Loading…
Attending this event?
Virtual
September 25-26, 2023
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for IstioCon Virtual 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in EDT. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above “Filter by Date.”

Simple
Expanded
Grid
By Venue
Monday, September 25
 

11:00am EDT

Welcome + Opening Remarks - Mitch Connors & Faseela K, Program Chairs
Speakers
avatar for Faseela K

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology
Faseela is a cloud-native developer at Ericsson Software Technology(EST) and is a steering committee member and maintainer at Istio. Prior to this, she has worked as a platform development engineer at Cisco and as a Tech Lead at Ericsson R&D, leading contributions to the OpenDaylight... Read More →
avatar for Mitch Connors

Mitch Connors

Sr. Principal Engineer, Aviatrix
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

IstioCon2023 Welcome Keynote pdf
Monday September 25, 2023 11:00am - 11:25am EDT
Virtual
  Opening & Closing Remarks

11:25am EDT

Istio Ambient Service Mesh Made Simple - Lin Sun, Solo.io
Istio ambient mesh introduces a new sidecar-less data plane mode designed for simplified operations, broader application compatibility, and reduced infrastructure cost. Since the initial launch of ambient mesh in 2022, there have been significant simplifications to the ambient design: introducing a custom, lightweight, highly scalable Rust-based ztunnel in favor of the original Envoy-based one; much simplified xDS configuration from Istio control plane to ztunnel; eliminating the consumer-side waypoint proxy; removing the need for Sidecar resource for sidecar-less; explicitly binding authorization policies to waypoint proxies; and many more! We will discuss the new exciting updates through live demos and explain why the changes were made during an architectural deep dive.
Speakers
avatar for Lin Sun

Lin Sun

Director of Open-Source, solo.io
Lin is the Director of Open-Source at Solo.io. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for three years and was a Senior Technical Staff Member and Master Inventor... Read More →

Monday September 25, 2023 11:25am - 11:55am EDT
Virtual
  Project Updates

11:55am EDT

Fine-Grained Policies RBAC with NGAC - José Carlos Chávez, Tetrate
  1. The fine-grained nature of cloud native deployments requires fine-grained authorizations at each component. However, this may require security policies to be centrally defined and the configurations reflecting them to be defined in each microservice to enable uniform, consistent enforcement across the entire system which is hard to model and maintain. Next-Generation Access Control (NGAC), developed by the U.S. National Institute of Standards and Technology (NIST), enables a systematic, policy-consistent approach to access control, granting or denying users administrative capabilities with a high level of granularity. It is based on the assumption that you can model the system you want to protect in a graph that represents the resources and your organizational structure, in a way that has meaning to you and that adheres to your organization semantics. This talk will offer an overview of NGAC and its advantages over more traditional RBAC and ABAC in the context of Zero Trust.
Speakers
avatar for Jose Carlos Chavez

Jose Carlos Chavez

Software Engineer, Tetrate
José Carlos Chávez is a Software Engineer at Tetrate.io, an OWASP Coraza co-leader, a Zipkin core team member and a Mathematics student at the University of Barcelona. He enjoys working in Security, compiling to WASM, designing APIs and building distributed systems. While not working... Read More →

Fine Grained Policies RBAC with NGAC pdf
Monday September 25, 2023 11:55am - 12:25pm EDT
Virtual
  Case Studies

12:25pm EDT

Sponsored Keynote: Istio Ambient Mesh as Managed Infrastructure - Justin Pettit, Google
Ambient mesh is an innovative new deployment model for Istio service mesh that provides an alternative to traditional sidecars. The benefits have mostly focused on how ambient mesh provides the networking, security, and observability of Istio, but in a deployment that is less invasive and uses significantly fewer resources. In this presentation, we will focus on another benefit of the architecture.

