首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(8)Istio(8)

语言

全部英语(5)中文(简体)(2)英语(1)

格式

全部PDF文档 PDF(8)
 
本次搜索耗时 0.013 秒,为您找到相关结果约 8 个.

  • pdf文档 Istio is a long wild river: how to navigate it safely

    specifications ● Kubernetes shortcomings with sidecar containers ○ Controlling containers lifecycle ○ Autoscaling pods with sidecar containers ● Are you prepared to handle Istio? ● A full mesh is sidecar containers Stabilizing Istio Pod A is the Kubernetes atomic unit Pod App container Sidecar container Pods are the atomic unit, not containers. 15 15 Shortcoming 1: Controlling the running order for containers Stabilizing Istio Kubernetes lacks good control APIs to customize the containers lifecycle in a pod. There is no official way to instruct
    0 码力 | 69 页 | 1.58 MB | 1 年前
    3

  • pdf文档 Istio Security Assessment

    Istio Client-Side Bypasses 014 Low Sidecar Envoy Administrative Interface Exposed To Workload Containers 018 Low DestinationRules Without CA Certificates Field Do Not Validate Certificates 019 Low Default Google / NCC Group Confidential Finding Sidecar Envoy Administrative Interface Exposed To Workload Containers Risk Low Impact: Low, Exploitability: Medium Identifier NCC-GOIST2005-018 Category Access Controls istio/install/gcp/bootstrap/gcp_envoy_bootstrap.json • istio/pkg/config/mesh/mesh.go Impact Workload containers can access potentially sensitive configuration data and manipulate the sidecar Envoy proxy process
    0 码力 | 51 页 | 849.66 KB | 1 年前
    3

  • pdf文档 Kubernetes容器应用基于Istio的灰度发布实践

    v1 spec: containers: - image: rating-v1 ... --- kind: Deployment metadata: name: rating-v2 spec: replicas: 3 template: metadata: labels: app: rating version: v2 spec: containers: - image: rating-v2
    0 码力 | 38 页 | 14.93 MB | 1 年前
    3

  • pdf文档 Kubernetes容器应用基于Istio的灰度发布实践

    version: v1 spec: containers: - image: rating- v1 kind: Deployment metadata: name: rating-v2 spec: replicas: 3 template: metadata: labels: app: rating version: v2 spec: containers: - image: rating-
    0 码力 | 34 页 | 2.64 MB | 6 月前
    3

  • pdf文档 Istio audit report - ADA Logics - 2023-01-30 - v1.0

    existing fuzzing set up. At the start of the audit, we made the following observations: ● Istio is integrated into OSS-Fuzz with 63 fuzzers running continuously. ● All fuzzers are hosted in the Istio repository need more data, but only the provenance would need improvement. The slsa-github-generator can be integrated into Istio's build pipeline as a first step to start 53 Istio Security Audit, 2023 work on provenance
    0 码力 | 55 页 | 703.94 KB | 1 年前
    3

  • pdf文档 SberBank story: moving Istio from PoC to production

    Istio Ingress Istio Egress Istio 1.6 Istio 1.6 Service Mesh Operator Lessons Learned 1. Init containers maybe not the best option • NET_RAW and NET_ADMIN • Traffic failures due to init restarts (#16768)
    0 码力 | 14 页 | 1.68 MB | 1 年前
    3

  • pdf文档 Is Your Virtual Machine Really Ready-to-go with Istio?

    policies in the same way, across compute environments ● Observability ○ See VM metrics alongside containers ● Extensibility #IstioCon Why Should Istio Support VMs ● ≈ Why VMs? ○ Technical reasons ■
    0 码力 | 50 页 | 2.19 MB | 1 年前
    3

  • pdf文档 Istio Service Mesh at Enterprise Scale

    Logical Service for Developers ○ Multi-cluster Identity ○ Multi-region Endpoint ○ Istio config integrated with gitops deployment ○ Init modifications to prevent proxy startup race conditions Thank You
    0 码力 | 12 页 | 1.23 MB | 1 年前
    3
共 8 条
  • 1
前往
相关搜索词
IstioislongwildriverhowtonavigateitsafelySecurityAssessmentKubernetes容器应用基于灰度发布实践auditreportADALogics20230130v1SberBankstorymovingfromPoCproductionServiceMeshatEnterpriseScale