Istio New Workload Identity Provision Pipeline Based on Envoy SDS
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:1. Background …
| Talk Title | Istio New Workload Identity Provision Pipeline Based on Envoy SDS |
| Speakers | Diem Vu (Software Engineer, Google), Quanjie Lin (Software Engineer, Google) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Barcelona, Spain |
| Date | May 19-23, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:1. Background topics like what is envoy SDS, the motivation why thenew system is introduced;2. High level end-to-end architecture, deep dive into some designdecisions we made during development;3. CNCF projects we leveraged during development (kubernetes,envoy, helm, spiffe etc);4. Real enterprise customers’ user cases that built on top of this newsystem in production;5. How to plug customer CA into the new system for your user case.From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects.[Note: I could demo if time allowed]
