Service Mesh

• Envoy
  • Network Filter
    • Taming a Network Filter
    • Lifecycle of a Network Filter
    • Practical Applications
      • Gatekeeping
      • Collecting Protocol-specific Stats
      • Feeding Protocol-specific Metadata
      • Reshaping Traffic
      • Protocol-specific Routing and Load Balancing
    • Native Envoy extensions (C++) vs WebAssembly
    • Conclusion
  • TCP Proxy
    • TCP Proxy
      • TCP Proxy Configuration
        • Dynamic cluster selection
        • Routing to a subset of hosts
        • Statistics
        • TCP Proxy(proto)
    • Envoy Socket backlog
• Istio
  • Istio mTLS
    • Istio mTLS 自动识别说明(Smartness Explained)
      • Introduction
      • Environment details
      • Scenario 1, no sidecars on either side
      • Scenario 2, non-injected client to injected and non-injected services
        • Why is Istio/envoy allowing plain text?
        • Enable STRICT mode
          • STRICT mode filter chains
        • FilterChain matching
          • ALPN
            • How client sidecar adds Istio-defined ALPNs in the TLS client hello message
              • http traffic
              • tcp traffic
        • Switch back to PERMISSIVE mode
          • PERMISSIVE mode filter chains
      • Scenario 3 i.e injected client talking to injected and non-injected servers
        • Injected client to injected sever
        • Injected client to non-injected sever
      • Summary
    • Understanding Istio’s Secure Naming
      • Certificates
      • Istio Mutual TLS Authentication
      • Example
        • What all happens at data path?
          • DNS Resolution
          • mTLS Handshake with resolved address
          • DNS Spoofing
          • Secure Naming to rescue
      • What about SAN validation for non-mesh services
      • Summary
  • Metadata Exchange
    • HTTP
      • Goal
      • Design Proposed Work
      • Stateless approach
        • HTTP header size considerations
    • TCP
      • TCP MX
        • metadata exchange plugin
          • Metadata exchange plugin introduction
        • TCP MX 设计文档
          • 内部实现细节
    • Ref
      • metadata exchange plugin
        • Metadata exchange plugin Introduction
          • Stats plugin
            • For HTTP, HTTP/2, and GRPC traffic the proxy generates the following metrics
            • For TCP traffic the proxy generates the following metrics
        • Feature gaps between Mixer-based telemetry and Telemetry V2
  • Istio ALPN
    • Protocol sniffing
      • Background
      • Objective
      • Overview
        • Protocol sniffing for inbound listener
          • Filter chains
          • Get ALPN
          • Alternatives Considered
    • Other
      • istio-alpn-upstream
        • ALPN 名字
          • TCP ALPN
          • HTTP ALPN
      • Istio ALPN Issues
  • Istio Gateway TCP Keepalive
    • socket opts
      • socket 级别的 opts 列表：
      • TCP 级别的 opts 列表
      • Linux 的协议列表
      • Linux 的默认的参数值
    • 常见 Load Balancer / TLS proxy 的行为
      • 自动 keepalive load balancer 的两端
      • 偷偷关闭连接
    • 相关的 Envoy 配置资料
  • Design Doc Links
    • Nebulous Future
    • Release 1.4
    • Release 1.3
    • Release 1.1
  • Observability
    • Understanding TCP telemetry collection
      • TCP attributes
    • Access Log
      • Pod Level enable access log