Cloud Native Computing Foundation / EnvoyCon 2019 (San Diego)

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Envoy Mobile in Depth: From Server to Multi-platform Library - Jose Nino & Michael Schore, Lyft

99.999% reliability on the server is meaningless if mobile apps are only able to complete the desired product flows a fraction of the time. Learn how Lyft built, and deployed Envoy Mobile (envoy-mobile.github.io) in their Swift/Kotlin apps and the motivation behind deploying a single, consistent Envoy-based network stack across every platform.

Envoy Mobile was created to provide apps with the same network configurability, observability, and transport technologies that Envoy Proxy enables for the server - as if apps were simply another node on the service mesh. This talk will dive deep into the technical aspects of using the Envoy codebase as the core foundation of a mobile networking library. We will cover the challenges we encountered and solutions we built in packaging Envoy and developing a direct HTTP API into its core, supporting an ergonomic interface for both iOS and Android.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Envoy Namespaces - Operating an Envoy-based Service Mesh at a Fraction of the Cost - Thomas Graf, Cilium / Isovalent

The most common architecture currently includes running Envoy as a sidecar proxy inside of application pods. This provides an excellent resource and security isolation but comes at a steep resource consumption cost. Each individual sidecar proxy is running as a separate process and is duplicating all required resources.

This session will introduce the concept of namespaces to Envoy. Similar to namespacing in the Linux kernel which serves as the foundation for containerization, namespaces for Envoy allow to isolate resources and thus share an Envoy instance among multiple application pods running on a single node without losing any of the isolation properties. We’ll look at how a service mesh can be operated at a fraction of the required resources while still providing virtualized logical Envoy instances which present themselves to Envoy control planes as if they were running as a sidecar.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Envoy’s Using 10GB of Memory and It’s All My Fault! - Steve Sloka, VMware

Implementing your own management xDS API server to configure and drive Envoy is a natural step when implementing any Envoy-based infrastructure. Examples exist in various languages that demonstrate how to set up an xDS API server for LDS, EDS, RDS, and CDS. However, most implementers probably wouldn’t realize that it's possible to write an xDS server that appears to work--Envoy serves traffic--but causes Envoy to leak gigabytes of memory.

This talk will discuss how we built an xDS server which ended up with a memory leak in Envoy all because we implemented the API incorrectly. We’ll look at ways we identified the issues through metrics & monitoring, how our users were affected, and also provide an overview of how we caused the issue, then describe some takeaways that should be kept in mind for your implementation. Come learn from our failures so you don’t experience the same!

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Evolution of Envoy as a Dynamic Redis Proxy - Nicolas Flacco & Henry Yang, Lyft | Mitch Sulaski, Workday

This session will go over the evolution of Redis support in Envoy. Initially Envoy redis proxy only supported sharding to clusters of independent Redis nodes. Recent developments have enabled support for the open source Redis Cluster protocol as well as some unique features such as multicluster routing, flexible load balancing options, and traffic shadowing.

As the usage of Redis expanded different usage patterns emerged, requiring different availability, durability and consistency trade-offs. Henry and Mitch will discuss how the Envoy redis proxy was extended to support these new requirements in large scale environment(10+ Millions rps) at Lyft and Workday.

Traditionally migrating data between Redis clusters has been painful, requiring lots of application code changes and extensive monitoring. Now, it is possible to move traffic between Redis clusters with zero application code changes, using Envoy itself. Nicolas will discuss his experience at Lyft migrating Redis clusters.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

From Microbenchmarks to HTTP2 Load-testing: 5 Performance Tools and Techniques to Improve Envoy Scalability - Joshua Marantz, Google & Otto van der Schaaf, We-Amp B.V.

As Envoy scales with traffic growth, service complexity, and processor-count, to achieve our performance goals we need an increasing array of tools. We need tools to help visualize latency, throughput, memory, CPU-load, and thread contention.

Some of these tools already exist, such as kcachegrind and Google’s performance benchmarking library. Others needed to be built, such as a new OSS L7 load-tester based on the Envoy networking stack, that is capable of driving HTTP2 traffic through proxies.

In this talk, we’ll discuss these tools and how we’ve applied them to find and fix bottlenecks in Envoy, and help us make decisions about how to improve the system and its usage.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

How Spotify Migrated Ingress HTTP Systems to Envoy - Erik Lindblad, Kateryna Nezdoli & Alex Sundstrom, Spotify

Speakers: Alex Sundstrom, Kateryna Nezdolii, Erik Lindblad
Erik, Kateryna and Alex are on the team responsible for perimeter systems that sit between Spotify’s clients and its backend services. They started unifying those systems from a range of different technologies and protocols to a solution based on Envoy proxies and a unified control plane.

This talk introduces Spotify’s vision for the next-gen perimeter. However, it will mainly focus on the migration of all HTTP ingress traffic, handled by a brittle, custom Nginx/HAProxy setup to an Envoy-based solution.

The speakers will discuss how they’re migrating multiple high volume web services, serving millions of requests/sec, with minimum disruptions and zero-downtime for the feature teams that maintain Spotify’s backend services.

This talk will also illustrate how Spotify’s engineering culture of loosely coupled but highly aligned teams has informed the decisions taken during the migration.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Service Mesh in Kubernetes: It’s Not That Easy - Lita Cho & Tom Wanielista, Lyft

As Lyft migrated its applications to Kubernetes, assumptions baked into the networking layer were tested. This talk will provide a deep dive of how Lyft used Envoy’s xDS protocol to design their own flexible service mesh and handle new challenges from a multi-cluster architecture such as:
- Routing across multiple Kubernetes clusters
- Handling Deployments
- Rapid scale-in and scale-out
- Service Discovery
- Active/Passive Health Checking
- Readiness in the service mesh

This talk will also go over changes that were made in the Envoy codebase to make this work.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Spanning the Globe with Envoy at Stripe - Dylan Carney, Stripe

Stripe operates compute infrastructure around the globe in order to provide low latency and high availability to its users, using Envoy to connect this infrastructure together.

