Loading…
Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, November 17
 

10:00am EST

Opening Remarks - Marco Palladino, Kong
Speakers
avatar for Marco Palladino

Marco Palladino

Kong Inc, Co-founder and CTO
Marco Palladino is an inventor, software developer and Internet entrepreneur based in San Francisco, California. He is the co-founder and CTO of Kong, the most widely adopted open source API platform. Besides being a core maintainer, Marco is currently responsible for the design and... Read More →



Tuesday November 17, 2020 10:00am - 10:10am EST
Virtual

10:15am EST

Service Mesh - The New Single Point of Failure - Mitch Connors, Google, Sabeen Syed, HashiCorp & Thomas Rampelberg, Buoyant
Interested in knowing why your favorite service mesh was implemented that way? Architecture decisions have real user impact. When building a service mesh, it is possible to fall into a trap of choosing implementation that is easier to build but makes it difficult to operate in the real world. While service meshes enable new levels of resiliency for users’ applications, they suffer from a chicken and egg problem: How do you build a resilient and scalable service mesh without having a service mesh to rely on?
Maintainers of Istio, Linkerd2 and Consul will walk through tradeoffs the projects have made during implementation and the impact on users. Topics will include:
  • Why it is important to verify environments before installation.
  • How to build a service mesh which can be safely upgraded.
  • What regular security updates mean for upgrades.
  • How to give users the same stability for config changes as they require for code changes
  • What to do when the mesh breaks.
  • Why the division of responsibility is important.

Speakers
avatar for Sabeen Syed

Sabeen Syed

Senior Engineering Manager, HashiCorp
Sabeen Syed is a Senior Engineering Manager at HashiCorp, working on the Consul Service Mesh and Consul API Tooling teams. She enjoys cultivating and nourishing teams to enable taking products and processes from ideas to execution. She has spoken at a number of conferences and meetups... Read More →
avatar for Thomas Rampelberg

Thomas Rampelberg

Software Engineer, Buoyant
Thomas Rampelberg is a Software Engineer at Buoyant Inc. He has made a career of building infrastructure software that allows developers and operators to focus on what is important to them. He is a contributor to Linkerd and has been maintaining Kubernetes applications at scale and... Read More →
avatar for Mitch Connors

Mitch Connors

Software Engineer, Google
Mitch Connors is a Software Engineer at Google where he works on Istio. Over the past 15 years, Mitch has worked at F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the needs of Enterprise Software Developers. This experience... Read More →



Tuesday November 17, 2020 10:15am - 11:00am EST
Virtual

11:05am EST

Taking Service Mesh a Step Further with WebAssembly - Christian Posta, Solo.io
WebAssembly (WASM) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable target for compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications. Wasm support in Envoy means that that opens up new possibilities in customizing service meshes built on Envoy with modules that modify the behavior of the sidecar proxy in any language. The possibilities are endless and in this talk we will explain: - The state of Wasm in Envoy and how it works - Demonstrate the developer experience in building, sharing, and deploying modules - Demonstrate a range of modules types and the kind of behavior it can customize in the sidecar proxy

Speakers
avatar for Christian Posta

Christian Posta

Global Field CTO, solo.io
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger... Read More →



Tuesday November 17, 2020 11:05am - 11:50am EST
Virtual

11:55am EST

Break
Tuesday November 17, 2020 11:55am - 12:20pm EST
Virtual

12:25pm EST

Multi-Cluster & Multi-Cloud Service Mesh with CNCF’s Kuma and Envoy - Marco Palladino, Kong
Learn how to run a distributed Envoy-based service mesh on multiple Kubernetes clusters and multiple clouds in just a few steps with Kuma, a CNCF project. In this session, we'll be firing up Kubernetes clusters in multiple regions to demonstrate how we can secure, route, connect and observe service connectivity in a distributed service mesh.   In this session, we will learn to:  - Use Kuma’s multi-zone deployment to spin up a multi-cluster and multi-region service mesh. - Leverage the global/remote control separation to scale reliability with HA.  - Use the built-in service discovery and ingress capability for out of the box service connectivity across multiple zones, clusters and regions.  - Use Kuma’s policy to determine the behavior of traffic across different clusters, like Traffic Route, mTLS, Traffic Permission and so on.  

