currently have a reference design for what an ideal Kubernetes cluster with Istio running within it. Instead, NCC Group used various hosting options (i.e. Minikube, GKE, KOPS) to build reference clusters and and test various configurations. These reference architectures were used to provide testers with a way of validating that security expectations in the code were implemented when deployed. Each environment a great goal and should continue to expand upon it. Consider whether this could be expanded to reference other documentation that provides deeper insight. • /docs/setup/additional-setup/config-profiles/:

gRPC/HTTP Analysis Core Query CoreIstio telemetry Attribute Vocabulary https://istio.io/docs/reference/config/policy-and- telemetry/attribute-vocabulary/Metric settings in Istio bypass adaptor• Service / concepts-and-designs/oal.md • Extendable Aggregation Functions • Aggregation Function • Count • Calls per minute • Avg response time • Sum • Thermodynamic • P99/P95/P90/P75/P50Grammar

to multi-region setup #IstioCon Approach #IstioCon Rollout - Istio setup and Microservices ● Split rollout in to phases ● Setup control plane and related tooling ● Sidecar injection by namespace

maximum scalability by fully leveraging Istio features in Knative with service mesh enabled ● Reference Agenda #IstioCon Knative and Istio Istio is the default networking layer solution of Knative mesh enabled • Enable Istio mesh on Knative – Pod IPs addressable directly in mesh #IstioCon Reference ● IBM Cloud Code Engine which fully managed, serverless platform(including knative and istio) ● Pilot agent config https://istio.io/latest/docs/reference/commands/pilot-agent/ ● Istio Sidecar Configuration https://istio.io/latest/docs/reference/config/networking/sidecar/ ● Istio CNI plugin https://istio

resources to each proxy in the mesh. It is written in the official documentation, and actually, reference values are only disclosed for when namespace isolation is enabled. 34 The Sidecar CRD to save Putting sidecars everywhere has a cost ○ Latency ○ Compute resources The Istio 1.9 community reference values for sidecar performance are: ● Latency: +2.65 ms at p90 (no telemetry) ● Compute resources:

#IstioCon Excellent Observability - Access logs Log Files Parse Istio-proxy Log • Each API Access Count • Each API Fail Rate • Each API Latency Easy to debug Easy to report Easy to alert Elastalert

#IstioCon Demo time #IstioCon Thank you ! ● Your laptop as part of the service mesh @ Medium ● Reference implementation and run-it-yourself-demo at github.com/omio-labs/devro ute

environmental variables that can be set. For more information see https://istio.io/latest/docs/reference/commands/pilot-agent/#envvars Remember: Always look to see if there are other, better ways of

75” } createOrder Response: Test { “orderId”: “ORDR1892533”, “orderValue”: “28.00” } Reference data Problem • Not all differences are errors Challenge • Assertion creation/maintenance is effort

expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information