Pattern Details
CATEGORY
DeploymentCREATED BY
UPDATED AT
April 04, 2024VERSION
1.0
What this pattern does:
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
Caveats and Consideration:
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
Compatibility:
Recent Discussions with "meshery" Tag
- Mar 28 | Meshery Build and Release | March 28th 2024
- Mar 27 | Meshery Development Meeting | 27th March 2024
- Mar 13 | Badge leveling system proposal
- Mar 20 | While running the command Make-server. localhost shows 404 not found. Are there any possible solution to fix also please suggest the setting up the project using docker route
- Feb 23 | Local Environment Setup TroubleShooting error
- Mar 20 | Meshery Development Meeting | March 20th 2024
- Mar 11 | [Help Wanted] A list of open DevOps-centric needs on Meshery projects
- Mar 17 | Error while deploying pod on meshmap
- Mar 15 | Meshery Build & Release Meeting | March 14th, 2024
- Mar 13 | Can i know ,is it possible to have admission controllers and CRD's in meshery catlog? or will support in future?