Speakers
avatar for Marco Palladino

Marco Palladino

Kong Inc, Co-founder and CTO
Marco Palladino is an inventor, software developer and Internet entrepreneur based in San Francisco, California. He is the co-founder and CTO of Kong, the most widely adopted open source API platform. Besides being a core maintainer, Marco is currently responsible for the design and... Read More →



Tuesday November 17, 2020 12:25pm - 12:45pm EST
Virtual

12:50pm EST

Istio Service Mesh Simplified Beyond a Single Cluster - Lin Sun, IBM & Sven Mawson, Google
We have made numerous improvements to the Istio project over the past year to simplify the experience for users and operators in a single cluster. This year we have been focusing on improving the experience beyond a single cluster, simplifying multicluster deployment by merging the replicated control plane and shared control plane patterns. Within this unified multicluster pattern, users can choose a control plane and network topology based on their business needs and requirements. We have also been simplifying Istio's usage beyond containers, making it easier for users to securely onboard VMs into the service mesh. In this talk, we will be demoing the new and improved experience for using Istio with multiple clusters and expanding the mesh to VMs.

Speakers
avatar for Sven Mawson

Sven Mawson

Principal Engineer, Google
Sven is one of the founders of Istio, the open source Service Mesh, and he is a Principal Engineer at Google. He joined Google in 2006, and has spent the past 10+ years working on several generations of Google's API and Service Management platforms, beginning with the AtomPub-based... Read More →
avatar for Lin Sun

Lin Sun

Senior Technical Staff Member, IBM
Lin has been working on container and cloud-native since 2014 from Docker to Kubernetes to Service Mesh. She is currently an Istio maintainer, a member of the Istio steering committee and technical oversight committee. She is passionate about new technologies and loves to play with... Read More →



Tuesday November 17, 2020 12:50pm - 1:35pm EST
Virtual

1:40pm EST

How the DoD Use Istio for End-to-End Encryption and Authentication - Zack Butcher, Tetrate & Jeff McCoy, Platform One
Security remains one of the primary drivers behind service mesh adoption today. We’ll describe why and how Platform One is using a service mesh - Istio - to provide both encryption in transit as well as end-user authentication via SSO for applications across the Department of Defense. We’ll dig into the practical challenges involved in deploying the Istio ecosystem’s authservice, which implements Envoy’s external auth API to provide SSO, and the design considerations that went into making the system incredibly simple for application teams running on Platform One to consume. Finally, we’ll briefly introduce an upcoming NIST IR covering the usage of a service mesh to provide authentication and authorization for applications.

Speakers
avatar for Zack Butcher

Zack Butcher

Tetrate, Founding Engineer
Zack is a Founding Engineer at Tetrate and helps drive product today. He was one of the earliest engineers on the Istio project at Google, and currently sits as a community elected representative on the project's Steering Committee. He's written Istio: Up and Running as well as worked... Read More →
avatar for Jeff McCoy

Jeff McCoy

CTO, DoD Platform One



Tuesday November 17, 2020 1:40pm - 2:25pm EST
Virtual

2:30pm EST

Break
Tuesday November 17, 2020 2:30pm - 2:45pm EST
Virtual

2:50pm EST

Service Mesh use cases for Telco and Edge - Kunal Shukla & Prajakta Joshi, Google
Service Mesh is a key paradigm for Telco, 5G and Edge. In this session, the speakers deep dive into how Service Mesh delivers technical and business value for use cases like: - Service Mesh for modern service ops for Telco - Service Mesh for managing heterogeneous environments with container and openstack/VM services - Service Mesh for 5G Core service based architecture - Telco Security - Consistent service management across multi-cloud and Edge - Extending the experience of Cloud to the Edge The speakers also describe some of the new capabilities that are needed in service mesh for these use cases and the road ahead.

