ServiceMeshCon Europe 2022

Zero-config is one of Linkerd's claims to fame: for (most) Kubernetes apps, adding Linkerd doesn't require user config, even if the app uses arbitrary TCP protocols which Linkerd must proxy in a fully transparent manner. The use of protocol detection automatically determines the protocol based on the data on the connection. Linkerd maintainer Kevin Leimkuhler will describe the mechanics of how Linkerd's protocol detection works, covering the strengths and weaknesses of the current implementation, including so-called server-speaks-first protocols and why they need to be handled differently. He'll also cover how the implementation has evolved over the years as Linkerd adoption has grown to encompass even more types of applications and protocols, including the introduction of "skip ports" and "opaque ports". Finally, attendees will learn how opaque ports are implemented in the proxy using ALPN, and how Linkerd is still able to provide mTLS and golden metrics for this type of traffic.

Click here to view captioning/translation in the MeetingPlay platform!

Still trying to understand how to best gauge the performance of your cloud native infrastructure? Confused as to whether self-published, performance benchmarks are trustworthy or simply biased marketing in disguise? Measurement data may not provide a clear and simple picture of how well those applications are performing from a business point of view, a characteristic desired in metrics that are used as key performance indicators. Behold MeshMark: a performance index that provides you with the ability to weigh the value vs overhead of your cloud native environment. Convert performance measurements into insights about the value of individual, cloud native application networking functions. Join us as we distill a variety of microarchitecture performance signals and application key performance indicators into a simple scale. Explore the other side of the performance measurement coin: value measurement.

Click here to view captioning/translation in the MeetingPlay platform!

GitOps has become a valuable approach to manage configuration for applications and infrastructure. Having a source of truth that can be automated, auditable, and is easy to understand is increasingly important when expanding to many deployments. However, enabling multi-cluster capabilities typically presents new challenges: not every cluster is the same, context is important, and managing every lower- level configuration across multiple environments can get cumbersome (and dangerous) quickly. This talk will focus on a specific example where multi-cluster GitOps is difficult: application-networking and security with service mesh. The goal is for platform teams to provide the right point of demarcation with abstractions that focus on the intent, while abstracting away the translation and orchestration of lower-level config (mesh-specific API resources in this case). We share our experiences building these abstractions with some of the largest deployments of service mesh in the world.

Click here to view captioning/translation in the MeetingPlay platform!

GraphQL is redefining the way that developers interact with APIs, putting application clients in control of the data they consume and placing new requirements on the platforms hosting these APIs. Understanding when to write code and when to let the platform do the work is a critical tradeoff to understand as you scale GraphQL adoption. In this talk, Kevin and Sai will share experience building GraphQL support directly into Envoy to support edge gateway and service mesh use cases. They will cover common deployment patterns, GraphQL-specific implications to security and policy controls, instrumenting existing mesh services (REST, gRPC, SOAP, Lambda) with GraphQL, and the benefits and tradeoffs between declarative and programmatic approaches to GraphQL composition. This will be a hands-on session with live demos and real talk, focused on patterns of adoption to easily implement GraphQL at scale. If you are a developer or platform engineer deploying GraphQL in your service mesh, this talk is for you!

Click here to view captioning/translation in the MeetingPlay platform!

Service meshes offer a breadth of benefits from securing to adding reliability to gaining visibility into your applications. However, as you start to scale your environment and start onboarding different teams or applications into the mesh you run into challenges of tenant isolation in terms of configuration management, resource consumption and security. In this session, Christian will present how to securely operate and run a multi-tenant mesh in production using the primitives available from service mesh like Istio. You will also learn how to take these concepts from a single cluster to multi cluster environment and successfully run applications across different clusters in a multi tenant unified service mesh.

Click here to view captioning/translation in the MeetingPlay platform!

Lightning Talk #1: 
How to build a Service Mesh without Sidecars using eBPF & Cilium - Thomas Graf, Isovalent

eBPF is a powerful Linux kernel technology that is used in several CNCF projects to provide faster networking, new security applications, and deeper observability. In this talk, we explore how eBPF, using the Cilium project, allows you to build a service mesh entirely without sidecars while still relying on proven Envoy proxy technology. We will look at how moving service mesh functionality into the kernel using eBPF leads to massive performance gains and simplification of the overall model while remaining compatible with existing control planes. Service mesh will become invisible at the kernel level similar to how namespaces, the foundation of containers, are invisible today. The sidecar-free model unlocks a simpler architecture, performance gains, scalability advantages, and even more transparency to applications. Together, we will look at the new architecture, compare performance numbers, and run through a demo.

Lightning Talk #2:
Clearing the confusion about eBPF and service mesh - Yuval Kohavi, Solo.io

eBPF is an exciting technology that allows developers to extend the capabilities of the Linux Kernel without modifying the Kernel itself. Getting access to powerful Kernel capabilities can be extremely powerful, especially in networking, but what is the responsibility of this layer when it comes to service mesh? In this talk we discuss the importance of separation of layers, where eBPF fits for service mesh (and where it doesn't), and how to best optimize the service mesh architecture and experience for the real problems users have: security, observability, flexible policy enforcement, and overall traffic management.

Click here to view captioning/translation in the MeetingPlay platform!