SlideShare a Scribd company logo

Cilium + Istio with Gloo Mesh

Christian Posta
Christian Posta

The document discusses Cilium and Istio with Gloo Mesh. It provides an overview of Gloo Mesh, an enterprise service mesh for multi-cluster, cross-cluster and hybrid environments based on upstream Istio. Gloo Mesh focuses on ease of use, powerful best practices built in, security, and extensibility. It allows for consistent API for multi-cluster north-south and east-west policy, team tenancy with service mesh as a service, and driving everything through GitOps.

Technology
1 of 40
Download to read offline
Cilium and Istio with Gloo Mesh
2 | Copyright © 2020 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta Istio in Action (March 2022) https://www.manning.com/books/istio-in-action Discount Code: SOLOIO41 Shortlink: mng.bz/06Wl
3 | Copyright © 2020 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe The industry’s leading Cloud-native Application Networking company. Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 500+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Company Overview Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 3 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
4 | Copyright © 2020 Gloo Application Networking Platform Manage APIs Data Access Gloo Gateway API Gateway Gloo Mesh Microservices, Security, Observability Gloo Network Kubernetes CNI, Network Policy
5 | Copyright © 2020
6 | Copyright © 2020 6 | Copyright © 2020 Problem
7 | Copyright © 2020 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
8 | Copyright © 2020 What is application networking?
9 | Copyright © 2020 Previous solutions to these problems
10 | Copyright © 2020 Previous solutions to these problems
11 | Copyright © 2020 11 | Copyright © 2020 Push enforcement points down to application
12 | Copyright © 2020 What is application networking?
13 | Copyright © 2020 What is application networking?
14 | Copyright © 2020 Service Mesh Technologies Provide the Following L4 & L7 Observability Traffic Encryption / L7 Identity L4 & L7 Policies [Canary, RBAC, ….]
15 | Copyright © 2020 15 | Copyright © 2020 Demo
16 | Copyright © 2020 What you must build to run service mesh in production? Istio Service Mesh Security | Compliance FIPS-140 Authentication Cert-Mgmt Rate-Limiting API Gateway Failover Routing Global Service Discovery Integrate Observability Routing | Traffic Mgmt Topologies | API | UI | Extensibility Multi-Cluster Multi-Tenant Web Assembly UI / Higher-level API
17 | Copyright © 2020 https://www.solo.io/products/gloo-mesh/ Enterprise Service Mesh for multi-cluster, cross-cluster and hybrid environments based on upstream Istio
18 | Copyright © 2020 https://www.solo.io/products/gloo-mesh/ Gloo Mesh Enterprise • Enterprise Istio for single cluster, multi-cluster and multi-platform configuration. • Focus on ease of us, powerful best practices built in, security, and extensibility. Installation, upgrade, takeover and hybrid lifecycle Production and long-terms support (LTS, N-4) with patches and hotfixes for validated upstream Istio Delegate ownership of configuration and policy by persona, including: developers, SREs, and admins Discovery services running across multiple clusters, clouds, VMs Operational visibility with a single pane of glass across multiple service mesh clusters Cross-cluster failover and locality aware routing Support multiple teams owning their own resources across multiple clusters End to end security across clusters and meshes for zero trust networks, integrate with PKI, CA/RA, etc Istio Support Istio Lifecycle (2.1) Global Failover Routing Multi Tenancy API Gateway Global Service Discovery Unified Observability Zero-Trust Security
19 | Copyright © 2020 User Clusters Public cloud Compliance / DMZ
20 | Copyright © 2020 Consistent API for multi-cluster N/S and E/W Policy
21 | Copyright © 2020 Gloo API Gateway
22 | Copyright © 2020 Team Tenancy (Service Mesh as a Service) ● Tenancy ● Dependency ● More flexible API ● Hierarchy ● Unified NS/EW
23 | Copyright © 2020 Drive everything through GitOps!
24 | Copyright © 2020 24 | Copyright © 2020 Demo
25 | Copyright © 2020 Gloo Application Networking Platform Manage APIs Data Access Gloo Gateway API Gateway Gloo Mesh Microservices, Security, Observability Gloo Network Kubernetes CNI, Network Policy
26 | Copyright © 2020 Kernel-level observability Security controls Advanced L3/L4/L7 Network Policy Container networking / CNI / Overlay built on eBPF!
27 | Copyright © 2020 Cilium: Cloud Networking Overlay
28 | Copyright © 2020 Flexible: Executes custom logic in the Linux kernel. Safe: BPF code is verified to not crash/hang kernel. Fast: JIT-compiled to run at native speed. Humble origins: BPF Berkeley Packet Filter $ tcpdump -n dst host 192.168.1.1 What is eBPF?
29 | Copyright © 2020 with strong safety guarantees and native kernel performance “Function-as-a-Service” for kernel events Execution Stack in the Kernel submit_bio submit_bh() journal_submit_commit_record() jbd2_journal_commit_transaction() mb_cache_list() BPF Hook BPF Program Source Code bpf() syscall llvm / clang Verifier + JIT compiler What is eBPF?
30 | Copyright © 2020 30 | Copyright © 2020 What about conflicting policy at different layers? (demo maybe?)
31 | Copyright © 2020 Consistent Networking Policies
32 | Copyright © 2020
33 | Copyright © 2020 33 | Copyright © 2020 Demo
34 | Copyright © 2020 34 | Copyright © 2020 Recap
35 | Copyright © 2020
36 | Copyright © 2020 Cloud Native Stack ANY KUBERNETES (CLUSTERS) VMs eBPF WASM GLOO NETWORKING | CILIUM ENVOY PROXY ISTIO GLOO MESH GLOO GATEWAY GLOO PORTAL EXT. AUTH RATE LIMITING GRAPHQL XSLT (SOAP-REST) ANY CLOUD Gloo Application Networking Platform
37 | Copyright © 2020 Learn More!! Free Workshops and Certifications ● Envoy Proxy ● Istio ● Cilium ● eBPF ● On demand ● Instructor led ● Service mesh ● Modern API gateway ● eBPF Solo Academy 1 2 https://www.solo.io/events/upcoming / https://www.solo.io/solo-academy/
38 | Copyright © 2020 We are hiring! https://www.solo.io/company/careers/
39 | Copyright © 2020 Solo.io global presence
40 | Copyright © 2020 • https://solo.io • https://solo.io/blog • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io