We will discuss how ambient mesh’s deconstructed dataplane maps to traditional components in a network. Using this view, an ambient mesh can be built by extending existing cloud infrastructure components, which makes the mesh an integrated part of the network instead of introducing another layer of complexity. This new deployment model shifts the responsibility of maintaining and scaling the service mesh to the cloud provider so users can focus on building their applications.
Speakers
avatar for Justin Pettit

Justin Pettit

Senior Staff Engineer, Google
Justin works on Istio and service mesh at Google. Previously, he worked on Software Defined Networking, helping create the Open vSwitch and OVN projects, as well as the OpenFlow protocol. Prior to Google, Justin worked at four successful startups focused on network virtualization... Read More →

IstioCon 2023 Ambient Mesh and Managed Offerings pdf
Monday September 25, 2023 12:25pm - 12:30pm EDT
Virtual
  Keynote Sessions

12:35pm EDT

Istio Roadmap Updates - Istio Technical Oversight Committee Members John Howard, Google & Eric Van Norman, IBM
Speakers
avatar for Eric VanNorman

Eric VanNorman

Senior Software Engineer, IBM
Eric has been working at IBM for 34 years and in the IBM Cloud division since 2014. He has worked on service brokers, service proxy and discovery, Docker, Kafka, image security, and since 2019, Istio. He is a member of the Technical Oversight Committee and is the lead of the Istio... Read More →
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and lead of the Istio Networking working group.

IstioCon2023 Roadmap Talk pdf
Monday September 25, 2023 12:35pm - 1:05pm EDT
Virtual
  New Features

1:10pm EDT

Pre-Sail Checks: Do You Need a Checklist Before Sailing to Production with Istio? - Simon Green & Ram Vennam, Solo.io
Drawing inspiration from the aviation industry's use of checklists for ensuring safe flights, we present a session on leveraging checklists and best practices to guarantee the successful operation of Istio in production environments. Join Simon and Ram, seasoned Field (and Flight!) Engineer's at Solo.io, as they share real-world experiences from assisting users with Istio deployments in production. Through a captivating story, you'll gain insights into the challenges faced by an Istio adopter who underestimated the complexities of running a production-scale Istio deployment. In this session, you'll explore the significance of various configuration switches and knobs within Istio. Learn which settings to leave untouched and which require meticulous tuning to optimize system performance. Unravel the mysteries behind crucial parameters like "PILOT_DEBOUNCE_AFTER" and understand how their misconfiguration can lead to unforeseen consequences.
Speakers
avatar for Ram Vennam

Ram Vennam

Director - Field Engineering, Solo.io
Ram Vennam is a Field Engineer at Solo.io where he helps companies design and build highly scalable, resilient, and distributed systems with the latest cloud native technology. Previously, he was at IBM where he was a Technical Product Manager and Developer Advocate for all things... Read More →
avatar for Simon Green

Simon Green

Field Engineer, Solo.io
As a Field Engineer at Solo.io, Simon Green’s professional experience includes helping enterprise customers with Application Networking. Simon has 20+ years of experience in Application Development, having specialized in Enterprise Application Integration (EAI), Enterprise Integration... Read More →

IstioCon2023 Pre Sail Checks pdf
Monday September 25, 2023 1:10pm - 1:40pm EDT
Virtual
  Case Studies

1:40pm EDT

Break ☕ + Networking
Monday September 25, 2023 1:40pm - 1:50pm EDT
Virtual
  Breaks

1:50pm EDT

Ambient Q+A
It's been a year since the Istio Project announced work on our ambitious Ambient mode. Much has been promised about how Ambient will reduce resource consumption, improve operations, ease onboarding, and solve world peace. This panel will explore how Ambient Mode has and has not achieved the expectations set for it. Rather than hearing from engineers who built Ambient, we will hear from end users who have experimented with Ambient in Development and Staging environments, to hear their initial impressions. At the end of this panel, attendees should have a better understanding of what problems Ambient is ready to solve today, and contributors should have a better idea of how to improve Ambient Mode in the future.
Speakers
avatar for Eric VanNorman

Eric VanNorman

Senior Software Engineer, IBM
Eric has been working at IBM for 34 years and in the IBM Cloud division since 2014. He has worked on service brokers, service proxy and discovery, Docker, Kafka, image security, and since 2019, Istio. He is a member of the Technical Oversight Committee and is the lead of the Istio... Read More →
avatar for Louis Ryan
avatar for Neeraj Poddar

Neeraj Poddar

VP of Engineering, Solo.io
Neeraj Poddar is the Head of Engineering at Solo.io. He has worked on various aspects of operating systems, networking and distributed systems over the span of his career. He is passionate about developing efficient and performant distributed applications. He's an open source enthusiast... Read More →
avatar for Lin Sun

