Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Service Mesh [clear filter]
Tuesday, May 21


Istio, We Have a Problem! Understanding and Fixing Bugs with a Service-Mesh - David Gageot, Google
Istio, we have a problem! We've just deployed a shinny new set of micro-services and it behaves in a strange manner. Hard to say why with so many moving parts...

Let's leverage the newly installed service mesh to understand what we've deployed, find the root problem, fix it with a bandaid and then do a proper, non trivial, blue-green deployment of a v2.

That will involve the Service Graph, Prometheus monitoring, Grafana Dashboards, Traffic mirroring, all orchestrated in a simple manner by Istio.

avatar for David Gageot

David Gageot

Developer Advocate, Google
David is a Developer Advocate at Google Cloud.He's working on Containers Tools, especially on developer experience. He's a maintainer on Skaffold.Previously, he helped open the R&D office of Docker in Paris to work on Docker for Mac and Docker for Windows.

Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 A1


Istio New Workload Identity Provision Pipeline Based on Envoy SDS - Quanjie Lin & Diem Vu, Google
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:
1. Background topics like what is envoy SDS, the motivation why the
new system is introduced;
2. High level end-to-end architecture, deep dive into some design
decisions we made during development;
3. CNCF projects we leveraged during development (kubernetes,
envoy, helm, spiffe etc);
4. Real enterprise customers’ user cases that built on top of this new
system in production;
5. How to plug customer CA into the new system for your user case.

From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects.

[Note: I could demo if time allowed]


Diem Vu

Software Engineer, Google
Diem Vu is a software engineer at Google. He is currently working on Istio, leading the security policy area. Before joining Istio, he worked in Google shopping search for over 6 years. He earned his master degree from UCSD, and bachelor from Monash university.

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.

Tuesday May 21, 2019 11:55 - 12:30
Hall 8.1 G1


What WePay Learned From Processing Billions of Dollars on GKE Using Linkerd - Mohsen Rezaei, WePay
WePay processes billions of dollars worth of payments each year. As the number of services that process payment requests grow in WePay’s infrastructure, so does the challenge of monitoring, debugging, and tracing call paths and service internals that run on GKE.

This session focuses on how the Platform Infrastructure & Tools team at WePay utilized monitoring services like Prometheus and Grafana to migrate their ever growing infrastructure and all of their production traffic (REST and gRPC) to service mesh on top of Linkerd in 2018. In addition, we will show how we used Namerd to bring all services together using discovery, Linkerd to power the data plane where the payments are processed and parsed behind WePay’s payment APIs, and Prometheus and NewRelic to monitor all infrastructure services' and microservices' activities in our production environment.

avatar for Mohsen Rezaei

Mohsen Rezaei

Staff Software Engineer, WePay
Mohsen is a staff software engineer at WePay. While at WePay, he's worked on introducing some of the latest CNCF and Google Cloud technologies to WePay's infrastructure, including Kubernetes, Prometheus, and Linkerd, while contributing to some open source projects for improvements... Read More →

Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 F3


Istio Multi-Cluster Service Mesh Patterns Explained - Daniel Berg & Ram Vennam, IBM
This session will review the various multi-cluster service mesh deployment patterns that are available with Istio. We will explain the pros and cons of each approach to ensure that you have the information necessary to properly apply one or more of these patterns for your own needs. We will provide a demonstration to show how one would setup a multi-cluster Istio mesh using Kubernetes clusters. This session is a must see if you currently are, or considering, implementing a hybrid cloud solution. Even if you are not yet using a service mesh, this session will provide valuable information to help you on your own hybrid journey.

avatar for Daniel Berg

Daniel Berg

Distinguished Engineer, IBM
Daniel is an IBM Distinguished Engineer responsible for the container and service mesh technical strategy within IBM Cloud. He has direct responsibility for the technical architecture and delivery of the IBM Cloud Kubernetes Service providing managed Kubernetes clusters worldwide... Read More →
avatar for Ram Vennam