Recommended

Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Thomas Graf
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
Bob Killen
 
Argocd up and running
Argocd up and runningArgocd up and running
Argocd up and running
Raphaël PINSON
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application StackTerraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
cilium-public.pdf
cilium-public.pdfcilium-public.pdf
cilium-public.pdf
Sanjeev Rampal
 

Recommended

Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Thomas Graf
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
Bob Killen
 
Argocd up and running
Argocd up and runningArgocd up and running
Argocd up and running
Raphaël PINSON
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application StackTerraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
cilium-public.pdf
cilium-public.pdfcilium-public.pdf
cilium-public.pdf
Sanjeev Rampal
 
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
Preferred Networks
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
Akihiro Suda
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
Michal Rostecki
 
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
Raphaël PINSON
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Kubernetes Deployment Strategies
Kubernetes Deployment StrategiesKubernetes Deployment Strategies
Kubernetes Deployment Strategies
Abdennour TM
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF Workshop
Michael Kehoe
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
Bob Killen
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtcYahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo!デベロッパーネットワーク
 
Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best Practices
Ajeet Singh Raina
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
Motonori Shindo
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 

More Related Content

What's hot

わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
Preferred Networks
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
Akihiro Suda
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
Michal Rostecki
 
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
Raphaël PINSON
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Kubernetes Deployment Strategies
Kubernetes Deployment StrategiesKubernetes Deployment Strategies
Kubernetes Deployment Strategies
Abdennour TM
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF Workshop
Michael Kehoe
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
Bob Killen
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtcYahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo!デベロッパーネットワーク
 
Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best Practices
Ajeet Singh Raina
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
Motonori Shindo
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 

What's hot (20)

わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
わかる!metadata.managedFields / Kubernetes Meetup Tokyo 48
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdfKCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
 
Kubernetes Deployment Strategies
Kubernetes Deployment StrategiesKubernetes Deployment Strategies
Kubernetes Deployment Strategies
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF Workshop
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtcYahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
Yahoo! JAPANのIaaSを支えるKubernetesクラスタ、アップデート自動化への挑戦 #yjtc
 
Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best Practices
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 

Similar to Cilium + Istio with Gloo Mesh

Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
prune1
 
INTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservicesINTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservices
apidays
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
Rohit Agarwalla
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right Network
Cisco Canada
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
Codemotion
 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
Hitachi, Ltd. OSS Solution Center.
 
