Blog
Cross-Account Istio Resource Management with IRSA: Secure Multi-Cluster Operations
Master cross-account Istio management using IAM Roles for Service Accounts (IRSA). Complete guide to securely managing service mesh resources across AWS accounts and Kubernetes clusters.
April 20, 2026
HMAC in Istio: Series 2/2 - Advanced Scenarios, Debugging, and Performance
Series 2/2 of our HMAC series: Explore advanced HMAC scenarios in Istio, debugging HMAC failures, performance optimization, and key rotation best practices.
April 11, 2026
Tamper Detection at the Istio Gateway Layer
Learn how to detect and prevent tampering of incoming traffic at the Istio Gateway layer using mTLS, JWT validation, and custom authorization policies.
April 11, 2026
HMAC in Istio: Series 1/2 - Understanding HMAC and Its Role in mTLS
Series 1/2 of our HMAC series: Learn how HMAC (Hash-Based Message Authentication Code) works and how Istio uses it to guarantee message authenticity and integrity in mTLS connections.
April 10, 2026
How IstioD Manages Configuration at Scale: A Deep Dive into XDS
How istiod translates Istio resources into Envoy xDS configuration, why it's fast, what makes it slow, how to scale it, and which metrics matter most.
April 3, 2026
Using Custom JWT Claims for Authorization in Istio Gateway
How to extract custom claims from JWT tokens and use them for fine-grained authorization in Istio Gateway. Complete examples with audience claims, tenant IDs, roles, and permissions.
March 28, 2026
Istio Observability Series (2/2): Golden Signals for the Control Plane — Monitoring istiod
Part 2 of our observability series. The golden signals for Istio's control plane — xDS push latency, config convergence, push rejections, certificate health, and istiod scaling thresholds.
March 26, 2026
Istio Observability Series (1/2): Golden Signals for the Data Plane — HTTP, TLS, and gRPC
Part 1 of our observability series. The golden signals you should monitor for Istio's data plane — broken down by HTTP, TLS, and gRPC protocols. Specific Prometheus metrics, PromQL queries, and production alert rules.
March 25, 2026
Building a Custom ext_authz Server for Istio: From Code to Production
How Envoy's ext_authz protocol works, why it's the right approach for custom authorization in Istio, and a complete walkthrough of building and deploying a gRPC ext_authz server.
March 20, 2026
Hacking on Istiod: A Step-by-Step Guide to Local Development and Testing
A complete walkthrough for building, running, and debugging a modified Istiod locally — and watching your changes take effect on connected Envoy sidecar proxies in real time.
March 15, 2026