Ram Vennam

Product Manager for IBM Cloud and Istio, IBM
Ram Vennam is a Product Manager and Developer Advocate for IBM with deep experience in the landscape of web application technology. He has worked in a number of development roles at IBM, with his current focus being on IBM Cloud Kubernetes Service and Istio. He is passionate about... Read More →

Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 A1


Panel Discussion: Ask Us Anything: Microservices and Service Mesh - Lin Sun, IBM; Jason McGee, IBM; William Morgan, Buoyant; Zack Butcher, Tetrate; and Louis Ryan, Google
Have you heard the buzz around microservices and service mesh lately? With containers becoming the new standard to building microservice based applications for production, users are leveraging service mesh to solve common issues with routing, re-routing for graceful degradation as services fail, secure inter-service communication and rate limiting between services. Join us for a live interactive session where our panel of experts from IBM, Google, Lyft, Linkerd will address your most challenging inquiries around microservice and service mesh!

avatar for Lin Sun

Lin Sun

Senior Technical Staff Member, IBM
Lin has been working on container and cloud-native since 2014 from Docker to Kubernetes to Service Mesh. She is currently an Istio maintainer, a member of the Istio steering committee and technical oversight committee. She is passionate about new technologies and loves to play with... Read More →

avatar for Zack Butcher

Zack Butcher

Founding Engineer, Tetrate
Zack is core contributor @IstioMesh and a founding engineer at Tetrate. Prior to Tetrate, he worked at Google as one of the earliest engineers on Istio. Before that he worked on a variety of teams across Google Cloud Platform, focusing on authorization, policy, data retention, and... Read More →
avatar for Jason McGee

Jason McGee

IBM Fellow, VP and CTO, IBM Cloud Platform, IBM
Jason is currently responsible for the IBM Cloud’s platform services, including Kubernetes, Functions, Cloud Foundry, Kafka event streams, Logging, Monitoring, Container Registry, Schematics, Terraform and Activity Tracker. Jason is also responsible for the technical strategy and... Read More →
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist at MITRE... Read More →
avatar for Louis Ryan

Louis Ryan

Principal Software Engineer, Google
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Googles consumer facing APIs.

Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 C4
Wednesday, May 22


JustFootball’s Journey to gRPC + Linkerd in Production - Ben Lambert, JustFootball & Kevin Lingerfelt, Buoyant
Ben (Just Football) will talk about their journey with Kubernetes and microservices from the world of HTTP/1.1 to HTTP/2.0 and gRPC. He will talk about the reasons for moving, and the best practices Just Football adopted for using gRPC in production, including monitoring + design decisions and distribution of gRPC proto + clients. Kevin (Buoyant) will cover how Linkerd provides Just Football with observability and load balancing for their gRPC services. He'll also describe how the Linkerd project itself employs multiple gRPC features to facilitate robust communication between its control plane and its data plane.

avatar for Ben Lambert

Ben Lambert

CTO, Just Football
Ben Lambert is the CTO of Just Football. A Stockholm based startup creating a game to get more active and playing more football. Originally from the UK, Ben worked as a Senior Developer for BBC Sport, where he helped create a platform which enabled BBC Sport (and now most of the BBC... Read More →
avatar for Kevin Lingerfelt

Kevin Lingerfelt

Software Engineer, Buoyant
Kevin Lingerfelt is a software engineer at Buoyant and a core contributor to the Linkerd project, focusing mostly on the control plane, which is written in Go. Prior to working at Buoyant, Kevin was a senior staff software engineer at Twitter, working on infrastructure and decomposition... Read More →

Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 C4


Service Meshes: At What Cost? - Lee Calcote, Layer5 & Girish Ranganathan, SolarWinds
“What is the performance impact that a service mesh has?"

"What overhead does being on the mesh incur?”

By far, this is the most common questioned by engineers coming to with the value of functionality provided by a service mesh. Generally, this question goes unanswered.

We will share methodology and results of performance testing research done in collaboration with a university, through the lens an open source service mesh benchmark tool - a tool used to provide a common benchmark across service meshes (their control planes, like Istio) and modern proxies (their data planes, like Envoy).