Lin Sun

Director of Open-Source, solo.io
Lin is the Director of Open-Source at Solo.io. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for three years and was a Senior Technical Staff Member and Master Inventor... Read More →
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and lead of the Istio Networking working group.
avatar for Mitch Connors

Mitch Connors

Sr. Principal Engineer, Aviatrix
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Monday September 25, 2023 1:50pm - 2:20pm EDT
Virtual
  Case Studies

2:30pm EDT

Achieving Fault Tolerance in Istio with Observability-Driven Load Management - Tanveer Gill, FluxNinja
Service mesh technologies like Istio have revolutionized microservices communication. Yet, ensuring consistent reliability remains a challenge. Metastable failures like cascading failures and retry storms, highlight the limitations of traditional mitigation strategies such as circuit breakers and rate-limiting, especially when adapting to dynamic service conditions. In this context, observability-driven automation is required. Aperture is an open-source load management system, that introduces adaptive service protection, workload prioritization, and more. Aperture Agent operates as a Sidecar or as a DaemonSet and integrates with Istio using Envoy's External Authorization API to gain traffic insights to make informed decisions that safeguard against failures. This session will showcase Aperture in a real-world deployment where it is used to protect multi-tenant databases such as Apache Druid and PostgreSQL from overloads by adaptively scheduling GRPC and GraphQL traffic.
Speakers
avatar for Tanveer Gill

Tanveer Gill

CTO, FluxNinja
Tanveer Gill is co-founder & CTO of FluxNinja, an early-stage startup enabling reliability automation. He is co-creator of the Aperture open source project and active contributor in the open source community. Previously, he was Co-founder of the observability startup Netsil, which... Read More →

IstioCon Talk pdf
Monday September 25, 2023 2:30pm - 3:00pm EDT
Virtual
  New Features

3:00pm EDT

Untangling Your Istio Mesh with Feature Gates - Niranjan Shankar, Microsoft
Interested in getting started with Istio to manage microservices, but concerned about its complexity? Don’t worry, you aren’t alone. While Istio’s expansive feature set and configurability make it adaptable to various cloud environments, they can also be overwhelming to operators primarily interested in the core use-cases of service mesh. Platform administrators may also want to restrict developers’ access to some Istio functionalities, fine-tuning options, and APIs - particularly experimental or alpha status ones - in production environments. In this session, you’ll learn how to leverage tools and techniques like Kubernetes admission controllers, Istio feature flags, and GitOps solutions to feature-gate your Istio setup and narrow the configuration surface area. You’ll also walk away with some helpful criteria, such as feature status, ease-of-use, resource consumption, and risk-level, for determining which Istio capabilities to include in, or exclude from, your mesh environments.
Speakers
avatar for Niranjan Shankar

Niranjan Shankar

Software Engineer, Microsoft
Niranjan Shankar is a software engineer on the Azure Kubernetes Service (AKS) Traffic Team, where he is driving feature development and integration for the Istio-based service mesh add-on for AKS, and also contributes to the Istio open-source project. He was formerly a member of the... Read More →

Untangling Istio Mesh Feature Gates IstioCon 2023 pdf
Monday September 25, 2023 3:00pm - 3:30pm EDT
Virtual
  Istio Recipes

3:30pm EDT

Coffee Break ☕ + Networking
Monday September 25, 2023 3:30pm - 3:40pm EDT
Virtual
  Breaks

3:40pm EDT

Identity Theft Is Not a Joke, Jim! How Istio Ambient Mesh Safeguards Our Pod Identities - Marino Wijay, Solo.io
Impersonation and Identity theft are serious crimes in the world of Kubernetes! Who's checking IDs and making sure imposters haven't made their way into our cluster? When considering protecting our services and providing identity for authorization, we'll always turn to a Service Mesh as an insertion/interception point. However, with this new mode of Istio called Ambient Mesh, some questions arise: - How does Ambient prevent impersonation? - What's the Ztunnel have to do with identity? - Where do we maintain mTLS? - How does authorization get enforced at L4 and L7?? - What did you do to my sidecar??? In this talk, we break down the key security features of Istio Ambient Mesh, and provide proof that Ambient Mesh truly prevents identity theft while still providing the same key capabilities as the Istio Service Mesh. We'll demonstrate how Ambient Mesh provides Ztunnel as a daemonset to provide a complete security posture and node-to-node encryption vs. pod-to-pod within the node.
Speakers
avatar for Marino Wijay