Speakers
avatar for Prajakta Joshi

Prajakta Joshi

Group PM, Cloud Networking, Telco and Edge, Google
Prajakta is Group PM in Google Cloud leading Cloud Networking, Telco and Edge. In this role, she manages a broad product portfolio spanning areas of Cloud Load Balancing, Content Delivery, modern application networking/service mesh, gRPC, Telco modernization, and 5G/4G Edge Computing... Read More →
avatar for Kunal Shukla

Kunal Shukla

Key Account Executive, Google
Kunal Shukla is the Key Account Executive at Google Cloud focusing in Telecommunication, Media , Entertainment and Gaming vertical for select strategic accounts. Kunal is responsible for sales, business and technology strategy for key customers across 5G/Edge, Telco/IT Cloud, AI/ML... Read More →



Tuesday November 17, 2020 2:50pm - 3:35pm EST
Virtual

3:40pm EST

Multi(Control Plane/Network/Mesh)??: A Practical MultiCluster Deployment - Nicholas Nellis & Vikas Choudhary, Tetrate
While Working with several traditional customers spanning defense, finance, etc., we found that the service mesh multicluster models that exist today are completely unusable from an enterprise point of view. They are designed with the network administrator in mind, focusing on how to connect two clusters, and not on how developers across teams like to consume the services exposed by other teams. The multicluster models that app teams want, turned out to be dramatically simpler than the ones out there today. This talk discusses our experiences working with these teams, our learnings from how they built out an API-centric multicluster model and what we as a community of (mostly) infrastructure developers should do to better support the application teams

Speakers
avatar for Nicholas Nellis

Nicholas Nellis

Software Engineer, Tetrate
I enjoy working on the latest and greatest cloud technology. Currently working to improve multi cluster application management using service mesh!
avatar for Vikas Choudhary

Vikas Choudhary

Software Engineer, Tetrate
Vikas has been contributing code in the virtualisation and cloud computing domain since 2013. SDN networking to OpenStack to Docker to Kubernetes to ServiceMesh.Currently he is focussed on Istio/Service Mesh to solve some hard problems in the application networking space.



Tuesday November 17, 2020 3:40pm - 4:25pm EST
Virtual

4:30pm EST

L7mp: A Multiprotocol Service Mesh for Legacy Applications - Gábor Rétvári, Budapest University of Technology and Economics (BME)
The service mesh is too cool to keep it HTTP-only! Despite the increasing use of HTTP as a common application transport protocol, there are tons of legacy non-HTTP applications that would greatly benefit from the traffic management and monitoring capabilities provided by a service mesh. Primary examples are anything that runs on top of UDP or SCTP, including telco apps, VPN, IoT, video-gaming, or DNS. Currently, these applications are left behind by the cloud-native community. Taking a real telco media-plane use case as demonstrator, this talk makes the case for l7mp, a joint industry-academy effort to build a service mesh prototype with first-class support for legacy applications. L7mp aspires to serve as an incubator project to experiment with radically new service mesh designs and features, including full multi-protocol support, programmable protocol L7 parsing, native stream-management, and kernel-based offload for sidecar proxy acceleration. 

Speakers
avatar for Gábor Rétvári

Gábor Rétvári

Budapest University of Technology and Economics (BME)
Gábor Rétvári is an Associate Professor at BME, Hungary, and a Senior Researcher at Ericsson.  As an academic scholar he coauthored 70+ scientific papers, among them a recent paper on the intersection of software-defined networks (SDN) and service meshes. He is leading the joint... Read More →



Tuesday November 17, 2020 4:30pm - 4:40pm EST
Virtual

4:40pm EST

Confident Canary Deployment to Production With Istio - Raju Dawadi, Oyster
The session covers covers the production use case of Oyster Financial on using Istio service mesh for handling traffic. The testing in non-production environment and rolling out to live users was not effective for fintech product where the usage is critical. Also, due to the inconsistent in third party, there was need to test traffic in live environment for internal user and that has to be for selective or all services.  The usage of Istio feature on routing traffic based on header as well as percentage rollout was used effectively which has made deployment to Prod0 seamless. Also measuring the performance as well as real use case test of newer version helped in providing a good end user experience for evolving fintech startup in Mexico.  But the management complexity rises when number of services increases and there are too may configs to be managed. Combination of helm helped a lot throughout the process.

