Istio New Workload Identity Provision Pipeline Based on Envoy SDS – Quanjie Lin & Diem Vu, Google

57

Istio New Workload Identity Provision Pipeline Based on Envoy SDS – Quanjie Lin & Diem Vu, Google

Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers: 1. Background topics like what is envoy SDS, the motivation why the new system is introduced; 2. High level end-to-end architecture, deep dive into some design decisions we made during development; 3. CNCF projects we leveraged during development (kubernetes, envoy, helm, spiffe etc); 4. Real enterprise customers’ user cases that built on top of this new system in production; 5. How to plug customer CA into the new system for your user case. From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects. [Note: I could demo if time allowed]

sched.co/MPfJ
Join us for KubeCon + CloudNativeCon in Shanghai June 24 – 26 and San Diego November 18 – 21! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Join us for KubeCon + CloudNativeCon in San Diego November 18 – 21. Learn more at bit.ly/2WdUyQ6. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.