Cloud Native Computing Foundation / ServiceMeshCon EU 2021

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Administering Multi Cluster Service Meshes Securely - Eric Murphy & Eitan Yarmush, Solo.io

The majority of existing multi-cluster service mesh architectures require the distribution of Kubernetes API credentials (kubeconfigs) across clusters, typically by provisioning a service account in the local cluster and copying its access token to a process running in a remote cluster. This architecture requires that credentials for the Kubernetes API be shared with entities outside the cluster, exposing it to attack. Furthermore, scalability limits of the Kubernetes API Server make it less than ideal to serve an unbounded number of potential remote clients managing configuration and sharing access to a cluster. This talk will explore the downside of existing approaches in this model and propose a new approach based on a client-server management architecture inspired by Envoy which does not require sharing sensitive Kubernetes credentials with remote clusters.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Are You Sure About Your Mesh Performance? Details matter! - Otto van der Schaaf, Red Hat, Sunku Ranganath & Mrittika Ganguli, Intel Corporation

Service Mesh performance characterization has been an elusive aspect of understanding the impact of mesh in production. While few studies have been published, mesh performance generally is highly influenced by runtime environment, hardware settings, test tool & methodology used to benchmark. Based on various tests performed on Envoy, this presentation aims to shed light on: -Performance characterization methodology of Envoy for deterministic throughput & latency -Gaps in benchmark tools - disconnect between L2 to L7 optimizations for load generation & features WIP to address these gaps, e.g. with Nighthawk -Common pitfalls in measurements -Usual culprits for lack of consistency in benchmarks -Impact of scaling Envoy on latency & hardware utilization -Share benchmark results & common bottlenecks using Envoy sandboxes -Customizing Envoy for telco grade performance with hardware offloads

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Crawl, Walk, Run, Fly: Introduction to Adopting a Service Mesh in Your Organization - Christian Posta, Solo.io

Deciding whether or not to use a service mesh and understanding the value/complexity tradeoff is step one when exploring service-mesh technology. Christian Posta has been helping organizations adopt this technology as a practitioner and architect for the last three (or more) years and shares practical guidance for how to adopt a service mesh for your organization. We explore top use cases like security posture, network debugging, regulatory and compliance, imperfect cloud-apps, and overall modernization efforts with microservices architectures. This is meant to be an intro-level talk with the audience better understand whether and how to adopt a service mesh.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Creating Chaos in the University with Linkerd and Chaos Mesh - Jossie Bismarck Castrillo Fajardo & Sergio Arnaldo Méndez Aguilar, Universidad San Carlos de Guatemala

This talk presents a guide to create chaos engineering experiments using the technical approach and advantages of service meshes. It also shows how you use and interpret collected data from Linkerd during a chaos experiment and how Linkerd can complement Chaos Mesh for other types of chaos experiments. The talk is based on Jossie Castrillo thesis guided by professor Sergio Méndez both from San Carlos University of Guatemala. This talk also shows the challenges that a student has to develop and research about cloud native technologies in order to find valid use cases for Chaos Engineering that can be applied on real life situations. At the end, Jossie shows a short chaos experiment using Linkerd to generate faulty traffic and Chaos Mesh for additional chaos experiments, at the same time Sergio explains how to interpret the collected metrics and data from that experiment.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

How MS3 Supports 10,000+ Transactions Per Second with Kuma Service Mesh Across VMs and Kubernetes - Jose Montoya, MS3

With more businesses moving to digital, MS3 needed a simple way to address cross-cutting concerns such as security and observability, to accelerate the delivery of cloud native applications in a microservices architecture using containers and Kubernetes. This session covers how Kuma end-user, MS3, leveraged the service mesh project for a cost-effective way to address these concerns at the platform level and removed from the application developers’ responsibilities. We'll provide real-world examples to help other organizations implement service mesh to expedite digital transformation initiatives due to COVID-19. We’ll cover how MS3 leverages Kuma, an open-source control plane for service mesh built on top of Envoy, for their Enterprise Integration Platform to support commercial and federal customers with no performance impact for apps handling over 10,000 transactions per second