Marino Wijay

Developer and Platform Advocate, Solo.io
Marino Wijay is a Canadian, Traveller, International Speaker, Open Source Advocate for Service Mesh, Kubernetes, and Networking. He is an Ambassador @ EddieHub, and Lead Organizer for KubeHuddle Toronto. He is passionate about technology and modern distributed systems. He will always... Read More →

Monday September 25, 2023 3:40pm - 4:10pm EDT
Virtual
  Istio Recipes

4:15pm EDT

Multiplayer Istio: Collaborative WASM Plugins with Intel and Layer5 - Lee Calcote, Layer5 & Xin Huang, Intel
Envoy WASM Filters are a powerful point of extensibility in Istio’s dataplane and WASM Plugins in Istio offer a pluggable mechanism for dynamically loading and unloading Envoy filters. Lifecycle management of WASM filters and understanding how each is configured presents a challenge for any cloud native engineer. In this session, we’ll learn how Intel uses CNCF project, Meshery, to visually design and collaboratively create Istio deployments that employ WASM Plugins to harness hardware-specific acceleration. Intel liberates its engineers from YAML intricacies by leveraging Meshery’s Istio integration and WASM filter management.
Speakers
avatar for Lee Calcote

Lee Calcote

Founder, Layer5
Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As Founder of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent focus through... Read More →
avatar for Xin Huang

Xin Huang

Cloud Software Developer, Intel
Intel Cloud software developer focusing on Kubernetes, Istio, and Envoy, and the maintainer of the CNCF sandbox project: Service Mesh Performance.

Monday September 25, 2023 4:15pm - 4:45pm EDT
Virtual
  Istio Recipes

4:45pm EDT

Closing Remarks- Mitch Connors, Program Chair
Speakers
avatar for Mitch Connors

Mitch Connors

Sr. Principal Engineer, Aviatrix
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Monday September 25, 2023 4:45pm - 4:55pm EDT
Virtual
  Opening & Closing Remarks
 
Tuesday, September 26
 

10:30am EDT

Opening Remarks - Iris Ding, Program Committee Member
Speakers
avatar for Iris Ding

Iris Ding

Cloud software engineer, Intel
Iris Ding works in Intel's IAGS team now and has a rich background in Open source development, cloud computing, middle ware development and design. Her current focus is research in cloud native area such as kubernetes and service mesh.

Tuesday September 26, 2023 10:30am - 10:40am EDT
Virtual
  Opening & Closing Remarks

10:45am EDT

Debunking the Istio Is Complex Meme - Christian Posta, Solo.io
Istio is a powerful networking technology that connects and secures applications, but with power comes a threshold for understanding how to use it. Thankfully, Istio functionality can be iteratively adopted to reduce the cognitive load of getting started. Even so, there still seems to be an impression that Istio can be difficult to use. In this talk we take a look at some scenarios for new Istio adopters to avoid including using Istio at the right level of abstraction, iterative feature adoption starting with mTLS, and describing real-world adoption stories for Istio
Speakers
avatar for Christian Posta

Christian Posta

Global Field CTO, Solo.io
Christian Posta (@christianposta) is VP, Global Field CTO at Solo.io. He is the author of Istio in Action as well as many other books on cloud-native architecture and is well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor... Read More →

Tuesday September 26, 2023 10:45am - 11:15am EDT
Virtual
  Istio Recipes

11:15am EDT

Using Istio to Build Better Service Level Objectives - Chris Dutra, JP Morgan
One of the major tenants of Site Reliability Engineering is the usage of service level objectives (SLOs) to better understand customer and user expectations. However, massively distributed systems can (and will) lead to blind spots in SLO generation and adherence, which can delay detection and mobilization times in an organization’s incident response. One will find that not all SLOs are equal, and “customers” in service to service configurations can take on machine form. This presentation offers best practices for utilizing Istio telemetry and observability to best make use of constructing SLOs. We'll cover two use cases - traditional metrics and distributed tracing - and how in conjunction they can offer a clear, data-driven approach to managing the reliability of large-scale distributed platforms and applications.
Speakers
avatar for Chris Dutra

