into memory before the Handler is called. To limit the memory consumed by this request, wrap the result of NewHandler in an http.MaxBytesHandler.” John found that when the recommended MaxBytesHandler com/istio/istio/blob/master/operator/pkg/util/tgz/tgz.go#L70 ) // This creates a malicious Gzip file that will result in // arbitrary file write when extracted by https://github.com/istio/istio/blob/master/operator/pkg/util/tgz/tgz 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 // Get sends an HTTP GET request and returns the result. func Get(url string) ([]byte, error) { resp, err := http.Get(url) if err != nil { return nil,

9080 - match: - uri: exact: /login redirect: uri: / authority: www.nccgroup.com 6. Save the result of the following 7. Run the following command and observe that a normal HTML page is returned curl istio-ingressgateway, in the istio-sys tem namespace to handle requests for all namespaces. As a result of this, it is possible for Gateways in different namespaces to declare servers lists with colliding // do not expect an error here _, _ = buf.WriteTo(hasher) pool.PutBuffer(buf) result := hasher.Sum(nil) return string(result) Recommendation Use a cryptographically secure hash, such as: • a SHA2-family

label namespace default istio-injection=disabled/enabled ） http http http http http http http Result: can access reviews-v1, reviews-v2 and reviews-v3 Access productpage #IstioCon Istio Identity istio-proxy curl localhost:15000/config_dump #IstioCon Istio identity – check configuration result ● Result: cert generated automatically with Istio identity 1) Apply peer-authentication to enable server

testing for microservices architectures with Istio – Fewer failures higher up the test pyramid as a result of improved API tests • Istio benefits – Venky / Prasad – point here • Demo • Questions 2 Structure independently - Updates to an API require updating corresponding Service and Component tests - As a result, teams would go for just E2E tests | CONFIDENTIAL 6 Teams often focus on End-to-End tests (besides

Page /bus/routes/bruxelles/lille 1 2 AFTER /bus/routes/bruxelles-1/lille-3 #IstioCon And the result is ?????? Happy users: I will be automatically redirected to the new page instead of seeing an

box and the pull request will merge. New System Release Notes #IstioCon Release Notes: As a result... ● Release notes are thought of up-front as part of changes, with context by the people who know

HTTP/2 load-balancing capabilities out-of-the-box ● We tried it as-is, with existing gRPC services ● Result: Weird 5XXs on upstream service pod rollout ● No matter how well our services handled graceful termination