Shanghai, China
June 24–26, 2019
Click here for more information and registration

Simultaneous translation will be provided for all keynote and breakout sessions.

To view the Chinese version of this schedule please go here.

Venue + Sponsor Showcase Map
场馆 + 赞助商展示区地图

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

KC+CNC - Service Mesh [clear filter]
Tuesday, June 25


Network Observability with Envoy - Nic Jackson, HashiCorp
The service mesh is built from two components the data plane and the control plane. The data plane handles the traffic from your service and is responsible for securing traffic, reliability patterns and network observability. The control plane is responsible for managing the configuration of the data plane, service catalog, x509 certificates, and service to service authorization.

To effectively observe our system, we must understand the statistics emitted from these two components to build reliable and robust systems.

In this talk, we will take a deep dive into the statistics output by key features of Envoy when used as a service mesh data plane. We will investigate network listeners, reliability patterns like timeouts, service discovery, authentication and how we can leverage these statistics to build a rich picture of the health of our system.

avatar for Nic Jackson

Nic Jackson

Developer Advocate, Hashicorp
Nic Jackson is a developer advocate at HashiCorp and the author of “Building Microservices in Go” a book which examines the best patterns and practices for building microservices with the Go programming language. Additionally, Nic is writing “Vault in Action” with his co-author... Read More →

Tuesday June 25, 2019 11:00 - 11:35


Enhancing Envoy: Certificate Handling at the Edge - Brian Redbeard & Bill Decoste, Red Hat
For many users the nuances of SSL/TLS engines are fuzzy and differentiation is based on marketing terminology. To understand why some users desire (or require) the use of a specific public key infrastructure (PKI) toolkit we will analyze the work recently completed around adding support for OpenSSL to Envoy. In discussing this work we will outline how it enables cryptographic conformance with regulations like the United States Federal Information Processing Standard (FIPS) 140-2 and how it benefits the community at large.

Participants should have familiarity with proxy servers so that they can follow along with the presentation.


Brian Redbeard

Principal Product Manager, Red Hat
Brian 'redbeard' Harrington, is a Principal Product Manager at Red Hat. Previous to Red Hat he was the Chief Architect of the company CoreOS & before that served as the president of the non-profit HacDC. He is developer, hacker, and technical writer in the areas of open-source development... Read More →

Tuesday June 25, 2019 11:45 - 12:20


Using Istio to Manage the Cross-Regional & Cross-Cluster Microservices - Xi Ning Wang, Alibaba & Xiaozhong Liu, UniCareer
UniCareer is an E-Learning career development platform that targets various needs for global students and working professionals, and serving the users from several regions of the world. These applications are deployed at the multiple Kubernetes clusters running at Alibaba cloud's several regions to reduce the latency.

In order to manage efficiently these micro-services, one multicluster service mesh is required to control the traffic, secure the service-to-service communication, etc. Istio, a service mesh built on Kubernertes, can support many possible topologies for distributing the services of an application beyond a single cluster.

Throughout this case study, we'll share the design and techniques on multicluster deployments using Istio service mesh, and discuss some challenges and corresponding practices based on the requirements and the limitations of the underlying platform.

avatar for 王夕宁


Senior Technical Expert, Alibaba
Alibaba senior technical expert, Istio on Kubernetes technical leader, focusing on Docker, Kubernetes, Cloud Native, Service Mesh, cloud computing, IoT and other fields. Previously worked in the IBM R&D Center, as an architect and main developer responsible for or participated in... Read More →
avatar for 刘晓忠


Backend Architect, UniCareer
UniCareer architect, focusing on Docker, Kubernetes, Cloud Native, Service Mesh, Cloud Computing, and other fields. As an architect and main developer responsible for or participated in a series of work in the fields of Infrastructure, Devops Automation, Development Normalization... Read More →

Tuesday June 25, 2019 13:35 - 14:10


Upgrading Your Service Mesh to Linkerd 2 - Tilen Faganel, Open Credo ltd.
Service meshes are advancing at an incredible rate. And there’s no sign of it slowing down. Unfortunately sometimes that means breaking changes occur, which might make updates to the service mesh difficult and potentially disruptive. Particularly if you were an early adaptor.

Linkerd 2 was a major update. So big, in fact, most of everything about it changed. Upgrading an existing Linkerd 1 deployment can be pretty daunting, as we need to redesign our service mesh architecture and configuration. All while ensuring the upgrade is performed successfully, reliably and without major disruptions.

Come and join me as we will go through a journey of how we helped a client fully upgrade their service mesh from Linkerd 1. And how nobody noticed! We will explore the challenges and pitfalls of doing so, which can be applied to any upgrade of this caliber.

avatar for Tilen Faganel

Tilen Faganel

Senior Consultant, Open Credo ltd.
Tilen Faganel is a software engineer, consultant and architect focused on building efficient cloud-native architectures and solutions using various cloud technologies. His work consist of enabling enterprises of all sizes to transform and transition their workloads into the cloud... Read More →

Tuesday June 25, 2019 14:20 - 14:55


Running Resilient Workloads with Istio - Matt Turner, Tetrate
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn't really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.

The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn't magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.

In this talk I’ll show you how to:
- Identify app versions, deploy canaries and run A/B tests
- Set timeouts
- Configure retries, with exponential backoff
- Enforce rate limits
- Enable circuit breakers
- Inject faults for testing

I’ll also cover a couple of the big security features:
- Enabling mTLS
- Using service-to-service access control lists (RBAC)

avatar for Matt Turner

Matt Turner

Head of Platform, Ziglu
Matt is CTO at Native Wave, a company that designs, builds, and manages cloud-native platforms using the best open source software. Native Wave works with the whole business to re-architect and refactor applications to get the most from modern cloud technologies. Matt has been doing... Read More →

Tuesday June 25, 2019 15:05 - 15:40