Over 10 service meshes projects will be reviewed. In addition to performance, we’ll take an in-depth look at the landscape of service meshes, characterize and contrast their functionality as well as their data plane and control plane architectures.

avatar for Lee Calcote

Lee Calcote

Founder, Layer5
Lee Calcote is an innovative product and technology leader, passionate about developer platforms and management software for clouds, containers, functions and applications. Advanced and emerging technologies have been a consistent focus through Calcote’s tenure at SolarWinds, Seagate... Read More →
avatar for Girish Ranganathan

Girish Ranganathan

Chief Architect, Layer5
Girish is a software technologist who has played a pivotal role in architecting and developing a variety of large scale distributed systems on a range of platforms including microservices and serverless. He strongly believes that simple ideas can go a long way into building efficient... Read More →

Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 B1


Benefits of a Service Mesh When Integrating Kubernetes with Legacy Services - Stephan Fudeus & David Meder-Marouelli, 1&1 Mail & Media Development & Technology GmbH
Having Kubernetes for your service landscape is great. Having a service mesh technology inside is even better - but there are legacy services, too. Leveraging the benefits of a service mesh is possible even without migrating all your legacy services into your kubernetes cluster - you can integrate them into the mesh.

We'll give a brief overview of the properties and benefits of service meshes in general and specifically how they are configurable in Istio. Then we'll have a look at the expansion of the mesh to services outside of kubernetes. We'll go into how the expansion is done, what needs to be done in the legacy systems and what obstacles we had to overcome.
On a sidetrack we'll show a "service mesh light", a mechanism to make legacy services protected by IP ACLs accessible from your kubernetes cluster, without deploying a full fledged service mesh implementation.

avatar for Stephan Fudeus

Stephan Fudeus

Expert Continuous Delivery, 1&1 Mail & Media Development & Technology GmbH
Stephan Fudeus is an Evangelist for Continuous Delivery by title and a backend and infrastructure engineer by heart. He used to develop scalable multi-tenant applications for up to a million customers in a DevOps fashion for 14 years at 1&1 Internet and now is Product Owner and Technology... Read More →
avatar for David Meder-Marouelli

David Meder-Marouelli

Systems Architect, 1&1 Mail & Media Development & Technology GmbH
David Meder-Marouelli currently has the position of a systems architect with 1&1 Mail & Media, one of the largest E-Mail providers in Germany (including brands like GMX & WEB.DE). In this position he is responsible for all projects related to automation. After his PhD in physics and... Read More →

Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 D2


Building an Edge Control Plane with Kubernetes and Envoy - Flynn, Datawire
The Envoy proxy is fast becoming ubiquitous as the universal data plane API for cloud-native networking and communications. However, the power of Envoy comes at the cost of configuration complexity. In this talk, I’ll discuss what we learned from designing and implementing the Ambassador edge control plane for Envoy, built around the Kubernetes API and Envoy’s v2 configuration. I’ll talk about the evolution of Ambassador from a simple Envoy configuration engine built around Jinja2 templates and variable substitution to the more sophisticated, multi-pass, compiler-type architecture that is in use today. I’ll also discuss how engineers today are using Ambassador, the community that has developed around this project, and where we see the requirements and technology evolving.



Principal Software Engineer, Datawire
Flynn is a Principal Software Engineer at Datawire, where he leads development of Ambassador, an open-source Kubernetes-native API gateway meant to make Envoy accessible without needing to become an Envoy expert. Flynn's career in computing spans more than thirty years and runs... Read More →

Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 F3


Grow with Less Pains - Meshing From Monolith to Microservices - Leo LIang, Cruise Automation
This talk will walk you through the adventure, learnings and culture shift on how we evolve A high growth sartup architecture into microservice world; We used L5D, Consul, Nginx, Prometheus, and customized L5D plugins to build up the service mesh that is taking care of billions of request every day. The service mesh manages all traffic from edge to Inter-services and is working with a heterogeneous type of service nodes from EC2 box, ECS, K8S to Lambda. The flexibility, observability and stability enable the business and teams to move fast with confidence.

