https://socake.github.io/tags/mtls/Recent content in Mtls on 黄文卓 | DevOps EngineerHugo -- gohugo.iozh-CN17691281867@163.com (Wenzhuo Huang)17691281867@163.com (Wenzhuo Huang)© 2026 Wenzhuo HuangSun, 12 Apr 2026 10:00:00 +0800https://socake.github.io/posts/service-mesh-comparison/Sun, 12 Apr 2026 10:00:00 +080017691281867@163.com (Wenzhuo Huang)https://socake.github.io/posts/service-mesh-comparison/Istio、Cilium Service Mesh、Linkerd 三种方案各有侧重：Istio 功能最全但最重，Cilium 基于 eBPF 性能最优，Linkerd 最轻量最易运维。本文从架构、性能、功能、运维四个维度全面拆解，帮助架构师做出有数据支撑的选型决策。https://socake.github.io/posts/spiffe-spire-workload-identity/Fri, 10 Oct 2025 10:00:00 +080017691281867@163.com (Wenzhuo Huang)https://socake.github.io/posts/spiffe-spire-workload-identity/一份从生产部署出发的 SPIFFE/SPIRE 实战笔记：讲清楚 SVID、节点证明、工作负载证明、信任域联邦这些核心概念，用 Kubernetes + Istio + 非 K8s 工作负载的混合场景展示 SPIRE 如何统一身份，并分享升级、备份、Agent 崩溃等真实运维踩坑。https://socake.github.io/posts/istio-service-mesh-practice/Fri, 06 Jun 2025 12:06:00 +080017691281867@163.com (Wenzhuo Huang)https://socake.github.io/posts/istio-service-mesh-practice/记录 Istio Service Mesh 从零落地的完整过程，包括 sidecar 注入原理、VirtualService 灰度发布流量切分、DestinationRule 熔断与负载均衡配置、PeerAuthentication mTLS 加固，以及用 istioctl analyze 排查常见问题。