Olivia
Online
Yuval Kohavi
@KohaviYuval
@soloio_inc
Cambridge, MA
Joined August 2014
193 Following
259 Followers
198 Posts
Happy Valentine's! have some fun with ext-auth and agentgateway https://t.co/e8b5rUzxXa
Makes sense, Every home has Windows
We are proud to announce that Istio is migrating to Windows! Join us at Istio Day London, starting in 10 minutes to hear more!
https://t.co/QFabaYUP91
#kubecon #servicemesh
7 years. Hundreds of customers. Thousands of open-source users. From day 1, Gloo Gateway was built to be the most mature Envoy-based API gateway. Now, it’s part of CNCF as kgateway! 🚀 What did we learn? A 🧵 from @linsun_unc & @KohaviYuval ⬇️
Who to follow
solo.io
@soloio_inc
Solo is the unified platform for secure, seamless cloud operations — built to power the next generation of intelligent AI agents.
Christian Posta
@christianposta
Field CTO @soloio_inc | AI Reliability Engineering | Cloud Networking | Author | International Speaker
Lin Sun
@linsun_unc
Open Source @soloio_inc / @IstioMesh TOC & Steering member / @CloudNativeFdn TOC member & Ambassador / O'Reilly Author / Inventor / ex-IBMer
@christianposta mTLS for all workloads, without restarting anything, in under 5 minutes? is this magic??
I’m obviously biased, but I can’t wait for the moment when the industry at large really “gets” what Ambient mesh can do. It’s a literal game changer for cloud networking that does a great job at balancing complexity, cost and robustness. More here: https://t.co/TUBfV6EIBu
Istio 1.23 is out! 🎉🎉🎉⛵️⛵️⛵️
Lots of improvement for ambient mode with 50% improvement in thoroughput compared to 1.22, along with a bunch of other improvements. Check it out 👇👇👇
https://t.co/cmWXvkPDaA
Excited to share some of the work we have done to make Gloo the best way to run a service mesh! This one is a game changer IMO.
https://t.co/5zpGQ2669o
pods are overrated
Istio without sidecar - YES;
Istio without pod? 🤔🤔🤔
Checkout @_howardjohn’s latest blog on his fun exploration:
https://t.co/nkaNR0MbsR
Istio ambient is often seen as just "service mesh without sidecars". It is that, but it also solves a ton of pain points in Istio.
One of many things you won't need to worry about: securing all Prometheus scraping: https://t.co/fbLlH98ZeZ.
With ambient, it just works.
The upcoming @IstioMesh release brings an exciting feature called in-pod redirection mode, allowing #Istio Ambient Mesh to collaborate with any CNI. Check out @pjausovec's discussion with @KohaviYuval in this live stream recap. Learn more! #AmbientMesh
https://t.co/ccuFPlv72M
🚨🚨 Ambient mesh with CNI
📅 January 23rd, 10:00am PST, 1:00pm EST
@KohaviYuval will talk about the in-pod redirection mode feature that just got merged into @IstioMesh !
Join to learn how this works and what it enables!
🙋♂️Who's coming?
Link ⏬⏬
[Just Blogged with @KohaviYuval] Secure Application Communications with Mutual TLS and @IstioMesh - Dive into securing application communications, mTLS and Istio to achieve end-to-end mTLS among your applications.
https://t.co/uyZKQr6VmV
New https://t.co/EfLCYqabr4 release 🚀 v0.13 comes with:
- Bundle Runtime - a declarative API for fetching values from #Kubernetes clusters.
- Module signing and verification with @projectsigstore.
- Enforce k8s min version for modules.
- Support for @cue_lang required fields.
@shakedko @Idit_Levine If the developer creates the pod, sidecar injection can be disabled. A worse example is if "hostNetwork: true" is set. This avoids both istio and the CNI.
All that to say, one should set policies to prevent devs from abusing the cluster - k8s is not a PaaS.
@shakedko @Idit_Levine An unprivileged pod can't normally escape Istio.
Most CNIs use policies that are based on the kubernetes NetworkPolicy. Istio's policies are workload or identity based. You can use both for defence in depth.
@shakedko @Idit_Levine Istio doesn't deal with low-level linux routing.
It assigns an identity to traffic leaving the pod, and encrypts it. It also handles application protocols like HTTP, providing observability and policy.
@stefanprodan at @soloio_inc we release betas that use the same release CI workflows
another approach (I think istio does this) is to split the release to 2 jobs: build and publish. where publish is trivial (just copy files around and push images). so if build fails nothing is published
Good read!
Istio Ambient is not a "Node Proxy" - addressing some common misconceptions in Istio's ambient architecture.
https://t.co/JCRkAQkE0b
Last Seen Users on Sotwe
🗑️-san (Comms Open 14/15)
Seen from Brazil
Hot sperm in women mouth
Seen from Netherlands
Donny Bi top
Seen from Indonesia
𝕓𝕠𝕪
Seen from Malaysia
العراقي ابن ديالى 🇮🇶
Seen from Germany
sex tutkunu
Seen from Turkey
.
Seen from Italy
طالب مجحم🥵
Seen from United States
nraug hmoob yaj
Seen from United States
سميره
Seen from Egypt
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers