CVE Fixes, Envoy proxy & GetEnvoy, Istio, Open Source, Security

Upgrade: Istio and Envoy CVE security fixes

Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.

CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.

Read More
Istio, Open Source, Security

Podcast: How did Autotrader UK got mTLS and more from Istio

 

TC Currie sat down with Autotrader UK’s Karl Stoney– a DevOps thought leader– to discuss what led them to Istio.

Karl explains that the main reason for the move had been their wish for transparent, mutual TLS, which they wanted to implement without modification to existing apps. He explains that they understood the best way to do this was using a sidecar model, and began their transformation with the use of Google’s managed Kubernetes offering ‘GKE’ when the conversations then pointed to Istio.

Read More
Envoy proxy & GetEnvoy, Istio, Open Source

Podcast: How complex is Istio? Learn from its co-founders

The co-creators of Istio– Louis Ryan of Google and Tetrate’s Varun Talwar– talk with TC Currie on the history of Istio, how it came to exist in its current form and the collaboration between Google, IBM and Lyft that got the project off the ground. They address how the project was designed to allow businesses to solve observability issues, routing problems, security, and policy concerns all in one place.

Read More
Events, Istio, Service Mesh

Using gRPC to solve the problems of REST APIs: Service Mesh Day video and transcript (Venil Noronha)

Transcript

All right. Thanks for joining me in this talk. My name is Venil Noronha and I worked with the VMware open source technology center. I have a fun job that is to contribute upstream to Istio and Envoy full time. Today we’ll have a look at rest API in some problems associated with rest APIs and how gRPC solves these problems. And finally we’ll have a look at how we can take the gRPC experience to applications running on a web browsers with the help of gRPC web and Istio.

Read More
David Ferraiolo, NIST - Unpacking Next Generation Access Control
Events, Service Mesh

Unpacking Next Generation Access Control (NGAC) and Tetrate Q

Ferraiolo gave an in-depth presentation on Next Generation Access Control (NGAC), an ANSI/INCITS standard that boldly goes where no RBAC or ABAC has gone before. NGAC enables diverse access control policies to be specified and enforced in combinations. And while NGAC can be deployed in various environments, Tetrate’s Ignasi Barrera joined Ferraiolo to demonstrate its implementation in a service mesh where it’s capable of providing a complete authorization framework.

David Ferraiolo, NIST and Ignasi Barrera, Tetrate

David Ferraiolo of NIST and Tetrate’s Ignasi Barrera presented on Next Generation Access Control at Tetrate’s Service Mesh Day 2019 in San Francisco.

Read More
Configuring Envoy Envoy 101: Configuring Envoy as a Gateway
Envoy proxy & GetEnvoy, Events, Istio, Service Mesh, Tetrate

Envoy extensibility and service mesh; Video highlights from KubeCon Barcelona 2019

At KubeCon Barcelona this May 20-23, 2019, 7,700 attendees gathered to discuss emerging trends in cloud native computing, microservices architectures and container orchestration. Tetrate, which offers enterprise-ready service mesh solutions for networking and observability, was proud to send four of its engineers to participate in five of the scheduled sessions.

Lizan Zhou, who is both a founding engineer at Tetrate and a senior maintainer of Envoy, led both an “Intro to Envoy” session…

Lizan Zhou, “Intro to Envoy”

…and a “Deep Dive into Envoy” focused on extensability.

Read More