Content of the presentation will be from
1st https://goo.gl/cE5e6Y
2rd https://goo.gl/czHkex
3rd https://goo.gl/c2ucMu

avatar for LEO LIANG


Engineering manager, Cruise
Leo has 10+ years experience in high scale distributive system and worked for Microsoft, Amazon AWS, Twitter and a few startups as the role of Engineers and Engineering leaders. Main OpenSource project involvement: LInkerD contributor. Public Products: Amazon ELB -1/5 core engineers... Read More →

Wednesday May 22, 2019 15:55 - 16:30
Hall 8.0 F3


Securing Cloud Native Communication, From End User to Service - Daniel Bryant, Datawire & Nic Jackson, HashiCorp
Everyone building or operating cloud native applications must understand the fundamentals of security issues and modern threat models. Although this topic is vast, in this talk Nic and Daniel will focus on the end-to-end communication and higher-level networking threats, and explore how the combination of an edge proxy and service mesh using TLS and mTLS can be used to mitigate many man-in-the-middle attacks.

Key takeaways include:

- An understanding of the "three pillars" of service mesh functionality: observability, reliability, and security. A service mesh is in a unique place to enforce security features like mTLS
- Learn how to ensure that there are no exploitable "gaps" within the end-to-end/user-to-service communication path.
- Explore the differences in ingress/mesh control planes, with brief demonstrations using Ambassador and Consul Connect

avatar for Daniel Bryant

Daniel Bryant

Product Architect, Datawire
Daniel Bryant works as a Product Architect at Datawire. His technical expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a Java Champion, and contributes to several open source projects. He also writes for InfoQ, O’Reilly... Read More →
avatar for Nic Jackson

Nic Jackson

Developer Advocate, HashiCorp
Nic Jackson is a developer advocate at HashiCorp and the author of “Building Microservices in Go” a book which examines the best patterns and practices for building microservices with the Go programming language. Additionally, Nic is writing “Vault in Action” with his co-author... Read More →

Wednesday May 22, 2019 16:45 - 17:20
Hall 8.0 C2
Thursday, May 23


5 Simple Steps To Simplifying Your Compliance Journey With a Service Mesh – Granville Schmidt, Aspen Mesh
Building distributed systems is hard. Building distributed systems that are secure and compliant is even harder. A service mesh such as Istio can help solve engineering problems you’ll face when securing your services and complying with requirements found in GDPR, HIPAA, PCI-DSS and other standards and regulations. In this presentation, Granville will focus specifically on the security and compliance challenges that developers, operators and leaders face when building distributed systems in highly regulated industries; and show how to effectively leverage Istio to address them.

avatar for Granville Schmidt

Granville Schmidt

Site Reliability Lead, Aspen Mesh
Granville Schmidt is the Site Reliability Lead at Aspen Mesh, where he works at the intersection of site reliability, security, and compliance. He has served as an Information Security Officer, Chief Technology Officer, and Principal Architect. By day, you can likely find him building... Read More →

Thursday May 23, 2019 11:05 - 11:40
Hall 8.0 F3


Unblocking the Release Train with Istio Traffic Management - Dave Shepherd & Pierre Meunier, Wealth Wizards
Wealth Wizards employs a microservice architecture, with each service being actively developed.

As soon as a change is in the mainline it’s on the release train and any subsequent changes traditionally ended up in a queue. If that change has a delay, then all subsequent changes get stuck and then have to be released together.

There are many ways to try and avoid these problems, but one way is to stop items getting on the release train until it's ready.

Istio does many things, but the traffic management functionality is the key to this solution. It allows traffic to be routed to different versions of the same service. The Wealth Wizards implementation will route all traffic to the mainline or master version of a service by default. However, if the hostname includes a version prefix then it will route traffic to the corresponding version of the service, if it exists.


