Explore the security aspects of Istio Ambient Mesh in this 22-minute conference talk by Christian Posta from Solo.io and John Howard from Google. Delve into the architecture decisions made to preserve zero-trust properties in the sidecarless data plane implementation. Learn about mTLS, workload identity, and security boundaries between infrastructure and application worlds. Examine the secure overlay surface area, system boundaries, and blast radius boundaries. Understand the implications of compromised nodes, data planes, applications, and control planes. Discover the role of Waypoint Proxy and how it contributes to ease of operations in Istio Ambient Mesh.
Is Istio Ambient Mesh Secure - Exploring Service-to-Service Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Istio Ambient Mesh Data Plane
Sidecar architecture
Ambient architecture
Secure Overlay Surface Area
System Boundaries
Blast Radius Boundaries
Compromised node
Compromised data plane
Compromised application
Compromised control plane
Waypoint Proxy
Ease of Operations
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Simplifying Service Mesh Operations with Istio Ambient Mesh
-
Ambient Mesh with Marino Wijay & Matt Turner
-
Extending Sidecarless Applications with Wasm in Istio Ambient Mesh
-
A Packet Eye View of the Istio Ambient Mesh
-
Introduction to Ambient Mesh - Conf42 Kube Native 2023
-
Istio Ambient Service Mesh Made Simple
