Catalog Details
CATEGORY
securityCREATED BY
UPDATED AT
December 20, 2024VERSION
0.0.1
What this pattern does:
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
Caveats and Consideration:
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
Compatibility:
Recent Discussions with "meshery" Tag
- Nov 25 | Issue: Unable to Run make server-local in Meshery Cloud Setup Due to Soda CLI Dependency
- Nov 28 | Issue on Setting Up Meshery Using Docker
- Nov 22 | Meshery CI Maintainer: Sangram Rath
- Nov 25 | T.roles_names is undefined ( permission path is not provided )
- Dec 04 | Link Meshery Integrations and Github workflow or local code
- Nov 20 | Meshery Development Meeting | Nov 20th 2024
- Nov 10 | Error in "make server" and "make ui-server"
- Nov 11 | Difference in dev Environments on port 9081 and 3000
- Nov 10 | npm run lint:fix error
- Oct 30 | Getting Meshery locally using Docker Desktop for Meshery UI contribution