Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ambient Security Architecture docs #13742

Closed
wants to merge 5 commits into from
Closed

Ambient Security Architecture docs #13742

wants to merge 5 commits into from

Conversation

darshannere
Copy link

@darshannere darshannere commented Aug 17, 2023
edited by dhawton

Please provide a description for what this PR is for.

And to help us figure out who should review this PR, please
put an X in all the areas that this PR affects.

  • Ambient
  • Docs
  • Installation
  • Networking
  • Performance and Scalability
  • Extensions and Telemetry
  • Security
  • Test and Release
  • User Experience
  • Developer Infrastructure

@darshannere darshannere requested a review from a team as a code owner August 17, 2023 06:00
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Aug 17, 2023
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test labels Aug 17, 2023
@istio-testing
Copy link
Contributor

Hi @darshannere. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dhawton
Copy link
Member

dhawton commented Aug 17, 2023

/ok-to-test

@istio-testing istio-testing added ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Aug 17, 2023
@dhawton
Copy link
Member

dhawton commented Aug 17, 2023

@darshannere Looks like the lint test is failing, couple minor easy to fix things. With the repo checked out locally, you can always run make lint to verify all passes before pushing. Also when you have a second, please fill out the CLA. It's a requirement before your PR can merge.

@dhawton dhawton changed the title Darshannere/issue#13483 Ambient Security Architecture docs Aug 17, 2023
@istio istio deleted a comment from istio-testing Aug 17, 2023
@dhawton
Copy link
Member

dhawton commented Aug 17, 2023

/easycla

@darshannere
Copy link
Author

/retest

@darshannere
Copy link
Author

@dhawton @linsun I have solved all the errors. Can you review the pr and let me know if it is good.

@linsun
Copy link
Member

linsun commented Aug 21, 2023

cc @christian-posta wanted to make sure he is good at incorporating these diagrams to istio.io doc.

linsun
linsun reviewed Aug 21, 2023
View reviewed changes
content/en/docs/ops/ambient/architecture/index.md

{{< image link="./ambient-layers.png" caption="Layering of ambient mesh data plane" >}}

To recap, Istio ambient mesh introduces a layered mesh data plane with a secure overlay responsible for transport security and routing, that has the option to add L7 capabilities for namespaces that need them.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you mean by recap here?

linsun
linsun reviewed Aug 21, 2023
View reviewed changes
content/en/docs/ops/ambient/architecture/index.md
{{< image link="./ambient-layers.png" caption="Layering of ambient mesh data plane" >}}

To recap, Istio ambient mesh introduces a layered mesh data plane with a secure overlay responsible for transport security and routing, that has the option to add L7 capabilities for namespaces that need them.
To understand more, please see the [announcement blog](/blog/2022/introducing-ambient-mesh/) and the [getting started blog](/blog/2022/get-started-ambient).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it is appropriate to refer to these blogs as we won't be updating the blogs live.

linsun
linsun reviewed Aug 21, 2023
View reviewed changes
content/en/docs/ops/ambient/architecture/index.md
To recap, Istio ambient mesh introduces a layered mesh data plane with a secure overlay responsible for transport security and routing, that has the option to add L7 capabilities for namespaces that need them.
To understand more, please see the [announcement blog](/blog/2022/introducing-ambient-mesh/) and the [getting started blog](/blog/2022/get-started-ambient).
The secure overlay consists of a node-shared component, the ztunnel, that is responsible for L4 telemetry and mTLS which is deployed as a DaemonSet.
The L7 layer of the mesh is provided by waypoint proxies, full L7 Envoy proxies that are deployed per identity/workload type.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also per namespace

craigbox
craigbox reviewed Nov 9, 2023
View reviewed changes
Copy link
Contributor

@craigbox craigbox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @darshannere, can you take a look at the outstanding comments and we can merge this? Thanks!

@istio-testing
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Mar 8, 2024
@craigbox
Copy link
Contributor

@darshannere @dhawton @linsun is there something of value here to bring forward?

@craigbox
Copy link
Contributor

This is just a copy of https://istio.io/latest/blog/2022/ambient-security/. I do think it makes sense to bring some of this content forward but not in this PR.

@craigbox craigbox closed this May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@craigbox craigbox craigbox left review comments

@linsun linsun linsun left review comments

Assignees
No one assigned
Labels
needs-rebase Indicates a PR needs to be rebased before being merged ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@darshannere @istio-testing @dhawton @linsun @craigbox