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Istio Beyond Kubernetes - Zack Butcher, Tetrate, Sven Mawson, Google & Pratima Nambiar, Salesforce

Istio can be used to build a service mesh spanning heterogeneous infrastructure. This presentation will describe three use cases that use Istio to power a mesh spanning a variety of infrastructures. We will start by covering two similar examples of Istio spanning kubernetes and VM infra (EKS-EC2 as well as EKS-on-prem), followed by the Salesforce Service Mesh that supports services running on bare metal, VMs and Kubernetes. We'll cover what those deployments achieve, and spend a lot of time describing how they work and the tradeoffs made to enable them.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Istio Cookbook: Kiali Recipe - Lucas Ponce, Red Hat

Istio provides a rich feature set, including service discovery, traffic management, extended security, observability (including telemetry and distributed tracing), rolling releases and resiliency. All these features are very powerful but on the other hand they add more configuration to manage and more information to process on top of a standard kubernetes cluster. Kiali is a management console for Istio. It provides dashboards, observability and lets you operate your mesh with robust configuration and validation capabilities. In this session we will run several scenarios learning Istio capabilities in a in a visual manner on a multiple namespace demo application.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Multi-Cloud and Multi-Cluster with CNCF’s Kuma on Kubernetes and VMs - Marco Palladino, Co-Founder + CTO, Kong Inc.

Organizations are well on their way to adopting microservice architectures, and as a result applications have grown to become decoupled and distributed - with connections spanning across geographies, clouds, and even workload platforms. Establishing service mesh as a “Day-0” solution for every team and application allows these organizations to deliver, livecycle, and troubleshoot applications faster and at global scale.

In this talk, Marco Palladino, Kuma maintainer and Kong CTO, will introduce you to Kuma, an open-source service mesh built on top of Envoy and a CNCF project focused on delivering simplicity and scalability to every application.

We’ll cover:

Kuma’s unique feature set designed for enterprise architects.
Give you a first look at Kuma’s unique multi zone deployment, including hybrid Kubernetes and VMs.
Walk you through a short demo to see Kuma in action across multiple clusters and clouds.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Kubernetes and Service Mesh Upgrade Automobile Company’s IT Infrastructure - Chaomeng Zhang, Huawei

Rapid business development brings a great challenge to automobile manufacturing company’s IT platforms. In this presentation, Chaomeng will share a practice of upgrading the traditional IT built microservice platform to cloud native infrastructure. That is gradually transforming the self-developed inner DNS plus ELB for service discovery and load balance, per VM nginx for inbound traffic management, metric, and access log, to Kubernetes and service mesh.

The practice solves the problems that every service request crosses too many heterogeneous middleware and proxies, and turns out to provide lightweight resource management, auto-scaling, canary, non-intrusive and transparent traffic management, security and observability on a consistent infrastructure, and thus improve ops efficiency, makes ops work simpler and easier.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Lightning Talk: Introduction to Media Service Mesh - Giles Heron, Cisco Systems

Media Service Mesh is a new concept for enabling real-time applications in Kubernetes. Most real-time applications (such as multi-player FPS games, multi-party video-conferencing, and CCTV streaming) use UDP rather than TCP and hence are incompatible with current web-proxy based service meshes. In addition they often use out of band TCP control channel to negotiate UDP port numbers, and this is incompatible with the kube-proxy ClusterIP NAT. There is, however, a desire from the developers of these platforms to move away from monolithic applications towards the micro-services architecture, and to be able to leverage a service mesh infrastructure providing load balancing, encryption and observability. Media Service Mesh enables this.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Lightning Talk: The Hardest Part of Operating a Service Mesh: Envoy Proxy - Christian Posta, Solo.io

