Loading…
Back To Schedule
Tuesday, May 21 • 11:55 - 12:30
Istio New Workload Identity Provision Pipeline Based on Envoy SDS - Quanjie Lin & Diem Vu, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:
1. Background topics like what is envoy SDS, the motivation why the
new system is introduced;
2. High level end-to-end architecture, deep dive into some design
decisions we made during development;
3. CNCF projects we leveraged during development (kubernetes,
envoy, helm, spiffe etc);
4. Real enterprise customers’ user cases that built on top of this new
system in production;
5. How to plug customer CA into the new system for your user case.

From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects.

[Note: I could demo if time allowed]
Speakers
DV

Diem Vu

Software Engineer, Google
Diem Vu is a software engineer at Google. He is currently working on Istio, leading the security policy area. Before joining Istio, he worked in Google shopping search for over 6 years. He earned his master degree from UCSD, and bachelor from Monash university.
QL

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.

Istio New Workload Identity Provision Pipeline Based on Envoy SDS pdf
Tuesday May 21, 2019 11:55 - 12:30
Hall 8.1 G1
  Service Mesh