Cloud Native Computing Foundation / ServiceMeshCon North America 2021

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Closing Session - ServiceMeshCon Program Committee

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Deploy Istio for Production Workshop- Ramratan Vennam, Solo.io (Part 1)

In this workshop, we dive into Istio foundations with a focus on rolling it out to your organization. Istio is powerful, but learning how to deploy it, configure it, debug it, and secure it has many challenges. Some of the topics that we will cover in this workshop include:

Installing production ready Istio
- Establish security and configuration boundaries
- Expanding the mesh to your organization
- Connecting to observability systems
- Debugging tools when things aren't working as expected

The instructor is a Field Engineer and an Istio veteran who helps companies learn, deploy, run and debug Istio on a daily basis. Over the last 3 years, he has gained beneficial knowledge and several best practices that will be shared in this hands-on workshop.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Deploy Istio for Production Workshop (Part 2)

In this workshop, we dive into Istio foundations with a focus on rolling it out to your organization. Istio is powerful, but learning how to deploy it, configure it, debug it, and secure it has many challenges. Some of the topics that we will cover in this workshop include:

Installing production ready Istio
Establish security and configuration boundaries
Expanding the mesh to your organization
Connecting to observability systems
Debugging tools when things aren't working as expected

The instructor is a Field Engineer and an Istio veteran who helps companies learn, deploy, run and debug Istio on a daily basis. Over the last 3 years, he has gained beneficial knowledge and several best practices that will be shared in this hands-on workshop.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Designing a Service Mesh for Global Scale At SAP- Fei Yao, SAP

SAP has embarked on a journey to design and implement multi-cluster “Service Mesh as a Service” for its BTP platform.They did not stop there though, they aim to connect these meshes together in a “mesh of meshes” architecture. Fei Yao, Chief Architect at SAP will talk about the challenges and design patterns (with help from Nick Nellis at Solo.io) that are helping enable SAP to connect and manage service meshes for 40,000 engineers and over 10,000 clusters.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Get Started With Istio Service Mesh Workshop- Lin Sun, Solo.io (Part 1)

You will be given a quick fly-over of what challenges service mesh solves, service mesh architecture, and various service mesh projects in the ecosystem. Then we will dive into the Istio service mesh project including how it works and the best practice to adopt the Istio service mesh through hands-on labs.

We will cover the following topics in this workshop:
Install Istio
Secure services with Istio Ingress Gateway
Add services to the mesh
Secure inter-service communication with Istio
Control traffic

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Get Started With Istio Service Mesh Workshop (Part 2)

You will be given a quick fly-over of what challenges service mesh solves, service mesh architecture, and various service mesh projects in the ecosystem. Then we will dive into the Istio service mesh project including how it works and the best practice to adopt the Istio service mesh through hands-on labs.

We will cover the following topics in this workshop:
Install Istio
Secure services with Istio Ingress Gateway
Add services to the mesh
Secure inter-service communication with Istio
Control traffic

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Governing the Cloud Native Event Bus: Applying ServiceMesh to Knative Eventing Workshop - Michael Costello, Red Hat (Part 1)

In the cloud we expect our resources to be able to come and go and react to the environment around them in a way that meets our business needs. While we take on event streaming and serverless architectures to accomplish this need in the cloud, our new architectural constructs can be unwieldy and grow past our traditional attempts to apply authorization, authentication, rate limitation, policy, and other traditional enterprise requirements around our service interactions. In this workshop, we discuss the implications of event streaming and serverless architectures, and how we might re-inject governance models, mutual authentication, all the wonderful guardrails as well as observability a Service Mesh gives us (in our case, Istio) to cloud native event streaming serverless models (in our case, Knative Eventing with Apache Kafka). At the end of this presentation, participants should be able to assert viable architectural patterns to governing these service interactions and will be exposed to the technology behind an implementation of these approaches (via a demo!).

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Governing the Cloud Native Event Bus: Applying ServiceMesh to Knative Eventing Workshop (Part 2)

In the cloud we expect our resources to be able to come and go and react to the environment around them in a way that meets our business needs. While we take on event streaming and serverless architectures to accomplish this need in the cloud, our new architectural constructs can be unwieldy and grow past our traditional attempts to apply authorization, authentication, rate limitation, policy, and other traditional enterprise requirements around our service interactions. In this workshop, we discuss the implications of event streaming and serverless architectures, and how we might re-inject governance models, mutual authentication, all the wonderful guardrails as well as observability a Service Mesh gives us (in our case, Istio) to cloud native event streaming serverless models (in our case, Knative Eventing with Apache Kafka). At the end of this presentation, participants should be able to assert viable architectural patterns to governing these service interactions and will be exposed to the technology behind an implementation of these approaches (via a demo!).