Chris Dutra

Executive Director, Markets SRE Lead, JP Morgan
Chris is the Site Reliability Engineering lead for the Markets division of the Corporate & Investment Bank at JP Morgan. His current focus is on the reliability of the high-performing compute (HPC) platforms and modernization of systems into public cloud. Prior to JPMC, Chris has... Read More →

Tuesday September 26, 2023 11:15am - 11:45am EDT
Virtual
  Case Studies

11:45am EDT

Expanding Horizons: Advanced Deployment Strategies in Multi-Cluster Kubernetes Environments - Fran Perea Rodríguez, Red Hat & Eduardo Bonilla, Solo.io
Have you ever struggled to release new versions of your application in a multicluster environment? How do you know that the new version of your application will work as expected and will give a great experience to the end user? By using CI/CD to deploy the new version across all clusters, advanced deployment capabilities and progressive delivery features to release a new version of an application without affecting the end user. We will achieve this in a Multicluster Service Mesh environment with the help of Istio, ArgoCD and Argo Rollouts.
Speakers
avatar for Eduardo Bonilla

Eduardo Bonilla

Customer Success Engineer, Solo.io
Edu Bonilla is a Customer Success Engineer at Solo.io. He helps customers to get up to speed and follow their process in a day to day life. He has been working several years now with Kubernetes, Istio, Envoy, and all the technologies required to manage them, as he has been working... Read More →
avatar for Fran Perea Rodríguez

Fran Perea Rodríguez

Cloud Consultant, Red Hat
Consultant at Red Hat. Passionate about Cloud-native projects and all related to CNCF projects. Focused on technologies like Kubernetes, Service Mesh and GitOps. Everything as Code!

IstioCon2023 ExpandingHorizons pptx
Tuesday September 26, 2023 11:45am - 12:15pm EDT
Virtual
  Case Studies

12:15pm EDT

Break ☕ + Networking
Tuesday September 26, 2023 12:15pm - 12:30pm EDT
Virtual
  Breaks

12:30pm EDT

Tracing CI/CD with OpenTelemetry - John Howard, Google
Tired of hearing about "Ambient" and "Security"? Take a break from the monotony and stress of maintaining a production cluster and join me in making pretty graphs instead. In this talk, I will go over how Istio uses OpenTelemetry tracing -- commonly used for observing distributed services -- to observe our CI/CD setup, and how you can too! After this talk, you should have an increased understanding of tracing (which can be used with Istio, as well), as well as how it can be used beyond traditional usage.
Speakers
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and lead of the Istio Networking working group.

Tuesday September 26, 2023 12:30pm - 12:40pm EDT
Virtual
  ⚡Lightning Talks

12:40pm EDT

Life of a Request in Istio Ambient Mesh - Gregory Hanson, Solo.io
Ambient removes the need for sidecars in Istio service mesh, but what does this mean for the life of a request? A request is no longer routed sidecar to sidecar, they are now instead replaced by ztunnels and waypoint proxies. How many ztunnels are hit during a typical request? Are waypoints client-side or server-side? How do they interact with an Istio ingress gateway? The goal of this talk is to walk through a request from client to server in a few different scenarios and answer all of these questions and more.
Speakers
avatar for Gregory Hanson

Gregory Hanson

Software Developer, Solo.io
Greg has been involved with Istio since its earliest days and has served as a member of Networking, User Experience, Release Manager, and Security work groups.

LifeOfARequest GregHanson IstioCon2023 pdf
Tuesday September 26, 2023 12:40pm - 12:50pm EDT
Virtual
  ⚡Lightning Talks

12:50pm EDT

Best-Practices for Securing Egress Traffic with Istio - Niranjan Shankar, Microsoft
You’ve successfully installed Istio and secured intra-mesh traffic with mTLS. Great. A common next-step is controlling traffic to services outside of your cluster. Thankfully, Istio offers various custom resources and mesh-wide settings, as well as integration with an egress gateway, to manage outbound traffic. Nonetheless, operators need to take several additional steps and leverage mechanisms external to Istio to enforce a defense-in-depth framework for egress communication. For instance, organizations often require that all traffic that crosses network perimeters should flow through dedicated notes, be filtered by a firewall, and be logged and monitored. Additionally, other network security controls like Network Policies are needed in the event that sidecar proxy is bypassed. In this session, we’ll explore a brief, but comprehensive, end-to-end demo how Istio APIs and configurations can integrate with cloud security services, observability tools, and Kubernetes security resources to fully secure egress traffic from your cluster. Demo: https://github.com/nshankar13/tutorials/tree/main/istio-egress-demo.
Speakers
avatar for Niranjan Shankar

