Catalog Details
CATEGORY
DeploymentCREATED BY
UPDATED AT
April 22, 2024VERSION
1.0
What this pattern does:
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
Caveats and Consideration:
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
Compatibility:
Recent Discussions with "meshery" Tag
- Apr 14 | Unable to deploy meshery to minikube
- Apr 16 | Help needed for setup of meshery cli
- Apr 17 | Meshery Development Meeting | April 17th 2024
- Apr 12 | What exactly is this sistent design system project
- Nov 11 | Unable setup local Meshery development server
- Apr 10 | How a beginner can start exploring project of meshery?
- Apr 10 | Meshery Development Meeting | April 10th 2024
- Apr 07 | Regarding [Bug]: Connection page shows error in "Local Provider" #10595
- Apr 03 | Meshery Development Meeting | 3rd April 2024
- Apr 02 | Open Request for Comments: Depiction of the Model Relationship Evaluation Cycle