Catalog Details
CATEGORY
securityCREATED BY
UPDATED AT
August 08, 2024VERSION
0.0.1
What this pattern does:
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
Caveats and Consideration:
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
Compatibility:
Recent Discussions with "meshery" Tag
- Aug 07 | Trying to build server on meshery is failing
- Aug 07 | Meshery Development Meeting | Aug 7th 2024
- Aug 04 | Unable to run Meshery locally
- Aug 04 | How to setup e2e testing environment with playwright and docker for Meshery
- Jul 31 | Unable to access meshery server after meshery server status is running
- Jan 13 | Successfully setup cloud based developer environment to contribute to Meshery using GitHub Codespaces
- Jul 20 | Looking for a Meshmate for LFX
- Jul 17 | Meshery Development Meeting | July 17th 2024
- Nov 11 | Unable setup local Meshery development server
- Jul 13 | Looking for a Meshmate as I want to apply for this project in LFX mentorship program