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Deploying an Envoy-Based Service Mesh in Minutes Across Kubernetes and VMs- Marco Palladino, Co-Founder & CTO, Kong

Deploying a service mesh has traditionally been a complex task, and distributed environments across multiple clusters and clouds can make things even more challenging. But, it doesn’t have to be that way!
In this session, we are going to fire up the terminal and install CNCF’s Kuma across multiple Kubernetes clusters and virtual machines. In just 10 minutes, we will be up and running with a modern Envoy-based service mesh to power both modern and legacy applications for our teams.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Super-Charge Your Mesh Services With Enhanced Data Access- Idit Levine, Founder & CEO, Solo.io

It is clear that service mesh is ‘crossing the chasm’ as more and more organizations not only deploy service mesh into production, but deploy it in large scale, mission critical environments. Development and operations teams value the common security model, fine grained traffic management and end-to-end observability provided by the mesh. Organizations are also realizing that the services and APIs that run within the mesh can expose valuable data and functionality, but application developers still need to write a lot of code to harness this information, limiting the adoption and ultimate benefit these services can provide.

In her talk, Idit Levine, CEO of Solo.io, will discuss innovative use cases that can be enabled by extending a service mesh. She will explore how a mesh can be used to simplify complex data and information access to support a wide variety of clients with minimal code to unlock hidden insights of an organization.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Leveraging Service Mesh For Enterprise Multi-Cloud Strategy- Jun Wei & Victor Martinez, Equinix

Multi-cloud strategy is becoming the new norm when it comes to cloud adoption for enterprises, especially for global companies cross multiple geographic regions. Many factors can contribute to the motivation behind multi-cloud strategy, including best of the class solutions from multiple cloud providers, reliability and flexibility, and optimal performance-cost benefits. All major cloud providers are offering coherent solutions to enable hybrid and multi-cloud strategies. Among all solutions, Service Mesh is an effective technology to deliver the benefits of multi-cloud strategy to enterprises. We will examine a few multi-cloud use cases and architecture considerations and how to leverage service mesh for typical enterprise multi-cloud strategies, including failover, best of class, and flexible scale-in-and-out application deployment patterns. In particular, we will explore private connections among multiple cloud providers to ensure enterprises the ultimate security and privacy for their data while enabling multi-cloud strategies.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Multi-cluster Service Mesh Workshop - Will McKinley, Solo.io

This workshop is based on Istio and Gloo Mesh (https://github.com/solo-io/gloo-mesh). It's a hands-on workshop where each participant has a dedicated VM. In the VM, you deploy 3 Kubernetes clusters using Kind. One cluster is a management plane where Gloo Mesh is deployed, while Istio is deployed in the 2 other clusters. Then, you federate the identity of the Istio clusters, configure cross cluster communications, failover, learn about Web Assembly, ... And before each lab, we go through some slides. For example, before the identity federation, we explain you what is SPIFFE, how it's used in Istio, ... The labs are publicly available: https://github.com/solo-io/workshops/tree/master/gloo-mesh

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Opening Remarks, Marco Palladino ServiceMeshCon Program Committee Member

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Planning the Zero-Downtime Lifecycle of Your Service Mesh- Christian Posta, Solo.io

A service mesh is a critical piece of application infrastructure that lives on the request path between your services. Once you get past the “hello world” for your particular mesh, you are left having to plan out your production deployment and more importantly, future upgrades. The architecture and patterns for deployment are as important (if not more?) as the specific mesh capabilities you choose. For example, patterns like separating ingress, running canaries, and focusing on limited configuration blast radius are foundational to enable zero-downtime upgrades of your mesh. In this talk, we discuss the vital patterns and practices cultivated working with mesh adopters around the world. The audience should come away with a core set of practices to enable successful lifecycle management of their service mesh.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Replatforming a $4B Retailer Onto Kubernetes and Linkerd- Fredrik Klingenberg, Aurum AS

To increase the pace of feature iteration and reduce costs, Elkjøp, the largest electronics retailer in the Nordics, migrated their application from Azure App Service to Kubernetes and Linkerd. In this talk, Fredrik describes how they built the new platform while rapidly onboarding themselves and their developers onto both Kubernetes and service mesh expertise, and how they addressed the concerns of their developer managers, who were happy with the status quo and uneasy about the proposed change.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Scalable Confidential Computing on Kubernetes with Marblerun- Moritz Eckert & Felix Schuster, Edgeless Systems GmbH

Confidential computing (CC) is a new and emerging security paradigm. It enables the always encrypted and verifiable processing of data on potentially untrusted hosts, e.g., the cloud or maybe even your local cluster. Do you wanna add an extra layer of data protection to your Kubernetes workloads? In this talk, we introduce the open-source project Marblerun and discuss the challenges that arise when you deploy CC-enabled workloads on K8s. Marblerun is the control plane for confidential computing, designed to run on Kubernetes. It is an open-source solution that extends the confidentiality, integrity, and verifiability properties of a single enclave to a Kubernetes cluster. Marblerun does not replace your service mesh; it is built to run alongside your existing cloud-native tooling. In essence, Marblerun simplifies deploying, scaling, and verifying end-to-end encrypted apps on vanilla K8s. We will demo how to CC-fy a cloud-native app and run it with K8s+Linkerd+Marblerun.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Service Mesh Patterns by the Book- Lee Calcote, Layer5 & Nic Jackson, HashiCorp