Niranjan Shankar

Software Engineer, Microsoft
Niranjan Shankar is a software engineer on the Azure Kubernetes Service (AKS) Traffic Team, where he is driving feature development and integration for the Istio-based service mesh add-on for AKS, and also contributes to the Istio open-source project. He was formerly a member of the... Read More →

Egress Best Practices IstioCon 2023 pdf
Tuesday September 26, 2023 12:50pm - 1:00pm EDT
Virtual
  ⚡Lightning Talks

1:00pm EDT

The Security Evolution of GRPC Services in the Mesh - Amim Knabben, VMware
This presentation aims to explore the evolving surrounding of gRPC services intercommunication in the context of containers and inside service mesh. It will delve in the history and intricacies of securing communication, authentication, authorization and accounting within a modern distributed system architecture. This talk also emphasize the current crucial role of Istio in enhancing the security posture of gRPC services east-west traffic compared with older approaches, that includes default encryption, identity and access management, and secure service-to-service communication on service mesh without the complexity of sidecars usage.
Speakers
avatar for Amim Knabben

Amim Knabben

Senior Software Engineer, VMware
Software engineer with a focus on Cloud Native and Free and Open-Source Software, currently working at VMware as the Tanzu Kubernetes Grid Security and Windows tech lead. Amim has been contributing to the Kubernetes community since 2020 mainly on SIG-Network and SIG-Windows initiatives... Read More →

Tuesday September 26, 2023 1:00pm - 1:30pm EDT
Virtual
  Case Studies

1:30pm EDT

A Look at Istio's Journey with the Gateway API - Keith Mattix, Microsoft & John Howard, Google
There's been a lot of buzz in the Kubernetes ecosystem around the Gateway API, a new specification for traffic routing. As an early adopter and conformant implementation of the spec, Istio has become more and more intertwined with the Gateway API each release. Come learn how this new API has shaped Istio's future and what it means for you as a user.
Speakers
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and lead of the Istio Networking working group.
avatar for Keith Mattix

Keith Mattix

Senior Engineering Lead, Microsoft
Keith Mattix is an Engineering Lead at Microsoft focused on Istio, Gateway API, and other networking projects.

Tuesday September 26, 2023 1:30pm - 2:00pm EDT
Virtual
  Project Updates

2:00pm EDT

Break ☕ + Networking
Tuesday September 26, 2023 2:00pm - 2:10pm EDT
Virtual
  Breaks

2:10pm EDT

Istio's Multicluster Networking Modes: Connecting Clusters Beyond Borders - Abdul Basit, Rakuten Symphony
Istio is a popular service mesh that enables secure, reliable, and observable communication between microservices. But what if you have multiple Kubernetes clusters that span different networks? How do you connect them with Istio and enable cross-cluster communication? In this talk, you will learn about the different multicluster networking modes that Istio supports, such as single/flat network and gateway/multi-network. You will see the pros and cons of each approach and the factors our customers consider when choosing a specific network mode. By the end of this talk, you will have a better understanding of how Istio multicluster networking works, and how to choose the best mode for your use case.
Speakers
avatar for Abdul Basit

Abdul Basit

Product Architect, Rakuten Symphony
I am a Product Architect in Rakuten Symphony with focus on helping our customers adopt service mesh technologies based on Istio, and cloud native networking. I am passionate about solving complex problems with innovative and scalable architectures, and I enjoy sharing my knowledge... Read More →

Istio Multicluster Networking Modes Connecting Clusters Beyond Borders pdf
Tuesday September 26, 2023 2:10pm - 2:40pm EDT
Virtual
  Istio Recipes