Operating a service mesh in production has some pragmatic complexities with some contributed by Envoy’s underlying powerful feature set. Requests flow over the data plane proxies which means this is an important piece of technology to understand how to operationalize, debug, tune, and observe. In this talk, we share our experience at Solo.io supporting customers on Envoy-based technology both at the edge and in a mesh and share lessons learned such as: * understand which telemetry signals to watch for config sync issues, CPU, and memory pressure * enabling access logging and enhancing it with dynamic metadata * debugging connectivity issues with Envoy logs, metrics * tuning for cloud environments with keep-alive settings Attendees will leave with a better confidence of running Envoy-based service meshes such as Istio, Consul, Kuma, and OpenServiceMesh in production.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Lightning Talk: Use SkyWalking Satellite to Process Tracing, Logging and Metrics in Service Mesh - Ming Wen, api7.ai

Observability has always been a thorny issue in service mesh. Users of the service mesh need multi-dimensional data such as logs, metrics, and tracing to analyze the problems they encounter. In traditional solutions, users need to deploy skywalking, Prometheus, and Elasticsearch to handle these issues respectively. In this topic sharing, Ming Wen will introduce the latest version of Skywalking 8.4 and the sub-project of skywalking satellite. Using these two open source projects will help users use a complete and unified solution to process all observable data under service mesh.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Multi-Cluster Service Mesh With Istio - Zhonghu Xu, Huawei

In order to achieve high availability and scalability, more and more users are going to deploy applications across multiple clusters. Even these clusters are distributed in different regions, how could services discovery and communicate with each other become a big challenge for users. In this talk, Zhonghu will show you how Istio can handle this tricky issue for us. First, he will talk about the different kinds of multi-cluster models and what are the best scenarios they can address. Then, Zhonghu will illustrate the design philosophy of how Istio discovers services across clusters and how Istio simplifies service management. And at last, Zhonghu will conclude some points that can be improved in the future.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Multicluster Service Mesh- Adam Sayah, Solo.io

The digital transformation is pushing companies to adopt a cloud-native architecture, the microservice architecture is becoming a standard, resulting in a greater management complexity that a service mesh helps to alleviate, but how to solve the complexity when an organization has hundreds of clusters, or if multiple personas are involved.
- introduction to service mesh
- service mesh multi-cluster complexity
- introduction to management plane

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Observability with Consul Connect - Bram Vogelaar, Hot Potatoes

Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably. We all love infrastructure as code, we automate everything ™. However making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup and observe a service mesh platform using HashiCorp's Consul Connect by recording its metrics. logs and traces using Prometheus, Loki, Tempo and Grafana.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Opening Remarks - Chris Campbell, ServiceMeshCon Program Committee Event Co-Chair

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Panel: The State Of Service Mesh - William Morgan, Buoyant, Idit Levine, Solo.io, Nic Jackson, Harshicorp, Marco Palladino, Kong Inc & Louis Ryan, Google, Moderated by: Lin Sun, Solo.io

Do you need a service mesh? Is service mesh getting easier? What is the current state of the service mesh ecosystem? Join us for a live interactive session where our panel of service mesh experts from various service mesh projects (Istio, Linkerd, Consul Connect and Kuma) are eager to discuss with you the latest service mesh technology improvements, best practices for adopting service mesh, challenges that lie ahead for these projects, and what’s next for service mesh in the coming year.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Rapid Experimentation Simplified with Linkerd - Alexander Simon Jones, DevOps Institute Ambassador

The cloud engineering team of a multinational financial services corporation used Linkerd to introduce rapid experimentation.
It enabled them to create more resilient services and comparatively test changes. In this session, we'll explore how they did it and lessons learned.
With the proliferation of microservices architectures, developers need to rapidly set up prod-like dev environments locally.
Fortunately, local Kubernetes clusters to model high-scale, complex architecture within an enterprise are increasingly common.
This enables engineers to work with local abstractions of much larger systems.

