Solo.io at Kubehuddle Toronto
Join us at KubeHuddle 2023 in Toronto! KubeHuddle is a community conference where Developers, Platform Engineers, DevOps, SRE, Cloud Enthusiasts, Technical and Business Strategists come together to learn from each other, collaborate and, innovate.
We are proud to be a silver sponsor of the event. View the tracks and agenda on the Conference Website, check out one of our sessions listed below, or stop by and see us at booth #2.
We hope to see you there!
WORKSHOP: Getting Started with Istio
Speakers | Simon Green
Microservices can be complicated and difficult to manage. These complexities have given rise to a new solution called service mesh. This workshop explains how to get started with Istio by incrementally adopting Istio and observing the benefits that Istio service mesh brings to you. We will explore various functions and benefits that Istio provides to your organization.
WORKSHOP: Introduction to Cilium
Speakers | John Miller
Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration.
Room 1 (716)
Overview of SPIRE
Speakers | Peter Jausovec
Support for SPIRE (SPIFFE Runtime Environment), a production-ready implementation of SPIFFE, was introduced to Istio in 1.14. Thanks to Envoy’s SDS API, SPIRE can be configured as a source for issuing Istio workload identities. In addition to issuing strongly attested identities through a combination of different attestation mechanisms, SPIRE can also be integrated with existing PKIs, and allow the federation of different trust domains. These features offer support for diverse workload and node attestation options by using attributes from both the workloads and the nodes to create more granular identities compared to the traditional trust domain, Kubernetes namespace, and service account combination. To bring traditional VM workloads to the Istio service mesh, one must use Kubernetes concepts of namespaces and service accounts outside Kubernetes. With SPIRE, we can create identities based on the actual attributes of the VM workloads and the infrastructure they run on. Granular identities, extensibility in the form of plugins, and the ability to integrate with existing PKIs make SPIRE a powerful tool. In this talk, we’ll introduce the building blocks of SPIRE and look at several scenarios on how to integrate SPIRE into your multi-cluster and VM workload scenarios.
Room 2 (714)
Use eBPF and Grafana to Build a Kubernetes Service Graph in 10 Minutes
Speakers | Adam Sayah
Service Mesh technologies are tools that enhance the micro-services deployments by adding monitoring, security, and resiliency, often operating on top of Kubernetes and using a sidecar model where a proxy is deployed within each pod to add these cross-cutting concerns, though recently, we are seeing a new challenger to the sidecar approach emerging, the sidecarless approach based on the revolutionary eBPF technology that is pushing the boundaries further and enabling the service mesh features (like monitoring) at the network layer. In the following session we will build a service graph in Grafana to track the interactions between multiple Kubernetes services, using metrics generated by an eBPF program created using an open source project called Bumblebee.
Workshop Room (717A)
What Does Istio Ambient Mesh Mean For Your Wallet?
Speakers | Arka Bhattacharya
Istio is the most widely used service mesh platform in the world for large-scale production deployments. In September 2022, Google and Solo.io announced the release of the Istio Ambient Mesh to the community. Ambient offers a revolutionary data-plane architecture that allows service mesh users to ditch sidecars. It slashes operational complexity and enables incremental mesh adoption, all while reducing cost and computational overhead within a service mesh.
Injected sidecars can be replaced by two new components. First is a node-level zero-trust tunnel (ztunnel) that provides mTLS and Layer-4 capabilities. A service-account-level proxy called a waypoint leverages Envoy to deliver Layer-7 capabilities.
This talk will help you understand both the why and how of Istio Ambient Mesh. It includes a demo showcasing the new capabilities, including onboarding new services without sidecars and mixing Ambient with traditional sidecar-injected services. It will also provide pointers to further no-cost educational opportunities and user certification options.
Solo.io Featured Speakers
We are thrilled that so many Soloists will be speaking this year in Toronto! Be sure to check out their sessions or stop by our Booth to connect with them.
Just for Fun
Kubehuddle Pre-Show Happy Hour
7:00 PM - 10:00 PM
CRAFT Beer Market 1 Adelaide St East , Toronto, ON M5C 2V9
We Are Hiring!
We believe that great architecture is the key to successful software development. And we make this possible by building great teams. If you are passionate about cloud native technologies like containers, Kubernetes, Istio, Envoy Proxy, GraphQL, eBPF, serverless functions, and more, then Solo.io is the place for you!
Solo is growing rapidly and we’re hiring for a number of positions. Be sure to check out the Careers page on our website, or chat with us in person!