To ensure reliability and operability, Stripe built an Envoy control plane, along with new tooling to manage it. New XDS services provide features like ramp-up of traffic to specific compute clusters, tiered failover, and per-customer routing of API requests. Stripe also built their blue/green deployments on top of this. Finally, they made improvements to make Envoy significantly more reliable in the face of issues like packet loss and head-of-line blocking, based on traffic patterns and behavior observed in production.

Attendees will learn details about these projects and get to hear war stories, cautionary tales, and valuable lessons learned during the process of building out a globe-spanning Envoy topology.

Join us for Kubernetes Forums Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Welcome, Thank You, Growth - Matt Klein, Lyft

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Building Low Latency Topologies with Envoy - John Howard, Google | Snow Petterson, Square | Liam White, Tetrate

This talk will go over how Envoy's load balancing algorithms work, with a focus on how the different components of load balancing (priorities, localities, etc.) work together and how they interact with mechanisms such as retries and outlier detection. We will then make things more concrete by detailing how these components were used to implement Istio and Square's locality load balancing features.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Dynamic Request Routing With Envoy - Ben Plotnick, Cruise

This talk will discuss using Envoy to reroute requests in production to desired destinations. This includes substituting your own version of a production service in the request path to test your code in a real-world environment. It will cover extending Envoy using a custom filter as well as using distributed context propagation and custom chrome and mobile app extensions to enable developers to test their code on the fly.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Graph-based ML Anomaly Detection and Insights for Envoy Systems - Anoop Koloth & Hanzhang Wang, eBay

At eBay, the services have been moving in close to end-users for faster and better experiences. SLB powered by envoy today helps us to address dynamic caching of content on edge across the globe. Monitoring the reliability and availability to the customers is always a top ask. The data and insights generated by Envoy are in-depth and detailed for granular and powerful anomaly detection.

In this talk, the speakers will present on how they managed to build a monitoring system and leveraged data generated from envoy clusters:
(1) Processing billions of hits served from different platforms from worldwide in real-time.
(2) Key Performance Indicators from Envoy ecosystem.
(3) Effective ML solution for proactive monitoring diversified eBay systems.
(4) Graph-based modeling and algorithms to deal with system complexity.
(5) Symbiosis and enhancement with existing SRE solution.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Livin' on the Edge (of your cluster) - Nick Young, VMWare

Envoy is often used as a sidecar proxy, but what if you’re using Envoy as an edge proxy to bring traffic into your cluster? What can bite you?

This talk is based on my experience building Contour. We’ll cover the key considerations for deploying Envoy as an edge proxy, including the settings you need to check. And we’ll inevitably get into war stories on the importance of keepalives, buffer size tuning, and draining connections correctly.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Making Envoy Sustainable - Cynthia Coan, Datawire

Adopting a new technology is never easy; but making that technology stick is even harder. This is because when adopting a new technology you face both technical AND social/cultural hurdles.

At the gateway and service mesh layers, breaking changes affect huge swaths, if not all, of your users and can consume a lot of development time.

In this talk, Cynthia will explain how you can approach building a maintainable API Gateway using Envoy that is set up to last for numerous years. She will delve into how to work with internal consumers and the Envoy community and how you can create internal filters/extensions for the gateway in a sane way. The end goal is that your gateway will continue to run and have the ability to adapt as we change other parts of our stack, moving from platform to platform and language to language.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Overview of Authentication and Authorization Features in Envoy - Wayne Zhang & Yangmin Zhu, Google

This session talks about and gives a high-level overview of the authentication and authorization features in Envoy, including JWT, RBAC, and External Authorization.
From this session, you’ll learn:
1) High-level description of jwt_authn filter, RBAC filter, ext_authz filter and etc.
2) How to use these filters to meet your security requirements
3) Caveats you should be aware of when using these filters

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Solving Microservice Murder Mysteries with Envoy's Tap Filter - Mitch Kelley, Solo.io

There are 324 possible explanations for the great WhoDunIt question in the board game Clue.

If only debugging microservice failures were so simple. Learn how Envoy's Tap filter can be used to get to the bottom of your most intractable failure modes before they strike again. Through an interactive live demo we will show how to configure and apply Envoy Tap filters to capture, replay, and debug the types of intermittent failures that plague microservices. This debug workflow transforms bug reproduction activities from an expensive, team-wide investigation to a simple, instant database query. Whether you are using Envoy directly or through Istio, learn how you can take advantage of this powerful new feature to increase the resiliency of your distributed systems and the effectiveness of your teams.

Please bring your computer or smartphone to participate in this live investigation.

Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

The Universal Dataplane API (UDPA): Envoy's Next Generation APIs - Harvey Tuch, Google

The vision of the Universal Dataplane API (UDPA) is to evolve Envoy's v2 xDS APIs to become an open standard for the configuration and control plane of L4/L7 dataplane load balancers. We envision an industry standard for L4/L7 data plane configuration, similar to the role played by OpenFlow at L2/L3/L4 in SDN. The CNCF has formed the industry spanning UDPA Working Group (UDPA-WG) and in this talk, we will discuss the vision and goals of UDPA, progress towards a UDPA standard, upcoming Envoy xDS and implementation changes and the roadmap ahead.