EnvoyCon 2020: Full Schedule

All talks are pre-recorded and will play as scheduled with live speaker Q+A following the presentation. Sessions will not be available on-demand in Hopin but will be uploaded to the CNCF YouTube channel by early November.

7:45am PDT

Let's make envoy extensions easy!

Historically, Envoy extensibility hasn't been very rich and easy for developers to consume or add to. For example: compared against Nginx, which has a rich set of lua and openresty based extensions, Envoy has fewer even though it's more extensible by design. But now, new tooling makes it easier for developers and end-users to build, test, run, and consume extensions to envoy deployments at the edge or in the cloud in a safe and secure manner. WebAssembly and the open-source GetEnvoy extension toolkit from getenvoy.io will help organizations integrate Envoy with existing infrastructure (e.g., authorization, authentication, logging). Now is the time for devs to join the ever-growing Envoy community as the Wasm extensibility brings Rust, Go, and C++ devs all into the fold. To do justice to these cool technologies, we need to have a great developer experience for actively writing, testing, publishing, and consuming these extensions and that's what we aspire for as a community together.

Speakers

Varun Talwar

Founder and CEO, Tetrate

Thursday October 15, 2020 7:45am - 7:50am PDT

Sponsored Talk

7:50am PDT

The Road to Adopting Envoy at Red Hat

This talk will cover Red Hat’s journey in adopting Envoy as a core component of OpenShift and other products within the cloud-native ecosystem. This journey starts before we adopted Envoy through our earlier work on the OpenShift route concept for supporting Kubernetes Ingress. Through our work with the Istio Service Mesh we were introduced to Envoy and its benefits, working on modifications such as the integration of the OpenSSL cryptographic library to satisfy our FIPS requirements. Thanks to the success of this experience we are now increasing our adoption with its use within our eventing and API management products as well as investigating other areas where it could prove to be fruitful.
Join Principal Product Manager Jamie Longmuir to learn more about these efforts and the reasons behind Red Hat’s expanding commitment to Envoy and its community.

Speakers

Jamie Longmuir

Principal Product Manager, Red Hat

Jamie is the Principal Product Manager at Red Hat for OpenShift Service Mesh, which is built on top of Istio and Envoy. Prior to joining Red Hat, he spent 6 years at Lightbend(formerly Typesafe) helping customers solve distributed system challenges using the Akka toolkit. Before Lightbend... Read More →

Thursday October 15, 2020 7:50am - 7:55am PDT
Virtual

Sponsored Talk

7:55am PDT

COVID API Hub: an Envoy Production Use Case

The COVID API Hub project was launched in April 2020 by the Grey Matter team as a way to consolidate and democratize COVID-19 datasets across the web. Using Grey Matter’s Envoy-based sidecar, the project now serves over 2 million requests daily. This talk is about our experience of using Envoy at scale - lessons learned along the way, witnessing the resilience mechanisms at work in the production environment, and our plans moving forward.

Speakers

Kaitlin Moreno

Software Developer, Grey Matter

Kait Moreno is a multi-disciplinary artist turned software developer. She currently works at Greymatter.io (Decipher Technology Studios) as a core engineer on the product team. Most recently, Kait lead the effort to build Covid API Hub, a service that consolidates covid-19 data sources across the web... Read More →

Thursday October 15, 2020 7:55am - 8:00am PDT
Virtual

Sponsored Talk

8:00am PDT

How Tinder implemented Envoy global rate limiting at scale

Tinder recently completed a migration to Envoy based service mesh in their Kubernetes based infrastructure. A big win was moving rate limiting logic out of the application and into the network layer by leveraging Envoy's powerful global rate limiting capabilities. Previously implementations relied on home-grown code inside the application or features built into proxies like Nginx — which were difficult to maintain and did not offer the configurability and observability of Envoy. This talk covers how Envoy global rate limiting works at Tinder, how we migrated to it, and what steps were taken to ensure it performs at scale. We'll also discuss the unique rate limiting features available in Envoy, how to configure it and how we extended upon it.

Speakers

Yuki Sawa

Engineering Manager, Tinder

Yuki is a Software Engineer at Tinder on the Cloud Infrastructure team. There he drives the adoption of Envoy, building an xDS control plane that integrates with Kubernetes and implementing a full featured service mesh platform. He also contributes to various open source projects... Read More →

envoycon2020 slides final pdf

Thursday October 15, 2020 8:00am - 8:10am PDT
Virtual

End User Track

8:00am PDT

Using VPP as Envoy's Network Stack

Vector Packet Processing (VPP), part of fd.io, is a high performance, layer 2-7 scalable and multi-platform user space networking stack. Typical VPP use cases include, amongst others, deployments as a vSwitch/Router, Firewall, Load Balancer and TCP Proxy. This talk will discuss how some of the recent socket layer API changes can be leveraged to cleanly integrate Envoy with VPP's socket layer, the VPP Comms Library (VCL), and some of the potential benefits thereof.

