Tuesday, May 21 • 11:05 - 11:40
Envoy SDS: Fortifying Istio Security - Yonggang Liu & Quanjie Lin, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In Istio 1.1, Citadel Agent is introduced to dynamically provision x.509 certificates and private keys to workloads through the Envoy Secret Discovery Service (SDS) API. Running on Kubernetes nodes as DaemonSets and standalone on VMs, Citadel Agents improve security by making sure the generated private keys never leave the node and can be securely delivered to workloads via UDS. Citadel Agent also offers flexibility on local workload identity attestation and various adapters to integrate with custom CAs.

In this talk we will demonstrate how SDS makes this model really efficient, and citadel working independently from other Istio components for both K8s and non-K8s workloads.

avatar for Oliver Liu

Oliver Liu

Senior Software Engineer, Google
Dr. Oliver (Yonggang) Liu is a senior software engineer in Google. He is one of the early developers and core engineers of Istio. Oliver has 10 years of experience in research and development of distributed systems and service mesh. Oliver received his PhD degree from University of... Read More →

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.

Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 C2