CNCF-hosted Co-located Events North America 2024

Confluent Cloud leverages Istio service mesh in its control plane to secure, observe and route traffic between microservices at scale processing millions of requests per second. In this case study we will explore how Istio service mesh was incrementally adopted at Confluent providing a uniform identity model using SPIRE and advanced observability using OpenTelemetry. We will go over our Istio adoption journey - from securing traffic using mTLS to advanced multi cluster routing and share our experiences running Istio at scale in production along with learnings to operationalize Istio for Day 2 operations.

This talk dives into how microservices architectures and Istio service mesh in Kubernetes empower developers to build scalable, resilient, and future-proof GenAI applications. We'll explore the challenges of running GenAI Application such as selecting the most suitable Large Language Model (LLM), leveraging effective embedding models, and deploying a robust vector database (DB), etc. We'll demonstrate how to overcome them using advanced Kubernetes strategies.

Key topics include:
• Discover how breaking down GenAI Application into microservices enhances flexibility, scalability, and maintainability.
• Learn how service mesh facilitates dynamic updates and changes to GenAI components without impacting user traffic.
• Showcase practical strategies for integrating these technologies in Kubernetes, supported by real-world examples like how to dynamically compose a GenAI application using different microservices, and how to change models or pipelines dynamically on Kubernetes.

Istio excels with microservices but implementing it as a service mesh for a newly containerized legacy monolith application comes with its own set of challenges. In this session, we will take you through our journey of migrating a monolithic application to Kubernetes, where Istio plays a crucial role as the service mesh. We'll delve into the intricacies of this migration, sharing the challenges we faced and the lessons we learned along the way. You'll gain insights into how we operate Istio service mesh in Adobe's Document Cloud and discover common yet critical pitfalls. Our discussion will cover issues ranging from scalability to upgrades, providing you with valuable knowledge to navigate similar migrations in your projects. By the end of this talk, you will have a clear understanding of the complexities involved and be better equipped to handle the transition of monolithic applications to Kubernetes using Istio.

Running a multicluster Service Mesh with 1000s of microservices has several challenges. One is to keep the Istio sidecar configuration minimal and thereby improve pod density.Istio has several knobs to fine-tune this and& many of those are unexplored & underutilized. Another challenge,sharded apps,where every shard needs tuning or it gets a bloated superset of configurations.In this talk,we will share the insights & technical breakthroughs from Intuit’s Service Mesh journey.We'll dive into how the `exportTo` configuration, in conjunction with Admiral's advanced identity management,enabled us to efficiently manage Istio resources across 300 clusters with remarkable cost savings. We will discuss strategic use of identity sharding & discovery selectors in multi-tenant API GW,highlighting resource management & optimized sidecar configuration.If you want to run a resource & cost-effective multicluster multitenant Istio deployment, this session provides practical guidance & valuable lessons.

Do you use JSON Web Tokens in your Istio system? Do you like how you can't revoke any of the JWTs that you use? Wish you could make a more secure system that allows you revoke a token across all your clusters within seconds without compromising all that you love about JWTs? Join my talk to learn about how to build an event based system that uses native Istio functionality to build a zero trust layer on top of Istio that enables token revocation when: - a user account is disabled - a user account logs off - (insert your use case) We will walk through all the pieces needed accomplish this, and of course a live demo.