Catalog Details
CATEGORY
SecurityCREATED BY
UPDATED AT
June 25, 2024VERSION
1.0
What this pattern does:
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
Caveats and Consideration:
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
Compatibility:
Recent Discussions with "meshery" Tag
- Jun 22 | Should relationship schemas be the source of truth when defining relationships?
- Jun 18 | Accidently pushed my commit to running PR
- Jun 17 | Error while setting up Meshery Dev Environment in Windows
- Jun 15 | Where I can find the code of Layer5 Cloud ui?
- Jun 13 | Meshery Build and Release Meeting | June 13th 2024
- Jun 10 | Error while setting up local dev environment for docker desktop extension
- Jun 07 | Unable to deploy Meshery Adapters
- Jun 07 | Looking for a meshmate to help me with Docker extension development
- Jun 04 | Error on terminal when I ran `mesheryctl system start`
- Jun 04 | How to setup Meshery Operator for local machine