Infrastructure diversity is a reality for many organizations. It’s predicted that by 2022, 90% of all apps will feature microservices architectures. A huge range of microservice patterns drives a world of multiple service meshes. As various service meshes have proliferated infrastructures, service mesh patterns and abstractions have emerged. We will break down 60 service mesh patterns into different categories of use, demonstrating and examining a select few using Meshery for deeper review of their problems they solve, discussing caveats, and highlighting anti-patterns. The patterns discussed are being published in Service Mesh Patterns (O’Reilly) by Lee Calcote and Nic Jackson.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Service Mesh War Stories - Lessons Learned the Hard Way - Moderated by Mitch Connors, Google; Iryna Shustava, HashiCorp; Phillip Gibson, Microsoft & William Morgan, Buoyant

Failure is an excellent teacher, and the best failure to learn from is someone else's. This panel will take you behind the scenes in some of the biggest service mesh products around through the eyes of the engineers that build them. Hear from service mesh insiders about the greatest ideas that didn't work. Learn how to avoid adoption pitfalls that often end in disappointment. Get an inside look at how a service mesh product is made, and how service mesh maintainers run their own service mesh. Take away patterns and practices for successfully navigation your service mesh journey, regardless of the implementation you choose.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Service Mesh: A Hole in the Pocket?- Venil Noronha & John Murray, Stripe

Service meshes provides a wide range of capabilities including flexible configuration, high fidelity observability, and is transparent to user applications. However, this power, despite it's (often) open-source nature, does not come cheap. In the age of public cloud, vendors typically charge users on several axes of usage. When using a feature like traffic shaping, if not careful, cross-availability-zone traffic can quickly increase spend. High fidelity metrics are useful to operators, but default service mesh configurations can easily overwhelm systems, and users too. Suboptimal defaults coupled with user-local dashboards leads to high cardinality metrics further increasing costs of metrics storage solutions. Yet another area of spend is access logging. While being extremely important to diagnose runtime issues, access logs can quickly become a $$$ drain. The default policy of logging each request is not the best configuration for most users, and organizations need to craft these policies based on their unique environments. In this talk, we will talk about costs we've encountered when using a service mesh at scale at Stripe. We will also discuss some strategies we have in place for reducing spend, and other techniques to improve the overall experience with service meshes.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Single Mesh vs Multi Mesh- Tradeoffs for Enterprise Multi-Tenant Support- Ding Shaojun (Iris Ding) & Zhang Huailong (Steve Zhang), Intel

Service mesh is an infrastructure layer for micro services. It provides functions like: service discovery, traffic routing/shifting, security, observability etc. Multi-tenant is very common in kubernetes clusters. So how to better utilize service mesh capabilities while providing enterprise multi-tenant support in kubernetes clusters? In this talk we will walk you through below items and show you some tradeoffs for different service mesh options. 1. What challenges does multi-tenant bring to Service Mesh? 2. What service mesh options are applicable for multi-tenant support? 3. What does single mesh and multi mesh mean for multi-tenant and what are their Cons & Pros? 4. Performance comparison for different service mesh topology on multi-tenant clusters.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Super Charge Your Service Mesh With eBPF - Yuval Kohavi & Idit Levine, Solo.io

The Linux kernel is an ideal place to implement observation, networking, and security, and improvements in the eBPF space are making it more practical to leverage the Linux kernel for these use-cases. Given that both eBPF and service mesh essentially allows users to program policies to connect, secure, and observe; you may be wondering how service mesh and eBPF intersect? This talk will explore different approaches to supercharge your service mesh with eBPF to make service mesh more secure and efficient.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Understanding Service Mesh Metric Merging- Lawrence Gadban, Solo.io

Observability is a key tenet of any service mesh so each mesh implementation provides several features around observing the state of your mesh. One important aspect of observability is the exporting of metrics which enable operators or service owners to monitor both application and service mesh behavior. However, with service meshes that utilize a sidecar proxy, the exporting of metrics from both the application and the proxy itself is not as straightforward as it seems. In this session we will explore the challenge of consistently and transparently exporting metrics for all components comprising a service mesh workload. We will then dive into how Istio solves this problem with its “metrics merging” feature. This feature provides a simple way of exporting an aggregated set of metrics from all of the pieces in a sidecar-injected workload, including metrics from the Istio agent, sidecar Envoy proxy, and application workload itself. Attendees will leave with a clear picture of why metrics merging is important in general as well as how it works in the Istio service mesh.