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
Robb Boyd
 
Putting microservices on a diet with istio
Putting microservices on a diet with istioPutting microservices on a diet with istio
Putting microservices on a diet with istio
QAware GmbH
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
Hitachi, Ltd. OSS Solution Center.
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
All Things Open
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
Kai Wähner
 
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
Gaël Blondelle
 

Similar to Cilium + Istio with Gloo Mesh (20)

Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
 
INTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservicesINTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservices
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right Network
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
 
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
 
Putting microservices on a diet with istio
Putting microservices on a diet with istioPutting microservices on a diet with istio
Putting microservices on a diet with istio
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
2019.02 Eclipse Foundation and Eclipse IoT presentation at Eclipse IoT Day Gr...
 

More from Christian Posta

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
Christian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
Christian Posta
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
Christian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
Christian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
Christian Posta
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
Christian Posta
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
Christian Posta
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
Christian Posta
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
Christian Posta
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
Christian Posta
 

More from Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
 

Recently uploaded

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 

Cilium + Istio with Gloo Mesh

  • 1. Cilium and Istio with Gloo Mesh
  • 2. 2 | Copyright © 2020 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta Istio in Action (March 2022) https://www.manning.com/books/istio-in-action Discount Code: SOLOIO41 Shortlink: mng.bz/06Wl
  • 3. 3 | Copyright © 2020 Idit Levine Founding API gateway WG-Istio Christian Posta Founding community member, Istio Steering Committee, author Istio in Action Lin Sun Founding Istio project maintainer, Technical Oversight Committee (TOC), Steering Committee Neeraj Poddar Istio Steering and TOC member. Co-founded Istio Product Security Working Group Yuval Kohavi Renowned security researcher, Founding API Gateway WG-Istio, Contributor Envoy Ram Vennam Founding Istio Steering Committee member Nick Nellis First to run Istio in production, current contributor and maintainer Solo Istio/Envoy Community Leadership Founded in 2017 by Idit Levine Based in Cambridge, MA with multiple locations around the globe The industry’s leading Cloud-native Application Networking company. Open-Core, “Enterprise” Subscription model Growing fast with happy customers Well Funded 500+% bookings growth y/y 98%+ renewal rate $171.5M venture financing $1 Billion valuation Company Overview Gloo Application Networking Platform Simplify your application networking with unified control, reliability, observability, extensibility, and security 3 | Copyright © 2022 Greg Hanson Founding Istio Maintainer, Product Security WG Lead, Istio Release Manager
  • 4. 4 | Copyright © 2020 Gloo Application Networking Platform Manage APIs Data Access Gloo Gateway API Gateway Gloo Mesh Microservices, Security, Observability Gloo Network Kubernetes CNI, Network Policy
  • 5. 5 | Copyright © 2020
  • 6. 6 | Copyright © 2020 6 | Copyright © 2020 Problem
  • 7. 7 | Copyright © 2020 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
  • 8. 8 | Copyright © 2020 What is application networking?
  • 9. 9 | Copyright © 2020 Previous solutions to these problems
  • 10. 10 | Copyright © 2020 Previous solutions to these problems
  • 11. 11 | Copyright © 2020 11 | Copyright © 2020 Push enforcement points down to application
  • 12. 12 | Copyright © 2020 What is application networking?
  • 13. 13 | Copyright © 2020 What is application networking?
