly (Wasm) support ● Secure by default ○ Secret Discovery Service (SDS) ○ Auto mTLS ● API and feature promotion ○ Networking/Security APIs ○ Virtual Machine expansion/Multi cluster mesh https://istio production adoption of Istio ● Stable core ○ Current Istio functionality meets user needs ○ Measured feature introduction ● Reducing operational overhead ○ Maintenance ○ Upgrades ○ Debugging https://istio user roles and responsibilities https://istio.io/latest/blog/2020/tradewinds-2020/ #IstioCon Feature Graduation ● Enhancement workflow ○ CNI ○ IPv6 ○ Dual-stack (IPv6/IPv6) ○ Virtual Machine Expansion

restriction that a plugged in CA certificate must use ECC cryptography (using ECDSA P-256) to use this feature ● Only ECDSA P-256 is supported #IstioCon pilot-agent environmental variables Disclaimer: Environmental Alpha feature ○ There will be a migration path and environmental variables as used in this talk will continue to be supported through at least 1.10 to allow users to migrate towards this feature #IstioCon

across all supported methods. #IstioCon Definition of Done Goal: To make Istio releases and feature quality consistent and predictable #IstioCon Definition of Done: Approach ● Automation where possible easy to consume through checklists and continuous feedback So Far… ● Release Notes tooling ● Feature Maturity Process ● Release Maturity Process #IstioCon Old System Expectation: Maintainers would Better communication of what’s important to users and more time saved for developers. #IstioCon Feature Maturity ● Consistent checklist of requirements for each maturity level: experimental, alpha, beta

You Are Innovating Too Fast! #IstioCon Istio Feature Process Tracked at the Istio enhancements repository Checklist and approval required for feature promotions: Experimental->Alpha->Beta->Stable

to buying and selling, users actively communicate through the buyer/seller chat and the “Like” feature. The Mercari app is a C2C marketplace where individuals can easily sell used items. We want to abstractions to maximize the added value of Istio to our users: ● Automating the onboarding ● Making a feature fully automated and managed It improves by a lot: ● The user experience for developing services

Grained RBAC + NGAC 9:25 Schedule Preview Istio Fault Tolerance 11:25 Ambient Q&A 10:50 Istio Feature Gates 12:00 Ambient + Pod Identity 12:40 Multiplayer Istio WASM 1:15 What’s New Since 2022 CNCF

has lots of projects, deployed on cloud. They have common features, also have project specified feature. We provide a common platform includes all common features, connect all projects with istio. #IstioCon

memory which could allow a malicious actor to send a large http request and cause DoS. This is a feature of the h2c library and is documented here: https://pkg.go.dev/golang.org/x/net/http2/h2c. It says: