Istio / IstioCon 2021

#IstioCon2021

Presented at IstioCon 2021 by Albert Sun.

A first commit to Istio.io can be daunting and there is a large amount of learning and commitment required to contribute to Istio.io. By presenting my experiences, I want to encourage both people familiar and unfamiliar to Istio, to contribute. I also hope to give some insight on the PR process for contributing to Istio.io, and show some relatively easy first commit examples. I found a home in the Docs WG, and I hope to help introduce others to this community by helping with their first commit.

#IstioCon2021

Presented at IstioCon 2021 by Weibo He & Stephen Chan

In this presentation, we will walk through Airbnb’s Istio Journey - why we needed a modern service mesh, how we vetted Istio as the solution, where we are today, the lessons we learnt along the way, and our future plans. We will cover topics including:

Airbnb’s multicluster/cell setup, problems we ran into/ideas for UX improvements
Airbnb’s upgrade setup for gradual rollout of newer versions of Istio
Airbnb’s test pipeline for vetting features we care about
How we handled k8s & mesh expansion in a consistent philosophy
How we approached migration (zero downtime, no regression)
Airbnb’s learnings/pain points/future expectation with Istio
Current areas of open discussion - come talk to us more about this

#IstioCon2021

Presented at IstioCon 2021 by Zufar Dhiyaulhaq & Vijay Dhama.

One of our main goals in GoPay is to automate mutual TLS communication between GoPay and our partner. We will share how we decide to use and manage Istio, change the configuration to suit our mTLS use cases, how we adapt Istio changes related to mutual TLS, and how our central certificate is managed, and how to set up automatic mutual TLS communication with Istio Egress TLS origination and Istio Gateway.

#IstioCon2021

Presented at IstioCon 2021 by Yangmin Zhu.

I will talk about the better external authorization feature in 1.9 that allows users to easily integrate Istio with external authorization system (e.g. OPA, OAuth2).

The better external authorization is the latest improvement that solves a much wanted customer request for better extensibility in the authorization policy.

This feature makes it possible and greatly improves the user experience of many critical use cases, for example, integrate with industry standard auth mechanism (e.g. OAuth2), reuse existing in-house auth system (e.g. OPA) and more.

#IstioCon2021

Presented at IstioCon 2021 by Murugappan Chetty.

Optum is one of the early adopters of Istio and its been used in a number of use-cases within the organization.

In this presentation, Murugappan Chetty of Optum will go over the platform that they built with kubernetes, Istio and knative, where internal users run their workloads.

Audience attending this session will get to know about

Istio features leveraged by the platform like, security, observability, traffic routing, client libraries, external dns etc.
Istio management - versioning, istioctl, Istio cni
Production use cases with metrics

#IstioCon2021

Presented at IstioCon 2021 by Vladimir Georgiev.

Istio’s Virtual Service API provides a language agnostic way of implementing graceful retries on failures until a timeout budget is exhausted. Precise timeouts and retries per endpoint result in better performance. Having hundreds of gRPC services means there will be as many YAML files to be configured, tested and managed, however. I will explain how we built a scalable way of managing retries and timeouts across the service mesh per service per RPC. Achieved by developing an API with annotations interface for specifying the retry and timeouts parameters in the proto files where the gRPC services are defined. Our build system, Please, uses custom rules to automatically generate and validate Virtual Services during build time. Thus, solving the problem of dealing with a large number of YAML configurations. Furthermore, this approach empowers Service Owners across the organisation to easily define SLOs without the need to understand the Virtual Service API and functionality in detail.

#IstioCon2021

Presented at IstioCon 2021 by Nick Nellis & Adam Toy .

Since the release of Istio 1.0, a major development effort has been spent on making it easier to use. Whether you are already running Istio in production or trying it out for the first time, it’s important that you know about the latest and greatest when it comes to debugging and maintaining istio.

Adam Toy from the Department of Defense will walk you through how the USAF’s Platform One program is utilizing Istio to establish a zero-trust PaaS infrastructure, as well as some of the new things Istio has to offer in terms of debugging and maintainability he has learned along the way.

#IstioCon2021

Presented at IstioCon 2021 by Lawrence Gadban.

One of the primary benefits of using Istio is its comprehensive security model, which enables users to express complex authentication and authorization policies for the services running within their mesh. While these security features are commonly used, they can cause confusion and are frequently misunderstood.

This talk will explore the security mechanisms available in Istio and will dive into how these policies are translated from high-level user-facing configuration to runtime policies in the various Envoy proxies that comprise the Istio data plane.

Specifically, we will look at the following:

Mutual TLS and how to configure peer authentication through PeerAuthentication and DestinationRule resources
Enforcing end-user authentication via JWTs with RequestAuthentication resources
Enforcing authorization rules through AuthorizationPolicy resources
Attendees will leave with a clear picture of how Istio’s various auth policies are implemented in the data plane.

#IstioCon2021

Presented at IstioCon 2021 by (speakers).

WebAssembly filters allow users the power to extend and customize Istio to their liking. But how do organizations actually develop them? Tooling exists for traditional software development, but established methods and tooling are difficult to come by in the emerging WebAssembly ecosystem.

In this talk we will attempt to answer the following, based on our experience working Istio + WebAssembly in customer environments for over one year:

How do we write WebAssembly filters?
How do we test WebAssembly filters?
How do we debug WebAssembly filters?
How do we ship WebAssembly filters?
We will explore existing tooling and solutions for working with WebAssembly in the service mesh, and provide insight into the development processes being implemented by early adopters of WebAssembly.

#IstioCon2021

Presented at IstioCon 2021 by Gregory Hanson.

Istio allows users to enable Envoy access logs. These logs provide extensive information and are one of the first steps in diagnosing networking problems in a service mesh. Engarde is a tool which parses Istio access logs into easily readable JSON objects. With Engarde, you get the log field names, but to the average user there are still some knowledge gaps that require a hop over to Envoy’s website to understand what is shown in the logs. This extension combines Engarde with Envoy’s documentation all in one place.

#IstioCon2021

Presented at IstioCon 2021 by Ed Snible.

This talk is for every engineer interested in creating traffic management and telemetry capabilities for the mesh itself.

Istio has offered extensibility through WebAssembly since 1.5. User code, running in the sidecar, can implement custom traffic management and telemetry. No Istio control plane access or special builds of the sidecar are needed. C++ and JavaScript developers can write, compile, deploy and test extensions quickly, with just a bit of Istio EnvoyFilter YAML on their clusters.

Yet developers I’ve talked to are not having success getting started. Others start but get stuck factoring their idea into a framework of HTTP protocol callbacks. Even a good design is not enough—troubleshooting extensions is difficult and some developers give up in frustration.

We’ll demystify the difference between Istio’s EnvoyFilter resource and Envoy’s HTTP filter chain. Attends will learn the framework, code delivery, and troubleshooting using as few new concepts as possible.

#IstioCon2021

Presented at IstioCon 2021 by Jeet Kaul.

So you’ve actually done security well and are using an external Redis provider that only allows TLS to talk to it. You could simply configure each of your applications to use TLS from the application pod or you can use Istio to handle the TLS part. This lightning talk demonstrates how to use Istio to do TLS origination for Redis (TCP) using the sidecar instead of the egress gateway.

#IstioCon2021

Presented at IstioCon 2021 by Ryota Sawada.

Istio documentation covers many scenarios how you can start up Istio and get your hands dirty with its offerings. Things become a bit more tricky when it involves multiple clusters, and even more complicated when there are other Open Source projects you need to deal with.

The presentation will be mainly driven by demos. The first demo will be based on simply starting multiple KinD clusters locally, and get Istio offerings in action.

The second demo will be based on GitOps setup with the similar multiple local clusters. This will involve some UI examples to showcase Istio offerings similar to bookinfo example, and backed by GitOps.

Lastly, there will be a short demo with multicloud + multicluster + GitOps setup, which gives the sense of how you can get production ready multicluster setup with Istio.

All the demo steps are documented in GitHub repo, and every step for each demo is curated to get the clusters up and running from scratch.

#IstioCon2021

Presented at IstioCon 2021 by Nicolas Meessen.

Atlassian has been deploying Envoy to the compute nodes of its internal PaaS over the past 2 years to simplify service-to-service communication for internal developers. Today we deploy Envoy with static configuration and we want to take advantage of dynamic features like client-side routing, direct communication, and fault injection. We decided Istio was the best choice to deliver this over the next year. We’ll talk through Atlassian’s journey with service-to-service communication, Envoy and the evolution of our home-grown control planes, then walk through the analysis that led to Istio being the best decision for Atlassian’s business moving forward.

#IstioCon2021

Presented at IstioCon 2021 by Shota Shirayama.

We introduced Istio on our microservices. Istio’s logs, metrics and features are very helpful for us to investigate in detail in case of failures.

One day we had big trouble due to a node failure, and it was very hard to find the root cause about why our application had not been recovered automatically. At that time, we finally found the root cause of it on our application logic thanks to Istio and we could reproduce the same failure on development environment with Istio as well. I’d like to share this story.

#IstioCon2021

Presented at IstioCon 2021 by Isan Rivkin.

At SimilarWeb we use Istio in all of our Kubernetes clusters and utilize Istio’s Authorization and Authentication policies for each service. As a small production engineering team, we wanted to let our developer’s full autonomy for writing new services with Helm without needing to know Istio internals.

To solve that problem we abstracted Istio completely inside a generic Helm chart for common use cases. For more complex cases create a MutatingWebhook in k8s that reads annotations from the deployments and configures the deployment to support all Istio related logic.

#IstioCon2021

Presented at IstioCon 2021 by Huabing Zhao & 阳 唐.

Traffic management is probably the most used feature of Istio. However, handling layer-7 traffic other than HTTP and gRPC can become challenging in an Istio service mesh. In this session, I’ll discuss a few possible approaches to extend Istio’s traffic management capability to other layer-7 protocols such as Dubbo, Thrift, TARS, Redis, MySql, MongoDB, etc. I’ll introduce Aeraki, an open-source project that provides a framework to allow Istio to support more layer 7 protocols than just HTTP and gRPC. A demo of Thrift and Dubbo traffic version-based routing and percentage-based routing will also be shown in this session. In the end, l’ll discuss some other interesting things we are planning at Aeraki, such as on-demand xDS to the sidecars.

Github: https://github.com/aeraki-framework/aeraki Live Demo: http://aeraki.zhaohuabing.com:3000/d/pgz7wp-Gz/aeraki-demo?orgId=1&kiosk Recorded Demo: Dubbo and Thrift Traffic Management https://youtu.be/vrjp-Yg3Leg

#IstioCon2021

Presented at IstioCon 2021 by Christian Posta.

Virtual conference presentations lack the dynamic and expressive feeling of a live talk in so many dimensions, and explaining complex concepts can be difficult. Even in person, one of the best ways to convey problems, solutions, and architecture discussions is through diagramming and white boarding. As one of the authors of Istio in Action for Manning Publishers, I’ve gone through many refinements of diagrams to help explain Istio. In this talk, we’ll use live diagramming, architecture sketches, demos and no slides, to illustrate how best to get started with Istio and iteratively adopt it into production. We will cover concepts like sidecar injection, the power of gateways, best practices for tying in PKI, and DNS proxying as we slowly add new workloads to a mesh.

#IstioCon2021

Presented at IstioCon 2021 by Alex Soto.

As we start to go toward cloud-native infrastructure and build our applications out of microservices, we must fully face the drawbacks and challenges to doing so. One of the most important aspect is securing (authentication and authorization) the services correctly.

In this session, we’ll show how Istio can simplify your security model when adopting (micro) services architecture.

We expect most developers haven’t adequately solved for these issues, so we’ll take it to step by step and build up a strong understanding of Istio and how it is used to secure the service mesh.

#IstioCon2021

Presented at IstioCon 2021 by Neeraj Poddar and Louis Ryan.
Closed caption and subtitles in Spanish by Pedro Galvan.

Neeraj Poddar and Louis Ryan from the Istio technical oversight committee, lead an update on the development of the project and the roadmap for 2021.

#IstioCon2021

Presented at IstioCon 2021 by Geoff Flarity, Jan Zantinge, & Liam White.

As service mesh gains wider adoption, more and more companies are looking to bring Istio to their organization. Istio will impact many teams, from operations to developers, and it’s important that they are well equipped. First you’ll hear a success story from the Square Cash team, who decided to move to Istio from Square’s homegrown Envoy service mesh. They’ll discuss why it was the right move for them, how they executed the move, and what they’d do differently if they were to do it a second time. Then we’ll generalize their learnings by exploring patterns we’ve seen firsthand for successfully bringing Istio into organizations.

#IstioCon2021

Presented at IstioCon 2021 by Lucas Ponce.

Kiali is a management console for Istio. It provides dashboards, observability, configuration and validation capabilities. This workshop will walk you through practical examples of Istio using Kiali.

#IstioCon2021

Presented at IstioCon 2021 by Scott Weiss & Eitan Yarmush.

