Back To Schedule
Tuesday, May 21 • 11:55 - 12:30
Istio New Workload Identity Provision Pipeline Based on Envoy SDS - Quanjie Lin & Diem Vu, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:
1. Background topics like what is envoy SDS, the motivation why the
new system is introduced;
2. High level end-to-end architecture, deep dive into some design
decisions we made during development;
3. CNCF projects we leveraged during development (kubernetes,
envoy, helm, spiffe etc);
4. Real enterprise customers’ user cases that built on top of this new
system in production;
5. How to plug customer CA into the new system for your user case.

From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects.

[Note: I could demo if time allowed]


Diem Vu

Software Engineer, Google
Diem Vu is a software engineer at Google. He is currently working on Istio, leading the security policy area. Before joining Istio, he worked in Google shopping search for over 6 years. He earned his master degree from UCSD, and bachelor from Monash university.

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.

Tuesday May 21, 2019 11:55 - 12:30 CEST
Hall 8.1 G1