Confluent Cloud leverages Istio service mesh in its control plane to secure, observe and route traffic between microservices at scale processing millions of requests per second. In this case study we will explore how Istio service mesh was incrementally adopted at Confluent providing a uniform identity model using SPIRE and advanced observability using OpenTelemetry. We will go over our Istio adoption journey - from securing traffic using mTLS to advanced multi cluster routing and share our experiences running Istio at scale in production along with learnings to operationalize Istio for Day 2 operations.
Neeraj Poddar is the VP of Engineering at Solo.io. He has worked on various aspects of operating systems, networking and distributed systems over the span of his career. He is a long term contributor and maintainer of the Istio project, a former Steering Committee member and currently... Read More →
This talk dives into how microservices architectures and Istio service mesh in Kubernetes empower developers to build scalable, resilient, and future-proof GenAI applications. We'll explore the challenges of running GenAI Application such as selecting the most suitable Large Language Model (LLM), leveraging effective embedding models, and deploying a robust vector database (DB), etc. We'll demonstrate how to overcome them using advanced Kubernetes strategies.
Key topics include: • Discover how breaking down GenAI Application into microservices enhances flexibility, scalability, and maintainability. • Learn how service mesh facilitates dynamic updates and changes to GenAI components without impacting user traffic. • Showcase practical strategies for integrating these technologies in Kubernetes, supported by real-world examples like how to dynamically compose a GenAI application using different microservices, and how to change models or pipelines dynamically on Kubernetes.
Iris Ding is a cloud software architect at Intel and has a rich background in open source development, cloud computing, Generative AI(GenAI), middleware development and design. Her current focus is intersection of GenAI and cloud computing and is leading development for Open Platform... Read More →
Lin is the Head of Open Source at Solo.io, contributing to open source full time. She is a CNCF TOC member and ambassador, an Istio core maintainer and leader. She is an international speaker in various tech conferences and blogs frequently about her perspective of service mesh and... Read More →
Istio excels with microservices but implementing it as a service mesh for a newly containerized legacy monolith application comes with its own set of challenges. In this session, we will take you through our journey of migrating a monolithic application to Kubernetes, where Istio plays a crucial role as the service mesh. We'll delve into the intricacies of this migration, sharing the challenges we faced and the lessons we learned along the way. You'll gain insights into how we operate Istio service mesh in Adobe's Document Cloud and discover common yet critical pitfalls. Our discussion will cover issues ranging from scalability to upgrades, providing you with valuable knowledge to navigate similar migrations in your projects. By the end of this talk, you will have a clear understanding of the complexities involved and be better equipped to handle the transition of monolithic applications to Kubernetes using Istio.
Edward is a Lead Cloud Engineer at Adobe in the Developer Platforms organization focusing on cloud infrastructure provisioning and service mesh implementations. His journey at Adobe started with the Macromedia acquisition, along the way contributing to multiple cloud-based services... Read More →
Rahul is a Senior Cloud Engineer at Adobe in the Developer Platforms organization focusing on cloud infrastructure provisioning and service mesh implementations.
Running a multicluster Service Mesh with 1000s of microservices has several challenges. One is to keep the Istio sidecar configuration minimal and thereby improve pod density.Istio has several knobs to fine-tune this and& many of those are unexplored & underutilized. Another challenge,sharded apps,where every shard needs tuning or it gets a bloated superset of configurations.In this talk,we will share the insights & technical breakthroughs from Intuit’s Service Mesh journey.We'll dive into how the `exportTo` configuration, in conjunction with Admiral's advanced identity management,enabled us to efficiently manage Istio resources across 300 clusters with remarkable cost savings. We will discuss strategic use of identity sharding & discovery selectors in multi-tenant API GW,highlighting resource management & optimized sidecar configuration.If you want to run a resource & cost-effective multicluster multitenant Istio deployment, this session provides practical guidance & valuable lessons.
Punakshi specializes in Service Mesh at Intuit. She has developed deep expertise in Identity and Access Management through her roles at Red Hat and HSBC. At Intuit, she enhances service mesh capabilities by customizing various Golang-based control and data plane components to ensure... Read More →
Do you use JSON Web Tokens in your Istio system? Do you like how you can't revoke any of the JWTs that you use? Wish you could make a more secure system that allows you revoke a token across all your clusters within seconds without compromising all that you love about JWTs? Join my talk to learn about how to build an event based system that uses native Istio functionality to build a zero trust layer on top of Istio that enables token revocation when: - a user account is disabled - a user account logs off - (insert your use case) We will walk through all the pieces needed accomplish this, and of course a live demo.
Josh Oberdick is a Platform Architect at Rocket Companies, the nation’s largest online mortgage lender. In his 14 years’ experience of infrastructure engineering, he has developed solutions for mission critical storage and processing systems. Most recently, he has been focused... Read More →