Istio has some basic tooling to facilitate request troubleshooting, but it has something much more powerful at its core: Envoy proxy. When requests in the mesh start failing, Envoy is the definitive source for debugging information as it has a wealth of telemetry and logging that can be enabled to pinpoint problems along the request path. Trouble with certificates? Incorrect headers? Connection pooling or upstream errors? Un-routable request?

In this talk, we’ll look at how to build a repeatable and automatable set of tools to quickly debug a request path across multiple hops and potentially across multiple clusters and Istio control planes. Leveraging Envoy capabilities like access logging, module debug logging, the tap filter, configuration dumps, and detailed telemetry across multiple hops in the data path combined with some best practices, you will no longer have to worry when things appear to “not be working”.

#IstioCon2021

Presented at IstioCon 2021 by Jacob Delgado & Brian Avery.

The Istio Product Security Working Group operates behind a bit of secrecy given the nature of the group’s work; mostly triaging security reports and threats. In 2020, there were over 11 security bulletins released that spanned from Istio 1.3 to Istio 1.8. In this talk, we will explain why the group was created, how it operates, and its mission to make Istio more secure.

Namely, we will discuss:

A brief history of how the group was formed
Why it was necessary for the group to be created
A look at Istio security vulnerabilities in 2020
How we triage security reports and fix them
Pro-active measures the group is working on to make Istio more secure
Please join us to learn about the responsibilities of the Product Security Working Group and how to stay informed about the security of your environments.

#IstioCon2021

Presented at IstioCon 2021 by Jason Webb & Vrushali Joshi.

In order to support modern, responsive, real-time experiences across thousands of microservices, at Intuit we needed a solution for high-performance networking at scale. We began to accept that the limitations of our Hub and Spoke API Gateway model would be impossible to patch. With a significant move to Kubernetes within the company and with Service Mesh technologies on the near horizon, we began the journey to bring Service Mesh to our enterprise. We quickly discovered that deploying Istio for the enterprise comes with a host of challenges. Supporting multi-region deployments with non-flat networks and securely managing multitenant configuration across hundreds of Kubernetes clusters proved challenging. This talk details how Intuit solved these problems while deploying and managing Istio multi-cluster at scale in production.

#IstioCon2021

Presented at IstioCon 2021 by Sudheendra Murthy.

Managing a service mesh that spans hundreds of thousands of containers across the globe is no easy feat. At high scale, achieving fast configuration convergence time to thousands of proxies, while limiting the CPU & memory utilization of control-plane & proxies is a challenging problem. This talk describes eBay’s initial journey into building a scalable service mesh that provides the traffic management, load-balancing, security and observability features at scale leveraging Istio. The talk presents the federated design to manage configuration across multiple meshes in different availability zones, multiple trust domains to support workloads in different environment. The talk shares results from the extensive control-plane scale and performance tests to establish the efficacy of the design to support the massive scale, provides insights into the breaking limits of Istio control-plane and sidecar proxy and finally provides best practices & recommendations to operate Istio at scale.

#IstioCon2021

Presented at IstioCon 2021 by Raphael Fraysse.

At Mercari, we have few hundreds of services running in Kubernetes. We spent the last year and a half trying to integrate Istio in our microservices infrastructure at scale, with many trial-and-error and lessons learned. This presentation will explain what is making Istio a long wild river and how we managed to navigate it. It will focus on several aspects:

Stabilizing Istio
Adopting Istio
Running Istio By sharing our learnings, we hope to make Istio a long quiet river for the community.

#IstioCon2021

Craig Box and Lin Sun, program chairs and Istio steering committee members, welcome you to IstioCon and discuss the past, present and future of Istio.

#IstioCon2021

Presented at IstioCon 2021 by Lee Calcote & Abishek Kumar.

This workshop introduces service mesh concepts and each aspect of Istio. Gain hands-on experience with this popular tool as you learn how to deploy and configure Istio alongside microservices running in Kubernetes.

For upcoming events and workshops visit https://events.istio.io

#IstioCon2021

Presented at IstioCon 2021 by Denis Jannot & Christian Posta

This workshop is based on Istio and Gloo Mesh. Each participant will have a dedicated VM and we will go through diferent labs.

#IstioCon2021

Presented at IstioCon 2021 by Alex Van Boxel.

It’s lonely in your pod, but finally, you receive that long-awaited knock on the port… but can you trust that inbound request?

This session dives into an essential aspect of a service mesh: trust. We’ll dive into how certificates work into Istio, use peer authentication, and explain concepts like SPIFFE identifiers. Peer thrust can also be leveraged in the application architecture.

