#IstioCon Istio Project Update Lin Sun @linsun_unc #IstioCon Speaker Intro #IstioCon Istio Community Number of contributors last 12 months: 350+ contributing companies 500+ PR authors 1900+ 1900+ contributors Istio Community #IstioCon Service Mesh Surveys Using service mesh in production, from CNCF 2020 Survey What I like most about Istio Continuous INNOVATION and transformation with verify-install upgrade Istio simplify install helm3 #IstioCon Pilot Mixer Citadel Node Agent Injector Galley istio-system Node Pod Sidecar Pilot Agent Ingress Egress Istio Single Cluster Simplified

#IstioCon Local Istio Development John Howard / @howardjohn / Google #IstioCon Fully Cloud docker push kubectl apply docker pull #IstioCon Fully Cloud docker push kubectl apply docker pull Fast! Image transfers are over localhost + Reproducible configuration with other developers and Istio tests + Easy to setup bespoke clusters, including enabling alpha features and multicluster - Local No Istio dependency. Great for minimal Envoy bug reproductions + Great for rapid iteration of Envoy options - Very different from production environment - May be challenging to reproduce Istio configurations

Istio Meetup China Accelerate Service Mesh Network with ebpf Luyao Zhong Istio Meetup China Agenda ● TCP/IP stack overhead in service mesh ● Background knowledge of eBPF ● Independent solution to to bypass TCP/IP stack ● Performance Comparision Istio Meetup China TCP/IP stack overhead ● All the application data goes via sidecar (envoy) ● All the data passes TCP/IP stack 3 times ○ Inbound Envoy(same host) Istio Meetup China Dataflow After Acceleration(same host) Istio Meetup China ebpf Background Knowledge Loader & Verification Architecture https://ebpf.io/what-is-ebpf/ Istio Meetup China

Istio Security Assessment Google August 6, 2020 – Version 1.1 Prepared for Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup Google enlisted NCC Group to perform an assessment on the open-source version of Istio and all of its components. Istio is a modern service mesh technology stack often used within Kubernetes clusters to facilitated by its control plane. The goal of the assessment was to identify security issues related to the Istio code base, highlight high risk configurations commonly used by administrators, and provide perspective

Istio As An API Gateway Discussion Flow ● What is an API Gateway? ● What is a Service Mesh? ● Common Features ● API Gateway + Service Mesh together! ● Istio as the API Gateway ● Advantages ● together! Limitations of This Approach ● Maintaining Two Tools ● Maintaining Two Expert Pools Istio as the API Gateway Advantages Advantages ● Same abstractions for all your traffic control needs

#IstioCon Taming Istio Configuration with Helm Ryan Michela / @ryanmichela / Salesforce #IstioCon In this talk This is a talk about using Helm with Istio ● Look at helm from a new perspective ● Helm helps automate Istio day-2 tasks ● Helm gitops #IstioCon HELM The package manager for Kubernetes It’s not just for installation anymore! #IstioCon What is Helm? ● Installer for Charts Helm to get the most from Helm! #IstioCon Managing Istio with Helm #IstioCon How does Helm relate to Istio? ● Istio install built on Helm ● Istio runs on YAML ● Our services are installed with YAML

#IstioCon Debugging Istio Within the Department of Defense Nick Nellis / Adam Toy #IstioCon Istio Going Mainstream Consumer Expectations ● Reliability ● Maintainability ● Usability #IstioCon #IstioCon Maintaining Istio ● Deployments ○ IstioOperator ● Monitoring ○ Prometheus ○ Grafana ○ Zipkin or Jaeger ○ Kiali #IstioCon GetIstio #IstioCon Community discuss.istio.io #IstioCon Community

Jason Webb Vrushali Joshi Istio Service Mesh at Enterprise Scale Feb, 2021 Who are we? Founded 5,000 Developers 50M Customers 1993 IPO $6.8B FY19 Revenue 20 Locations 1983 Why Service Service Mesh? Microservices Kubernetes Service Mesh Istio Monolith Era Intuit Statistics ● 900+ Teams ● 5000+ Developers ● 200+ Clusters ● 7000+ Namespaces ● ~9200 Nodes varies with autoscaling Gateway Book Info Payments Product Info Proxy Proxy Proxy Proxy + k8s Istio mTLS mTLS mTLS ✓ Security ✓ Visibility ✓ Traffic Shaping ✓ Latency ✓ Single Point of Failure

within Istio Zhonghu Xu @hzxuzhonghu #IstioCon About me Zhonghu Xu：an open source engineer from Huawei Cloud. - Github：https://github.com/hzxuzhonghu - Istio steering committee member - Istio Core supported proxy protocol #IstioCon Istio Traffic Flow – inner cluster svcA svcB envoy envoy Pod1：10.244.0.20 Pod2：10.244.0.25 Dest: 127.0.0.1 Src：127.0.0.1 #IstioCon Istio Traffic Flow - ingress svcB Pod2：10.244.0.25 Dest: 127.0.0.1 Src：10.244.0.20 ① Setting annotation sidecar.istio.io/interceptionMode: TPROXY, istio will automatically set the original src filter and iptabels rules #IstioCon Preserve

Automate mTLS communication with GoPay partners with Istio Vijay Dhama, Gojek Zufar Dhiyaulhaq, Gojek Agenda ● GoPay & Istio ● Before mutual TLS ● Implementing mutual TLS ○ Centralized Certificate Certificate Management ○ Ingress mutual TLS ○ Egress mutual TLS ● Challenge & Future Works GoPay & Istio About ● A few hundred developers ● Multiple Kubernetes Clusters ● 250+ microservices ● 150M+ using Envoy and Consul for service discovery. Istio ● We were using Envoy before which made it easy to adopt existing EnvoyFilters into Istio. ● Istio have abstraction concept that make manage things