Iris Ding is a cloud software architect at Intel and has a rich background in open source development, cloud computing, Generative AI(GenAI), middleware development and design. Her current focus is intersection of GenAI and cloud computing and is leading development for Open Platform... Read More →
Ambient mesh introduces a new service mesh architecture without sidecars, but more than that, it gives us a way of thinking about the mesh as a set of API-driven network capabilities, distinct from the infrastructure used as an implementation. What if your mesh was truly ambient - if it was available and functional anywhere you have a network? This talk will show the state of the art of making Istio’s implementation details - the ztunnel L4 secure overlay and the L7 waypoint proxy - vanish into the cloud infrastructure. We’ll cover our efforts to standardize Istio’s Ambient Mesh interfaces to allow alternative implementations that can leverage existing infrastructure, requiring fewer components, and less management overhead. We’ll imagine alternative waypoint proxy implementations, such as managed load balancers, and non-Envoy proxies, and we’ll discuss how adjacent projects like Cilium CNI are vanishing into the infrastructure, and how these parallel efforts align with one another.
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →
Justin works on Istio and service mesh at Google. Previously, he worked on Software Defined Networking, helping create the Open vSwitch and OVN projects, as well as the OpenFlow protocol. Prior to Google, Justin worked at four successful startups focused on network virtualization... Read More →
Confluent Cloud leverages Istio service mesh in its control plane to secure, observe and route traffic between microservices at scale processing millions of requests per second. In this case study we will explore how Istio service mesh was incrementally adopted at Confluent providing a uniform identity model using SPIRE and advanced observability using OpenTelemetry. We will go over our Istio adoption journey - from securing traffic using mTLS to advanced multi cluster routing and share our experiences running Istio at scale in production along with learnings to operationalize Istio for Day 2 operations.
Adam Sayah is Field Engineer at Solo.io, a company specializing in open source and enterprise software for application networking from the edge to service mesh. At Solo.io, Adam helps organizations build and operate robust cloud-native architecture. Prior to Solo.io, Adam held software... Read More →
Istio provides critical capabilities for managing microservices in Kubernetes, making application upgrades safer and easier with its traffic management features. However, upgrading the Istio control plane, especially with the safer blue-green deployment model, requires substantial manual effort. We started the sail-operator project to close that gap. Building on our product operator experience, we aim to create a community-first Istio operator. While installation is the core feature, we want to explore new ways of providing value, in ways that are unique to the operator concept. And our first focus is on improving usability around control plane upgrades. The presentation will include a live demo showcasing the 2 upgrade strategies supported: InPlace and RevisionBased. Whether managing a small cluster or a large-scale deployment, attendees will learn how sail-operator helps maintain stability and continuity in their service mesh, making Istio upgrades more manageable and less risky
Daniel is a Principal Software Engineer at Red Hat and an Istio maintainer. After wrestling with the challenges of distributed and microservice architectures throughout his career, Daniel joined Red Hat's Istio team in 2019 to solve the same problem set in the infrastructure layer... Read More →
With 15+ years of experience, I embarked on my cloud journey 8 years ago, transitioning from a QE role at NEC Iberica to a DevOps Engineer. Recently, I joined Red Hat as a QE for OpenShift Service Mesh, where my Istio journey continues. I gained hands-on Istio experience at NEC Iberica... Read More →
Do you use JSON Web Tokens in your Istio system? Do you like how you can't revoke any of the JWTs that you use? Wish you could make a more secure system that allows you revoke a token across all your clusters within seconds without compromising all that you love about JWTs? Join my talk to learn about how to build an event based system that uses native Istio functionality to build a zero trust layer on top of Istio that enables token revocation when: - a user account is disabled - a user account logs off - (insert your use case) We will walk through all the pieces needed accomplish this, and of course a live demo.
Josh Oberdick is a Platform Architect at Rocket Companies, the nation’s largest online mortgage lender. In his 14 years’ experience of infrastructure engineering, he has developed solutions for mission critical storage and processing systems. Most recently, he has been focused... Read More →
This talk dives into how microservices architectures and Istio service mesh in Kubernetes empower developers to build scalable, resilient, and future-proof GenAI applications. We'll explore the challenges of running GenAI Application such as selecting the most suitable Large Language Model (LLM), leveraging effective embedding models, and deploying a robust vector database (DB), etc. We'll demonstrate how to overcome them using advanced Kubernetes strategies.
