首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(4)Istio(4)数据库(1)Redis(1)

语言

全部英语(5)

格式

全部PDF文档 PDF(5)
 
本次搜索耗时 0.030 秒,为您找到相关结果约 5 个.

  • pdf文档 Istio at Scale: How eBay is building a massive Multitenant Service Mesh using Istio

    Application Deployment: Cloud Layout ● Multiple K8s Clusters in an AZ ○ Each K8s cluster ~ 200 - 5,000 nodes ○ Upto 100,000 Pods in a cluster ○ 10,000+ K8s services - including prod, pre-prod, staging worst-case scenario Region R1 AZ 1 AZ 2 AZ n Data Center DC1 K8s Cluster K8s Cluster K8s Cluster K8s Cluster K8s Cluster K8s Cluster Region Rn #IstioCon Application Specs Region services - Global IPAM, Access-control Policy store, etc. ● AZ Control Plane ○ Syncs specs to workload K8s clusters in the AZ ○ Shared-Nothing Architecture ■ Hosts services catering to the AZ, e.g., AZ
    0 码力 | 22 页 | 505.96 KB | 1 年前
    3

  • pdf文档 Service mesh security best practices: from implementation to verification

    Prevention Certificate Authority K8s Network Policy K8s RBAC Audit Logging Image Verification Admission Control Workload Identity K8s RBAC K8s CNI AuthZ Policy Peer AuthN Policy access control Service 2 Service 1 1. Ensure traffic is natively encrypted, such as HTTPS 3. use k8s network policies to limit traffic bypassing sidecars Cluster security best practices: safely handle & authz policies Namespace bar 2. Enforce k8s RBAC policies: roles bound to namespace, only mesh admins are allowed to have ClusterRole. 1. Use k8s network policies to limit the traffic in & out
    0 码力 | 29 页 | 1.77 MB | 1 年前
    3

  • pdf文档 Is Your Virtual Machine Really Ready-to-go with Istio?

    External IPs #IstioCon V1.1 ServiceEntry #IstioCon V1.6-1.8 Better VM Workload Abstraction A K8s Service and Pods Two separate object with distinct lifecycles Before Workload Entry, a single Istio WorkloadEntry Component Deployment WorkloadGroup Service registry and discovery Service ServiceEntry K8s Pods labels: app: foo class: pod ServiceEntry selector: app: foo Istio Workload Entries labels: ■ based on a platform-specific identity ■ w/o a platform-specific identity ● using a short-lived K8s service account token ● Automatic certificate rotation ● Validation of the proxy’s status for VM-based
    0 码力 | 50 页 | 2.19 MB | 1 年前
    3

  • pdf文档 Redis TLS Origination through the sidecar

    ation.html What are we solving? Architecture: K8s app using Redis over TLS only app-1 Namespace ms-1 K8s Pod External DB ms-2 K8s Pod ms-3 K8s Pod TLS only ● App with multiple microservices visibility into Redis traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP
    0 码力 | 9 页 | 457.76 KB | 1 年前
    3

  • pdf文档 Performance tuning and best practices in a Knative based, large-scale serverless platform with Istio

    platform has multiple shard k8s clusters, each cluster should support 1000 sequential (interval 5s) Knative service provisionings with route ready time <= 30s. Type Info K8s Cluster Capacity 12 nodes
    0 码力 | 23 页 | 2.51 MB | 1 年前
    3
共 5 条
  • 1
前往
相关搜索词
g2sIstioAtScaleeBaySudhiService meshIstiof9t4RedisTLSOriginationSamStoelinga