Virtual Event
May 4, 2021
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (CEST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Tuesday, May 4 • 16:15 - 16:55
Lightning Talk: The Hardest Part of Operating a Service Mesh: Envoy Proxy & Session: Service Identity - The Key to Zero Trust with Service Mesh

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
16:05-16:15 CEST
Lightning Talk: The Hardest Part of Operating a Service Mesh: Envoy Proxy - Christian Posta, Solo.io
Operating a service mesh in production has some pragmatic complexities with some contributed by Envoy’s underlying powerful feature set. Requests flow over the data plane proxies which means this is an important piece of technology to understand how to operationalize, debug, tune, and observe. In this talk, we share our experience at Solo.io supporting customers on Envoy-based technology both at the edge and in a mesh and share lessons learned such as: * understand which telemetry signals to watch for config sync issues, CPU, and memory pressure * enabling access logging and enhancing it with dynamic metadata * debugging connectivity issues with Envoy logs, metrics * tuning for cloud environments with keep-alive settings Attendees will leave with a better confidence of running Envoy-based service meshes such as Istio, Consul, Kuma, and OpenServiceMesh in production.

16:15-16:55 CEST
Service Identity - The Key to Zero Trust with Service Mesh - Matthew Bates & Joshua Van Leeuwen, Jetstack

Service mesh provides first class support for service identity, foundational to identity-based, Zero Trust security that is now of growing interest and importance in the enterprise. In this talk, Matt and Josh will explain the concepts of service identity, such as SPIFFE, and illustrate through example how the various mesh technologies are architected, as well as how they implement the principles of service identity to provide seamless mTLS between workloads. The talk will help Platform and Security teams as they think about identity for workloads, how it's used within the mesh and beyond, and importantly, how this may can interoperate with enterprise PKI infrastructure.


Matthew Bates

Jetstack, CTO
Matt’s background is in systems for the acquisition, management and exploitation of large-scale data. Since its launch, he has contributed widely to the Kubernetes project, both to the technology and to the ecosystem. , and now focuses his time on the cert-manager project at Jetstack... Read More →
avatar for Josh Van Leeuwen

Josh Van Leeuwen

Senior Software Engineer, Diagrid
I am a software engineer working at Diagrid. For the past 5 years I have worked on open source software in the Kubernetes ecosystem, including cert-manager and more recently Dapr. I’m most interested in securing distributed systems and workload identities.
avatar for Christian Posta

Christian Posta

VP, Global Field CTO, Solo.io
Christian Posta (@christianposta) is VP, Global Field CTO at Solo.io. He is the author of Istio in Action as well as many other books on cloud-native architecture and is well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor... Read More →

Tuesday May 4, 2021 16:15 - 16:55 CEST