Overview

IstioCon 2022 is the community conference for the industry’s most popular service mesh, Istio. Attend this year’s virtual event to connect with community members, experts, and maintainers across the globe to learn about security, running Istio in production, multi-tenancy, and much more. In addition to keynotes, use cases, sessions, roadmaps, and lightning talks, you’ll also find hands-on workshops. Learn more and register for free.

Request a Meeting

The Solo.io team of experts and engineers will be available for a demo and discuss how the Gloo portfolio can enable your application networking use cases for the Edge and Service Mesh.

Schedule

Solo.io is sponsoring IstioCon 2022 and we are excited to be presenting a keynote, several sessions, lightning talks and a hands-on workshop.

12:40 PM EST

Virtual

SESSION

External CA integration with Istio explained

Lin Sun

Director of Open-Source

Most organizations already have their PKI system in place before they adopt Istio or any service mesh. There are a few approaches in the Istio community, either plugging in your intermediate CA as secrets manually, or use the istio-csr open source project, or leverage Kubernetes CA or Kubernetes Certificate Signing Request (CSR) API. This talk dives into the few approaches out there in the service mesh community to tackle this challenge and the tradeoffs among them.

2:30 PM EST

Virtual

SESSION

Lessons Learned on Multi-tenancy Controls in Istio

Alex Ly

Field Engineer

Will McKinley

Field Engineer

Solo.io will provide an overview with key information of where Istio is today and where it is headed.

11:45 AM EST

Virtual

SESSION

What to expect when you install multiple Istio revisions in different namespaces?

Neeraj Poddar

Head of Engineering

Installing multiple Istio control plane revisions in different namespaces might be your first instinct to ensure better hygiene in production but you can run into unexpected challenges in doing so.

In this lightning talk, Neeraj will explore some of the hidden land mines that you might run into with this setup and how to best install and manage multiple Istio revisions safely in production.

3:10 PM EST

Virtual

SESSION

Building simplified service mesh API for developers

Lin Sun

Director of Open-Source

One of the key goals of service mesh is to decouple developers and operators so that developers can continue to focus on writing code for their services, while operators adds security, resilience, and policies to these services they manage. In the Istio community over the past few years, we have observed that customers such as AirBnb, Salesforce, eBay etc building out abstractions over Istio for their developers. This talk will introduce these abstractions, compare them, along with the thought process behind the service mesh API for developers built at Solo and AirBnb.

12:00 PM EST

Virtual

SESSION

Understanding the new Istio Telemetry API

Neeraj Poddar

Head of Engineering

We have introduced the new Telemetry API in v1.11 which provides a flexible and uniform way for configuring how telemetry is generated in the mesh. Since the initial release, we have made continuous improvements in functionality by adding support for various telemetry types and expanding to more providers. In this session, we will go over the motivations and use cases that drove the design of the new API and deep dive into the following aspects:

  • Inheritance and override semantics.
  • Provider selection and enabling multiple providers for any telemetry type.
  • How to easily add dimensions in Prometheus metrics, provide tracing configuration and filtering access logging at various scopes from mesh wide to a specific workload.

1:20 PM EST

Virtual

SESSION

Sidecarless with eBPF or sidecar with Envoy proxy?

Idit Levine

Founder and CEO

eBPF and service mesh both optimize the functionality around networking, observability, and security. Are they competing? Or complementary to each other? To what extent can eBPF play a role in a service mesh? How does the role of the service proxy change? In this talk, we will dig into the role of eBPF for a service mesh data plane and what are some of the tradeoffs in terms of features, resource overhead, feature isolation, security granularity and upgrade impact for various data-plane architectures: shared proxy vs shared proxy per node vs sidecar proxy vs shared proxy per service account etc.

3:00 PM EST

Virtual

SESSION

Testing Istio’s Virtual Machine integration locally with Calico

Nina Polshakova

Software Enginer

Istio provides native Virtual Machine integration for legacy applications which requires IP connectivity to the East/West gateway deployed in the mesh, and optionally connectivity to the pod networking for enhanced performance.

In production deployments, the communication between Kubernetes nodes and non-Kubernetes nodes are often handled with sophisticated techniques like VPC or VPN, but on a developer machine your Kubernetes nodes may be running in a simulated environment such as minikube, k3s or kind. It can be tricky to test this locally on a developer setup. How can you test calls from a Kubernetes service locally to and from a service on a VM without using LoadBalancer type Kubernetes services – using only Cluster-IP or Pod-IP?

In this session, I will talk about challenges you may face in a developer setup and how using the Calico Networking Plugin enables you to develop VM integrated meshes without LoadBalancer services in both single network and multi network environments.

3:50 PM EST

Virtual

SESSION

Virtualizing the Istio sidecar

Christian Posta

Global Field CTO

Istio derives a bulk of its power from Envoy proxy which gets deployed as a sidecar to a running application. However, sidecar deployments are not the only way to achieve service-mesh capabilities. In this talk we discuss the work we’ve been doing to “virtualize” the Istio sidecar for our users by giving options for sidecar, service-account, shared-node, and even remote proxies and micro proxies.

2:00 PM EST

Virtual

WORKSHOP

Multi-tenant Istio Service Mesh with Gloo Mesh

Adam Sayah

Engineer - API GW Service Mesh

Service mesh has emerged to solve the service-to-service communication challenges of microservices while presenting new opportunities for network traffic control, security, and observability.

Istio, the most popular service mesh technology, can also be used to secure cross cluster communication, but managing multiple Istio clusters can quickly become tedious, and raises new questions such as:

  • How should I deploy and manage the lifecycle of multiple Istio clusters?
  • Can my service meshes span across on-prem and cloud?
  • How can I allow multiple teams to share the same service meshes?
  • How can I set up global observability?

In this hands-on workshop, we will explore many Istio concepts (multi-cluster topologies, identity federation, authorization, and more) and demonstrate how Gloo Mesh can simplify the management of a complex heterogeneous service mesh with a particular focus on multi-tenancy.

Register for this Workshop

3:50 PM EST

Virtual

SESSION

A Field Guide for Safe Istio Upgrades

Ram Vennam

Lead Field Engineer

As a Field Engineer at Solo.io, the speaker helps organizations of all sizes install and upgrade Istio in production every day. What we already know is that there is no one-size-fits-all approach to perform upgrades. Enterprise platform owners and service owners maintain distinctive environments and Istio deployment models depending on their tenancy, security, and cost requirements. The varying risk tolerance for a potential downtime during an upgrade is another factor to consider. Developing a custom plan is often critical to address an organization’s unique architecture and constraints.

In this session, the speaker will outline the various upgrade strategies, their advantages and disadvantages, the gotchas that you need to watch out for, and most importantly – some best practices you can apply from day 1 to ensure successful upgrades in the future.

11:40 AM EST

Virtual

KEYNOTE

Istio Today and Tomorrow - 5 Important Things

Idit Levine

Founder and CEO

Brian Gracely

VP of Product Strategy

Solo.io will provide an overview with key information of where Istio is today and where it is headed.

1:20 PM EST

Virtual

SESSION

Join locally, learn globally

Nick Nellis

Field Engineer

Did you ever want to better understand how Istio enables some of its features such as mTLS, route manipulation or multi-cluster communication? With the help of istioctl you can look at how Istio configures Envoy and use that information to build your own local istio-proxy. Learning how Istio configures Envoy is not only good for debugging, but also enables you do more complex routing like secure multi-cluster communication. In this session, Nick will explain how you can configure a local istio-proxy to connect securely to a cloud based service mesh all the while explaining concepts like PKI, mTLS, east/west routing, and request/response transformations.