2:40pm EDT

Demystifying Load Balancing in Istio - Shivanshu Raj Shrivastava, Independent & Jimmy Song, Tetrate
Istio is a widely adopted service mesh transitioning to the graduated project in CNCF. Multiple traffic management strategies are provided out of the box in istio by leveraging envoy proxy’s native APIs. Managing istio in a multicluster setup means a deep understanding of every istio config. As your production environment scales, your networking requirements change, and it's better to adopt new strategies to achieve resiliency in your networking infrastructure. A multicluster setup may become complex, you may want to introduce a mixture of gateways routing to multiple clusters and then routing to services; configuring layer 4-6 load balancing effectively can help you leverage most out of your infrastructure. We aim to discuss different load-balancing strategies available in istio, such as locality load balancing and other algorithms available and demonstrate via demos when and how to leverage each of the load-balancing strategies to get the most out of your distributed infrastructure.
Speakers
avatar for Shivanshu Raj Shrivastava

Shivanshu Raj Shrivastava

Independent
Shivanshu is a contributor at Tetrate, working on Istio, and distributed systems. He's a member of Istio, Kubernetes and OpenTelemetry and loves contributing to OSS.
 In the past, he had worked at AppDynamics, building monitoring agents, and at Samsung on Samsung's Smart Things... Read More →
avatar for Jimmy Song

Jimmy Song

Developer Advocate, Tetrate
Jimmy Song is a developer advocate at Tetrate and the founder of the Cloud Native Community. He is also an author and producer of PHEI and an early adopter and evangelist of Kubernetes and Istio. Previously, he worked at iFlytek, TalkingData, and Ant Group. Learn more about it on... Read More →

Demystifying Load Balancing in Istio Shivanshu Raj Shrivastava and Jimmy Song 09072023 v1 pdf
Tuesday September 26, 2023 2:40pm - 3:10pm EDT
Virtual
  Istio Recipes

3:10pm EDT

Build Reliable Applications with Kubernetes and Istio Using Application Archetypes - Ameer Abbas & Steve McGhee, Google
Istio provides mechanisms for enabling a multi-cluster architecture, however, there is no guidance on how one should compose their platforms i.e. how many clusters, should they be zonal or regional, should they by team or my environment etc. This presentation introduces the concept of Application Archetypes which provides prescriptive guidance for how to compose multi-cluster platforms (with Kubernetes and Istio) based on application needs. These are abstract functional (and non functional) requirements that an application needs from its underlying platform. Examples could be cost-efficiency, reliability, RPO/RTO, resiliency etc. Thinking in terms of archetypes enables application and platform owners to create architecture patterns that specifically fit their needs. This presentation introduces four primary application archetypes (zonal, regional, multi-regional and global) with types of applications best suited for each. And how these can be accomplished with Kubernetes and Istio.
Speakers
avatar for Ameer Abbas

Ameer Abbas

Product Manager, Google
Ameer Abbas is a Google product manager focused on application modernization and cloud native platforms. He is also part of the Istio steering committee.
avatar for Steve McGhee

Steve McGhee

Reliability Advocate, Google
Steve was an SRE at Google for about 10 years, then left to help a company move to the Cloud. He's back at Google, helping more companies do that.

IstioCon2023 Archetypes for Reliable Systems.pptx pdf
Tuesday September 26, 2023 3:10pm - 3:40pm EDT
Virtual
  Istio Recipes

3:40pm EDT

Bridging the Gap: Gradual Istio Implementation for Your Platform - John Keates, Wehkamp Retail Group
If you choose to use a service mesh to implement common functionality for everyone, standardise on available features and apply constraints, the service owners running on your platform may have to change their code and configuration causing a lot of work and friction for everyone involved. You might also need to change your architecture, re-evaluate your policies and check workflows to see if they still work out.

Instead of implementing and activating everything at once, we multi-staged our Istio introduction which enables everyone to adopt and adapt at a reasonable pace. In this talk, John will share the learnings and steps that were taken along the way of this ongoing journey from building a minimal ingress control scenario all the way to a strict mutual-TLS, SPIFFE-authenticated and policy driven multi-mesh implementation. When working on your own service mesh, you can take some or all of the ingredients we used to make your own recipe for a slightly smoother implementation.
Speakers
avatar for John Keates

John Keates

Cloud Engineer, Wehkamp
John has experience thoughout the stack, from architecting cloud applications to helping business and technology teams communicate with eachother. He is passionate about open source and open communities where we can help and learn from eachother so our community and industry grows... Read More →

Bridging the Gap Gradual Istio v2 pdf
Tuesday September 26, 2023 3:40pm - 4:10pm EDT
Virtual
  Istio Recipes
  • TALK DELIVERY METHOD Pre-Record
  • Level Beginner
  • about John has experience thoughout the stack, from architecting cloud applications to helping business and technology teams communicate with eachother. He is passionate about open source and open communities where we can help and learn from eachother so our community and industry grows and benefits as a whole. At Wehkamp, he builds the internal microservices platform and helps teams embrace open source systems and standards.