Key topics include: • Discover how breaking down GenAI Application into microservices enhances flexibility, scalability, and maintainability. • Learn how service mesh facilitates dynamic updates and changes to GenAI components without impacting user traffic. • Showcase practical strategies for integrating these technologies in Kubernetes, supported by real-world examples like how to dynamically compose a GenAI application using different microservices, and how to change models or pipelines dynamically on Kubernetes.
Iris Ding is a cloud software architect at Intel and has a rich background in open source development, cloud computing, Generative AI(GenAI), middleware development and design. Her current focus is intersection of GenAI and cloud computing and is leading development for Open Platform... Read More →
Lin is the Head of Open Source at Solo.io, contributing to open source full time. She is a CNCF TOC member and ambassador, an Istio core maintainer and leader. She is an international speaker in various tech conferences and blogs frequently about her perspective of service mesh and... Read More →
Istio excels with microservices but implementing it as a service mesh for a newly containerized legacy monolith application comes with its own set of challenges. In this session, we will take you through our journey of migrating a monolithic application to Kubernetes, where Istio plays a crucial role as the service mesh. We'll delve into the intricacies of this migration, sharing the challenges we faced and the lessons we learned along the way. You'll gain insights into how we operate Istio service mesh in Adobe's Document Cloud and discover common yet critical pitfalls. Our discussion will cover issues ranging from scalability to upgrades, providing you with valuable knowledge to navigate similar migrations in your projects. By the end of this talk, you will have a clear understanding of the complexities involved and be better equipped to handle the transition of monolithic applications to Kubernetes using Istio.
Edward is a Lead Cloud Engineer at Adobe in the Developer Platforms organization focusing on cloud infrastructure provisioning and service mesh implementations. His journey at Adobe started with the Macromedia acquisition, along the way contributing to multiple cloud-based services... Read More →
Rahul is a Senior Cloud Engineer at Adobe in the Developer Platforms organization focusing on cloud infrastructure provisioning and service mesh implementations.
In the most recent Gartner hype cycle for API reports, service mesh has been placed in the "trough of disillusionment", signaling that that the hype for the technology is not where it once was. Come hear from members of the Istio Technical Oversight Committee discuss their perspective on this classification and why the best days of service mesh are still ahead of us.
Iris Ding is a cloud software architect at Intel and has a rich background in open source development, cloud computing, Generative AI(GenAI), middleware development and design. Her current focus is intersection of GenAI and cloud computing and is leading development for Open Platform... Read More →
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →
Lin is the Head of Open Source at Solo.io, contributing to open source full time. She is a CNCF TOC member and ambassador, an Istio core maintainer and leader. She is an international speaker in various tech conferences and blogs frequently about her perspective of service mesh and... Read More →
Running a multicluster Service Mesh with 1000s of microservices has several challenges. One is to keep the Istio sidecar configuration minimal and thereby improve pod density.Istio has several knobs to fine-tune this and& many of those are unexplored & underutilized. Another challenge,sharded apps,where every shard needs tuning or it gets a bloated superset of configurations.In this talk,we will share the insights & technical breakthroughs from Intuit’s Service Mesh journey.We'll dive into how the `exportTo` configuration, in conjunction with Admiral's advanced identity management,enabled us to efficiently manage Istio resources across 300 clusters with remarkable cost savings. We will discuss strategic use of identity sharding & discovery selectors in multi-tenant API GW,highlighting resource management & optimized sidecar configuration.If you want to run a resource & cost-effective multicluster multitenant Istio deployment, this session provides practical guidance & valuable lessons.
Punakshi specializes in Service Mesh at Intuit. She has developed deep expertise in Identity and Access Management through her roles at Red Hat and HSBC. At Intuit, she enhances service mesh capabilities by customizing various Golang-based control and data plane components to ensure... Read More →
Iris Ding is a cloud software architect at Intel and has a rich background in open source development, cloud computing, Generative AI(GenAI), middleware development and design. Her current focus is intersection of GenAI and cloud computing and is leading development for Open Platform... Read More →