A mesh is not only for cluster administrators but also for architects and developers, making it well worth to highlight those patterns.

#IstioCon2021

Presented at IstioCon 2021 by John Howard.

This talk will describe the new Kubernetes Gateway API being developed by the Kubernetes SIG Network as “an evolution of the Ingress API”, and how this will impact Istio.

#IstioCon2021

Presented at IstioCon 2021 by Santiago Núñez-Cacho.

Wouldn’t it be great to have an easy way to dynamically, via istio, limit the traffic to a service in Kubernetes?

Figure out you have one or more ingress gateways for the incoming requests, and you want to limit the requests from a single IP, or to limit requests with an specific http header in an specific amount of time.

With this operator you just have to create and deploy a simple Custom Resource (CR) with your desired rate limit configuration.

The operator, from this CR, will create the necessary istio objects to use the http level rate limit filter.

Presented at IstioCon 2021 by Animesh Chaturvedi

This talk will share the experience of building a data lake using Istio / Envoy. This talk will cover why we selected Istio for building a data lake in early 2019. Our journey with Istio and go in depth the challenges we ran into scaling the ingestion pipeline to scale to process several hundred tera bytes a day.

#IstioCon2021

Presented at IstioCon 2021 by Venky Ganti & Rahul Lahiri.

Microservices applications rely on complex interactions among services. Engineering teams must create API tests with API mocks to shift testing left. Current approaches to mock creation are manual, which is expensive and inefficient.

We illustrate how Istio can be leveraged to significantly reduce engineering effort necessary for API testing.

API tests can be built using the following Istio capabilities:

Dynamic deployment of Envoy filters to capture relevant examples of API requests and responses.
Observability to trace request execution flows across all microservices.
Virtual services can switch traffic between live services and mocks with no code changes.
Developer benefits:

Ad hoc service testing locally leveraging API data to mock producer services
Create service tests with auto-created API mocks, eliminating costly manual API mock creation
Get visibility into failed API requests from end-to-end tests with no additional effort

#IstioCon2021

Presented at IstioCon 2021 by John Howard.

This talk will walk through how to run Istio locally to improve development velocity, where “local” includes various combinations of local Kubernetes cluster, local docker registry, running Istiod as a local binary (and in a debugger), and running the proxy locally.

#IstioCon2021

Presented at IstioCon 2021 by Archna Gupta.

This talk will walk through canary deployments process and how to achieve the same using Kubernetes service orchestration or Spring Cloud Gateway focusing on the limitations of these approaches and how Istio overcomes these limitations. Spring cloud Gateway or Kubernetes LoadBalancer service or Ingress controllers only supports the edge service routing and not Internal routing from edge service to another service in cluster. This is where Istio virtual services and destination rules come to rescue – this talk with elaborate further on how Istio provides an optimal solution for canary releases in this scenario.

#IstioCon2021

Presented at IstioCon 2021 by Eric Van Norman & Brian Avery.

Another Istio release is out! You may be nervous, but we have been continuously improving our release qualification process to hopefully ease your concerns. In 2020, we collected feedback and used it to focus on producing higher quality and more consistent releases. We created a Definition of Done to determine what it means for releases and features to be considered stable. This has led to release notes tooling, standardized feature maturity levels and release gates. We also created a new Upgrade Workgroup to improve the stability, user experience, and test infrastructure around Istio upgrades. This talk will explore what each of these new additions means for you as a user and whether you can trust that new release or feature in your production environment. We’ll be sure to leave some time for feedback. We’d love to know how these changes are or are not addressing your concerns as well as other improvements you would like to see.

#IstioCon2021

Presented at IstioCon 2021 by Sam Stoelinga.

So you’ve actually done security well and are using an external Redis provider that only allows TLS to talk to it. You could simply configure each of your applications to use TLS from the application pod or you can use Istio to handle the TLS part. This lightning talk demonstrates how to use Istio to do TLS origination for Redis (TCP) using the sidecar instead of the egress gateway.

#IstioCon2021

Presented at IstioCon 2021 by Ryan Michela.

Helm. It’s not just for installation anymore!

In this session, we re-introduce Helm as a powerful tool for automating Istio day-two administrative tasks. Using Helm, we can completely rethink Istio management by creating a domain specific language for Istio configuration. Helm lets us build a simplified facade over Istio, allowing developers to more naturally express their intentions as code instead of forcing them to think in Istio CRDs.