4:10pm EDT

Traffic Dialling - Venkata Krishna Murthy Vadrevu & Nandan B N, Intuit
Virtual Services in Istio provide a way to control/split traffic towards multiple destinations. Traffic split across different versions of the same service is a typical solution to achieve canary or A/B rollouts. Additionally virtual Services allow routing to different other services. This can come handy in use cases like network abstraction that aims at decoupling applications from the platform. In network abstraction the clients need not be aware of where the service is running, or how many different parallel generations of a service exist simultaneously. It is possible to channelize, migrate or split traffic across these parallel service stacks without changing anything on the client side. Client could be, on a mobile, desktop, outside or within the service mesh. Additionally the client will never have to change the endpoint. This talk shows how Intuit built a network abstraction layer for both mesh and non mesh traffic using Istio’s virtual services.
Speakers
avatar for Nandan B N

Nandan B N

Senior Software Engineer, Intuit
Nandan is a Senior Software Engineer at Intuit. Currently working in Service Mesh team. He loves working on distributed systems and exploring new technologies.
avatar for Venkata Krishna Murthy Vadrevu

Venkata Krishna Murthy Vadrevu

Staff Engineer,, Intuit
Venkata works as staff engineer in the Service Mesh team at Intuit. Had a previous experience designing 5G core network products over service mesh. He loves to explore solutions that simplify things for the users. Spends his free time with family and kids.

Traffic Dialing At Scale pptx
Tuesday September 26, 2023 4:10pm - 4:40pm EDT
Virtual
  Istio Recipes

4:40pm EDT

SLATE: Globally Optimizing Request Routing - Aditya Prerepa & Gangmuk Lim, UIUC
Optimizing resource provisioning and performance in large, multi-cluster service meshes is difficult. Cluster schedulers/autoscalers assist, but a series of complementary problems lie at finer granularities after the containers have been provisioned: microbursts of requests, resource interference, tail latency in dependent services, high bandwidth cost.
IP networks have long developed techniques of optimizing these traffic flows - an area known as Traffic Engineering. We present an analogue at the Service level - Service-Layer Traffic Engineering (SLATE) - a system that automatically optimizes the flow of requests
in these service meshes. This system globally optimizes request routing, minimizing request latency & bandwidth cost based on administrator intent. We show that using methods like call graph and compute cost prediction, SLATE better reacts to sudden changes in service load, can prioritize certain requests over others through the mesh, and more.

Speakers
avatar for Aditya Prerepa

Aditya Prerepa

SWE @ Aviatrix & Undergrad @ UIUC, Aviatrix
Aditya is an Engineer @ Aviatrix and an Undergrad & Researcher at UIUC. He is an Istio networking mainatiner.
avatar for Gangmuk Lim

Gangmuk Lim

Phd Student, UIUC
Gangmuk Lim is a second year Ph.D. student in Computer Science at the University of Illinois Urbana-Champaign. Current active projects he is working on are optimizing application layer networking for microservice applications, reliable cluster management system, system for DNN tr... Read More →

Tuesday September 26, 2023 4:40pm - 4:55pm EDT
Virtual
  New Features

4:55pm EDT

Closing Remarks - Mitch Connors, Program Chair
Speakers
avatar for Mitch Connors

Mitch Connors

Sr. Principal Engineer, Aviatrix
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Tuesday September 26, 2023 4:55pm - 5:05pm EDT
Virtual
  Opening & Closing Remarks
 
Filter sessions
Apply filters to sessions.
Monday, September 25
Tuesday, September 26
Virtual
  • Breaks
  • Case Studies
  • ⚡Lightning Talks
  • Istio Recipes
  • Keynote Sessions
  • New Features
  • Opening & Closing Remarks
  • Project Updates
  • TALK DELIVERY METHOD
  • Live Virtual
  • Pre-Record
  • Level
  • Advanced
  • Any
  • Beginner
  • Intermediate