Kubernetes Podcast from Google What's new in Istio, with John Howard and Keith Mattix
28 snips
Oct 6, 2023 In this podcast, Istio core maintainers John Howard and Keith Mattix discuss the latest updates on Istio, including the introduction of native sidecar containers and the new ambient service mesh architecture. They also talk about implementing Z Tunnel in Rust, enabling mesh transport with H-bone, and the impact of Istio's graduation within the CNCF.
AI Snips
Chapters
Transcript
Episode notes
Z-tunnel and Secure Transport
- The Z-tunnel, a Rust-based component of Ambient Mesh, encrypts inter-pod traffic and directs it to waypoints.
- It was purpose-built for secure transport, outperforming more generic solutions like Envoy in this specific use case.
H-bone Tunneling Protocol
- H-bone is a tunneling protocol based on the MASK standard, used by Istio for mesh transport in Ambient Mesh.
- It tunnels traffic over HTTP and uses the authority header to indicate the destination service.
Z-tunnel as a Transparent Proxy
- Z-tunnel acts as a transparent proxy, with pods unaware of its existence.
- It impersonates pod identities using workload certificates, ensuring secure communication.