In this session we will look at four common Istio configuration patterns, and explore how Helm dramatically simplifies their use. We will deep dive into Helm itself, teaching you how to write Helm charts perfectly tailored to your Istio developer’s needs. Finally, we’ll look at Helm gitops automation, to securely and reliably manage Istio configuration from commit to production. You will leave this session with everything you need to confidently tame Istio using Helm.

#IstioCon2021

Presented at IstioCon 2021 by Pratima Nambiar.

Istio and Envoy are foundational building blocks of the Salesforce Service Mesh. This presentation walks you through our service mesh journey. I will briefly talk about why we chose the service mesh design pattern, how we initially built it using envoy and our in-house control plane and our subsequent pivot to Istio. I will discuss how we are currently leveraging Istio and our plan to increase adoption of Istio to further enhance our Service Mesh platform.

#IstioCon2021

Presented at IstioCon 2021 by Sebastian Toader & Zsolt Varga.

During the past several years Apache Kafka emerged as the default enterprise message bus. With Istio on its own way to becoming the service mesh “standard” within the enterprise, running a Kafka cluster inside a mesh became a frequent requirement. We’ve been running Kafka over Istio for a few years now, and in this talk, we’d like to share our experience, the common problems and eventually the benefits that led us to make this integration possible. In this talk we’ll be touching on both security and operational benefits such as:

On the fly certificate renewals with no service downtime
Secure cross-regional interaction between workloads and Kafka
Unified simplified configuration to enable mTLS for all components
Single cluster and cross-cluster workload authn/authz of K8s service accounts using Envoy WASM filters
Envoy WASM filters open the gates for a whole array of useful features such as Kafka protocol level metric

#IstioCon2021

Presented at IstioCon 2021 by Joe Searcy.

This is a story of struggle, tradeoffs, and triumphs. Istio, as you may know, is a mission-critical piece of software for securing and connecting microservices across platforms. However, it can be daunting to introduce, operationalize, or adopt it successfully.

In this talk, we dig into T-Mobile’s journey of adopting Istio across 100+ clusters to support microservices for fraud detection, billing, sales and APIs across many teams. The journey was not all rainbows and unicorns. We cover things such as tenancy, install/upgrade, feature adoption, CI/CD integration, and architecture tradeoffs. We see first-hand lessons learned around:

The importance of iteration
Structured boundary and isolation
Approaches to multi-cluster
Stateful workloads in Istio
Team processes
Attendees of this talk will leave with a better understanding of how a large organization runs Istio to secure, and observe microservices in a large-scale deployment with all of its pros and cons.

#IstioCon2021

Presented at IstioCon 2021 by Jacob Delgado.

There are numerous environmental variables that can be used to control the behavior of Istio. Environmental variables in Istio are considered experimental and there are no guarantees they won’t be removed in future versions of Istio.

In this talk, we will explore a few related to certificates used for inter-workload communication within your service mesh:

Some of the pilot-agent environmental variables related to certificates
How to toggle them during installation using istioctl and helm

#IstioCon2021

Presented at IstioCon 2021 by Neeraj Poddar & Dave Lenrow.

Building the next fastest, secure and reliable 5G platform is challenging in its own right but doing that while modernizing your infrastructure and onboarding Cloud-Native Functions (CNFs) from multiple vendors can be a herculean effort

In this talk, we will cover how Istio can be used in 5G platforms to achieve uniform security and visibility across these CNFs deployed in multiple clusters across different sites including edge. However, rolling out Istio at this scale brings its own challenges around lifecycle management, tenant isolation, identity management and visibility beyond metrics and traces. We will cover the lessons learned and tradeoffs between various architectures, in particular:

Tenancy isolation
5G aware telemetry
Uniform identity between legacy and workloads in the mesh
Deep packet inspection
Attendees will gain insight into how service providers use Istio at a large scale and what the future holds for a mesh everywhere world from backend to edge to devices

#IstioCon2021

Presented at IstioCon 2021 by Rob Salmond.

Istio listens to Kubernetes and speaks to Envoy. We will explore these conversations and learn to understand what’s being said.

#IstioCon2021

Presented at IstioCon 2021 by Lorenzo Fundaró.

In this talk, we will show how we used Istio’s EnvoyFilter to dynamically route requests from our QA cluster to a developer’s laptop and back. This networking hack significantly eased development, especially when running end-to-end tests and helped us reduce infrastructure costs.