Speakers
avatar for Raju Dawadi

Raju Dawadi

Site Reliability Engineer, Oyster Financial
Raju, a Google Developer Expert(GDE) in Cloud Platform is a DevOps enthusiast and is currently diving into SRE(Site Reliability Engineering) along with building DevOps and Cloud Native community in Kathmandu, Nepal. He enjoys learning, implementing & sharing experiences over cloud... Read More →



Tuesday November 17, 2020 4:40pm - 4:50pm EST
Virtual

4:50pm EST

Service Mesh Security in a Nutshell - Venil Noronha & Manish Chugtu, VMware, Inc.
Security is one of the greatest challenges in the cloud-native world today. Service meshes promise several benefits including better connectivity, and observability, and most importantly security. Securing a cloud-native service involves securing it at several levels i.e. at the perimeter (ingress/egress gateways), when accessing other services, when persisting data, when processing requests, etc., and using a service mesh one can address several of these issues in a consistent and maintainable manner.  In this talk, we will present some of the key patterns that one can use for securing cloud-native services when working with north-south and east-west traffic. We will talk about available TLS choices (passthrough, mTLS, etc.), AuthN/AuthZ constructs, JWT support, and extension mechanisms within Envoy/Istio that you can leverage for building customized policy frameworks. We will also discuss application security in the context of multi-cluster service mesh deployments. Come join us!

Speakers
avatar for Manish Chugtu

Manish Chugtu

Enterprise Technologist, Strategy and Innovation, VMware
Manish is an innovative thought leader with 20+ years of experience in architecture, design and product development with extensive experience in architecting and developing highly scalable enterprise solutions. Currently as “Enterprise Technologist - Strategy, Community and Innovation... Read More →
avatar for Venil Noronha

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.
Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →



Tuesday November 17, 2020 4:50pm - 5:00pm EST
Virtual

5:15pm EST

Break
Tuesday November 17, 2020 5:15pm - 5:30pm EST
Virtual

5:35pm EST

Running Machine Learning Workloads on a Service Mesh
Data security is one of the key pillars to ensure successful operationalization of machine learning workloads. A service mesh can help build capabilities around mTLS, authorization checks combined with some other goodies to add security, resilience and observability to existing services and applications. JupyterHub is one of the most popular open source tools of choice for teams running machine learning environments. There has been a lot of demand in the community to add support for running JupyterHub with a service mesh on Kubernetes. This talk would cover the journey of adding Istio ServiceMesh support to JupyterHub, the roadblocks, the troubleshooting journey and how Istio makes operating and securing machine learning workloads easier despite the heterogeneous nature of tools that the data scientists use. This combined with network policies and other security best practices for running workloads on Kubernetes makes for a great operational and usability combo.

Speakers
avatar for Harsimran Singh Maan

Harsimran Singh Maan

Engineer, Splunk



Tuesday November 17, 2020 5:35pm - 6:20pm EST
Virtual

6:25pm EST

Wrap Up of Sessions & Panel Discussion Louis Ryan, Prajakta Joshi, Google & Thomas Pampelberg, Buoyant
Speakers
avatar for Prajakta Joshi

Prajakta Joshi

Group PM, Cloud Networking, Telco and Edge, Google
Prajakta is Group PM in Google Cloud leading Cloud Networking, Telco and Edge. In this role, she manages a broad product portfolio spanning areas of Cloud Load Balancing, Content Delivery, modern application networking/service mesh, gRPC, Telco modernization, and 5G/4G Edge Computing... Read More →
avatar for Thomas Rampelberg

Thomas Rampelberg

Software Engineer, Buoyant
Thomas Rampelberg is a Software Engineer at Buoyant Inc. He has made a career of building infrastructure software that allows developers and operators to focus on what is important to them. He is a contributor to Linkerd and has been maintaining Kubernetes applications at scale and... Read More →
avatar for Louis Ryan

Louis Ryan

Principle Engineer, Google
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Googles consumer facing APIs.



Tuesday November 17, 2020 6:25pm - 6:55pm EST
Virtual
 
  • Timezone
  • Filter By Venue Virtual
  • Filter By Type
  • Break
  • General Session
  • Lightning Talk
  • Session Presentation
  • Sponsored Session