Within this paradigm, service meshes also need representation locally as it has intrinsic differences to running a vanilla network layer within Kubernetes.
To speed up and ease experimentation, the service mesh must be simple and easy to use. A positive developer experience is key.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Scheduling 68k COVID Tests with Linkerd - Dom DePasquale & Shawn Smith, The Pennsylvania State University

In the summer of 2020, Penn State's software engineering team was tasked with building a system for scheduling the testing of students, faculty, and staff for their arrival back to campus in the fall. In this HIPAA-compliant testing and scheduling system, Linkerd was installed because of its reputation for security and observability. As the team came to learn in February 2021, the #1 reason to have Linkerd is to troubleshoot performance issues. The engineering team sent out over 68,000 invites to those returning to campus to log into the system and schedule COVID tests upon return for the spring semester. The large load on the system highlighted where bottlenecks and bugs really existed. In this presentation, members of that team will discuss how they utilized Linkerd to secure, monitor, and troubleshoot the microservice-based system.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Service Identity - The Key to Zero Trust with Service Mesh - Matthew Bates & Joshua Van Leeuwen, Jetstack

Service mesh provides first class support for service identity, foundational to identity-based, Zero Trust security that is now of growing interest and importance in the enterprise. In this talk, Matt and Josh will explain the concepts of service identity, such as SPIFFE, and illustrate through example how the various mesh technologies are architected, as well as how they implement the principles of service identity to provide seamless mTLS between workloads. The talk will help Platform and Security teams as they think about identity for workloads, how it's used within the mesh and beyond, and importantly, how this may can interoperate with enterprise PKI infrastructure.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Service Mesh Extensibility Explained - Lin Sun, Solo.io

You love service mesh but may have found out you need to extend your service mesh, whether you want to enhance the sidecar proxy or the gateways or the mesh control plane or plugin in your certificate authority or external authorization system. We’ll explore various user cases and extension points a service mesh could provide to users, using Istio service mesh as an example. This is meant to be an intermediate-level talk for audiences who understand the basics of service mesh and would like to further leverage service mesh to the next level.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Tap Tap, Debugging an App with your Service Mesh - Jason Morgan, Buoyant

Microservices are great for all kinds of reasons but troubleshooting issues in a distributed system is rarely easy. Add to that that getting multiple independent teams to agree to use a standard set of metrics or debugging strategies is really hard. Issues often turn into a blame game where DNS, Kubernetes, the network, or the mesh all take a turn. With Linkerd’s built in ability to tap into, and analyze traffic we can quickly identify and isolate problems. We can do that with zero code changes, without needing app teams to expose their own metrics or become experts in Kubernetes or the mesh. When a problem pops up Linkerd users can rely on the mesh as a single source of truth to help quickly identify issues and drive down MTTR.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Virtual Machines and Service Mesh in the Enterprise: 5 Things You Need to Know - Petr McAllister, Tetrate

With VM onboarding moving to beta in Istio 1.9, integrating non-Kubernetes workloads into the mesh is undoubtedly within reach for leading-edge service mesh practitioners. But, the full story is not so simple for enterprises looking to bring their traditional apps into the service mesh fold. What if your VMs and K8s clusters are in different clouds? What if there's a load balancer between them? If your cloud provider only provides a fully-qualified domain name for K8s API endpoints, how do you preserve the certificates? In this talk, we'll cover the top five issues we see enterprises face as they move their non-K8s workloads into the mesh and how they're being solved at the top service mesh shops we work with.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Virtual Machines as First Class Citizens in Service Mesh - Denis Jannot, Solo.io

The adoption of containerization is accelerating and running modern applications on Kubernetes became the standard. But what about the legacy applications that can't be deployed on Kubernetes ? Service Mesh seems to be the bridge that everyone wanted to unify these 2 worlds. You can now (somewhat) easily add Virtual Machines (and even Bare Metal servers) into your Mesh. In this talk, I'm going to show how to do that on Istio and speak about the different challenges someone needs to keep in mind: - how to automate the process (from the creation of Service Accounts on Kubernetes to the deployment of the prerequisites in the VMs). - how to add VMs in the Mesh in a multi cluster deployment. - how to allow canary deployments between Pods and VMs I'll also do a demo where I'll show how to automate the testing using Kind and Docker containers (yes, testing the VM integration without a VM !