  • 14. 14 | Copyright © 2020 Service Mesh Technologies Provide the Following L4 & L7 Observability Traffic Encryption / L7 Identity L4 & L7 Policies [Canary, RBAC, ….]
  • 15. 15 | Copyright © 2020 15 | Copyright © 2020 Demo
  • 16. 16 | Copyright © 2020 What you must build to run service mesh in production? Istio Service Mesh Security | Compliance FIPS-140 Authentication Cert-Mgmt Rate-Limiting API Gateway Failover Routing Global Service Discovery Integrate Observability Routing | Traffic Mgmt Topologies | API | UI | Extensibility Multi-Cluster Multi-Tenant Web Assembly UI / Higher-level API
  • 17. 17 | Copyright © 2020 https://www.solo.io/products/gloo-mesh/ Enterprise Service Mesh for multi-cluster, cross-cluster and hybrid environments based on upstream Istio
  • 18. 18 | Copyright © 2020 https://www.solo.io/products/gloo-mesh/ Gloo Mesh Enterprise • Enterprise Istio for single cluster, multi-cluster and multi-platform configuration. • Focus on ease of us, powerful best practices built in, security, and extensibility. Installation, upgrade, takeover and hybrid lifecycle Production and long-terms support (LTS, N-4) with patches and hotfixes for validated upstream Istio Delegate ownership of configuration and policy by persona, including: developers, SREs, and admins Discovery services running across multiple clusters, clouds, VMs Operational visibility with a single pane of glass across multiple service mesh clusters Cross-cluster failover and locality aware routing Support multiple teams owning their own resources across multiple clusters End to end security across clusters and meshes for zero trust networks, integrate with PKI, CA/RA, etc Istio Support Istio Lifecycle (2.1) Global Failover Routing Multi Tenancy API Gateway Global Service Discovery Unified Observability Zero-Trust Security
  • 19. 19 | Copyright © 2020 User Clusters Public cloud Compliance / DMZ
  • 20. 20 | Copyright © 2020 Consistent API for multi-cluster N/S and E/W Policy
  • 21. 21 | Copyright © 2020 Gloo API Gateway
  • 22. 22 | Copyright © 2020 Team Tenancy (Service Mesh as a Service) ● Tenancy ● Dependency ● More flexible API ● Hierarchy ● Unified NS/EW
  • 23. 23 | Copyright © 2020 Drive everything through GitOps!
  • 24. 24 | Copyright © 2020 24 | Copyright © 2020 Demo
  • 25. 25 | Copyright © 2020 Gloo Application Networking Platform Manage APIs Data Access Gloo Gateway API Gateway Gloo Mesh Microservices, Security, Observability Gloo Network Kubernetes CNI, Network Policy
  • 26. 26 | Copyright © 2020 Kernel-level observability Security controls Advanced L3/L4/L7 Network Policy Container networking / CNI / Overlay built on eBPF!
  • 27. 27 | Copyright © 2020 Cilium: Cloud Networking Overlay
  • 28. 28 | Copyright © 2020 Flexible: Executes custom logic in the Linux kernel. Safe: BPF code is verified to not crash/hang kernel. Fast: JIT-compiled to run at native speed. Humble origins: BPF Berkeley Packet Filter $ tcpdump -n dst host 192.168.1.1 What is eBPF?
  • 29. 29 | Copyright © 2020 with strong safety guarantees and native kernel performance “Function-as-a-Service” for kernel events Execution Stack in the Kernel submit_bio submit_bh() journal_submit_commit_record() jbd2_journal_commit_transaction() mb_cache_list() BPF Hook BPF Program Source Code bpf() syscall llvm / clang Verifier + JIT compiler What is eBPF?
  • 30. 30 | Copyright © 2020 30 | Copyright © 2020 What about conflicting policy at different layers? (demo maybe?)
  • 31. 31 | Copyright © 2020 Consistent Networking Policies
  • 32. 32 | Copyright © 2020
  • 33. 33 | Copyright © 2020 33 | Copyright © 2020 Demo
  • 34. 34 | Copyright © 2020 34 | Copyright © 2020 Recap
  • 35. 35 | Copyright © 2020
  • 36. 36 | Copyright © 2020 Cloud Native Stack ANY KUBERNETES (CLUSTERS) VMs eBPF WASM GLOO NETWORKING | CILIUM ENVOY PROXY ISTIO GLOO MESH GLOO GATEWAY GLOO PORTAL EXT. AUTH RATE LIMITING GRAPHQL XSLT (SOAP-REST) ANY CLOUD Gloo Application Networking Platform
  • 37. 37 | Copyright © 2020 Learn More!! Free Workshops and Certifications ● Envoy Proxy ● Istio ● Cilium ● eBPF ● On demand ● Instructor led ● Service mesh ● Modern API gateway ● eBPF Solo Academy 1 2 https://www.solo.io/events/upcoming / https://www.solo.io/solo-academy/
  • 38. 38 | Copyright © 2020 We are hiring! https://www.solo.io/company/careers/
  • 39. 39 | Copyright © 2020 Solo.io global presence
  • 40. 40 | Copyright © 2020 • https://solo.io • https://solo.io/blog • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io