Pierre Meunier

Senior Platform Engineer, Wealth Wizards
Pierre is Senior Platform Engineer at Wealth Wizards. Having spent most of his early career in Development and Team Leading role, he now enjoys using his dev skills to focus on CI/CD pipelines, automation and operations. Wealth Wizards is a UK financial advice company, they are leading... Read More →

Dave Shepherd

Senior Platform Engineer, Wealth Wizards
Dave is Senior Platform Engineer at Wealth Wizards. Over his career he has transitioned from developing software to operational roles; allowing him to bring the things that developers do well to operational problems. Wealth Wizards is a UK financial advice company, they are leading... Read More →

Thursday May 23, 2019 11:55 - 12:30
Hall 8.0 C4


Dealing with the Pesky Path Parameter Problem: Service Profiles - Alex Leong, Buoyant
For platform owners and developers to truly grok their service behaviors in Kubernetes, they must understand their services in terms of actual request and responses by HTTP path. Unfortunately, a nearly unlimited number of unique potential paths tends to overwhelm time series capture, making it difficult to get a clear picture of service behaviors. In this talk I’ll introduce the concept of the Service Profile, a custom Kubernetes resource used by Linkerd. The service profile lets operators define permitted routes for the service with regular expressions, which allows Prometheus to scrape and aggregate service behaviors in a manageable way. It also allows operators to set detailed service behavior rules such as retries and timeouts that can be easily reproduced and monitored.

avatar for Alex Leong

Alex Leong

Software Engineer, Buoyant
Alex is one of the core maintainers of the Linkerd project, working on both the control plane and the data plane. Prior to working on Linkerd, he was a member of the API team at Twitter and worked on Twitter's migration from monolith to microservices. Alex has spoken at DevNet Create... Read More →

Thursday May 23, 2019 14:50 - 15:25
Hall 8.1 G1


Networking the Service Mesh Proxy: Where We Are, Where We’re Going - Tim Swanson & John Joyce, Cisco
Redirecting application traffic to/from a proxy and lifecycle management of proxy instances are common requirements for service mesh implementations. The traffic and lifecycle problems are, to a large extent, tied. Many ideas for flexibility and optimization are emerging from multiple communities. This talk will discuss the current approaches for networking application service instances with sidecar proxies including lifecycle management. It will cover those implemented by Istio & Linkerd (including the Istio CNI plugin) as well as other open projects solving the same or similar patterns.


John Joyce

Principal Engineer, Cisco
John is a principal engineer at Cisco responsible for developing cloud infrastructure and solutions. As part of the Cloud CTO Office, John currently focuses on contributing to the Kubernetes & Istio communities and building multicloud solutions. Previously, John was an active contributor... Read More →

Tim Swanson

Sr. Technical Leader, Cisco
Tim is a senior technical lead engineer at Cisco in the office of the CTO for Cloud Platform & Solutions. His current focuses are on multicloud solutions, service meshes, and contributing to related opensource communities—primarily, Network Service Mesh & Istio. Previously, Tim... Read More →

Thursday May 23, 2019 15:55 - 16:30
Hall 8.0 F3


Cross-Cluster Calls Made Easy with Istio 1.1 - Matt Turner, Tetrate
Despite the now-common practice of spinning up multiple clusters across multiple regions, cross-cluster communication between the services running in them is still a huge issue. We rarely bother, or when we do, it’s hard-coded at the application level. Holes are punched in our ingress. Traffic traverses the open internet with hand-crafted addresses, no observability, and one-way TLS.

Istio already helps communication within a cluster: adding layer 7 routing, automatic security and more. The new version 1.1 can now do that between clusters.

This talk will guide you through using Istio’s latest features to easily setup secure, resilient, cross-cluster communication. Matt will talk through the required config before showing a demo of an app seamlessly spanning Kubernetes clusters. The full config will be made available so you can head straight home and give it a go on your own systems!

avatar for Matt Turner

Matt Turner

Head of Platform, Ziglu
Matt is CTO at Native Wave, a company that designs, builds, and manages cloud-native platforms using the best open source software. Native Wave works with the whole business to re-architect and refactor applications to get the most from modern cloud technologies. Matt has been doing... Read More →

Thursday May 23, 2019 16:45 - 17:20
Hall 8.0 F3