Speakers

Florin Coras

Technical Lead, Cisco

Florin Coras is a Technical Lead in the Intent Based Networking Group at Cisco where he focuses on user space host stacks, network virtualization and programmable overlays. He has contributed to a number of open source projects including FD.io, EnvoyProxy and OpenDaylight. He is a... Read More →

Thursday October 15, 2020 8:00am - 8:10am PDT
Virtual

Envoy Internal Track

8:10am PDT

Multiplex tcp requests through Envoy HTTP/2 stack

This talk will go over the recent update of HTTP/2 CONNECT support in Envoy. Envoy not only can terminate or proxy an H2 CONNECT, but also proxy the raw tcp plain text request in establish H2 CONNECT. In this talk, Yuchen will also go through the on going efforts to optimize the CONNECT dispatch. With these efforts, Yuchen will demonstrate istio sidecar proxy(which is literally Envoy) tunnels http requests and raw tcp requests into HTTP2, multiplexed in one TLS/TCP connection as if the request is directly established by application.

Speakers

Yuchen Dai

Software Engineer, Google

Building istio on top of envoy and making envoy a better dataplane.

Thursday October 15, 2020 8:10am - 8:20am PDT
Virtual

End User Track

8:10am PDT

Support Arm64 platform in Envoy

Envoy Arm64 will be released from 1.16.0. In this LT Lizan will discuss about the effort to make Envoy officially support Arm64 based Linux. This includes some code / test change caused by different endian / memory layout and compiler defaults, how we identified these problems, and how we built CI infrastructure.

Speakers

Lizan Zhou

Founding Engineer, Tetrate

Lizan Zhou is a Founding Engineer at Tetrate leading mesh backend team. He is a senior maintainer of Envoy and one of the core contributors of Istio. Previously he was working at Google Cloud, during his time at Google he worked on security and networking on Istio and Cloud Endpoints... Read More →

Thursday October 15, 2020 8:10am - 8:20am PDT
Virtual

Envoy Internal Track

8:20am PDT

Creating request buffering filters for edge devices

We are developing a proxy for edge devices that work on an unstable network. Using custom envoy-filters.This session will speak how to manage request data when changed network interfaces and network statuses.

Our proxy use cases on the following lines:

1: Run applications that do not suppose in an unstable network onto vehicles. Even if the network is unstable, misaki-proxy buffers the request in a queue. So that the application does not need to add retransmission processing.

2: Upload large files only when vehicles are connected to a WiFi network. 3G/4G network is more expensive than WiFi. Therefore, only with WiFi can you be able to request large amounts of data. You can set the type of network you want to use for each destination domain.

Speakers

Seiichi Koizumi

Manager, Denso

Tomoya Amachi

CEO, GOODWITH LLC.,

Open Source developer

Thursday October 15, 2020 8:20am - 8:30am PDT
Virtual

End User Track

8:20am PDT

Incrementally Building Incremental

This talk walks through the development process of incremental xDS lead by Alec Holmes and Joshua Rutherford inside the open source repository “envoyproxy/go-control-plane” . It touches on differences between SOTW and Incremental xDS, implementation hurdles tackled when building out the new protocol, and design changes in the pre-existing codebase needed to build out Incremental. Alec will lay out the remaining goals, and discuss the next steps for the repository.

Speakers

Alec Holmes

Software Engineer, greymatter.io

My name is Alec Holmes, I'm a core engineer at Greymatter.io working on our product and love growing the Envoy project. I'm actively maintaining go-control-plane and deeply enjoy experiencing world wide collaboration in the Envoy ecosystem . Talk to me about anything! I love Go, xDS... Read More →

Thursday October 15, 2020 8:20am - 8:30am PDT
Virtual

Envoy Internal Track

8:30am PDT

xDS Support in gRPC

The xDS APIs originated as Envoy’s control plane APIs, but they are evolving toward a Universal Data Plane API (UDPA) that can be used to configure any data plane client. gRPC is the first non-Envoy client to support obtaining its configuration via xDS. This talk will cover how gRPC fits into the xDS ecosystem. It will explain the advantages of supporting xDS in gRPC, particularly for service mesh deployments, and identify the set of xDS features that gRPC currently supports and the additional features that are on the roadmap. It will also discuss changes that were made to the xDS data model to support non-proxy clients like gRPC and various edge cases in the xDS transport protocol that were addressed along the way. The talk will also discuss how control plane operators and vendors can support gRPC xDS clients alongside Envoy.

Speakers

Mark D. Roth

Staff Software Engineer, Google

Mark Roth is a Staff Software Engineer at Google, where he is the technical lead for the gRPC C++ implementation. He has led the design and implementation effort of xDS support in gRPC in C++, Java, Go, and Node.js, and he has directly contributed to the C++ implementation.

Thursday October 15, 2020 8:30am - 9:00am PDT
Virtual

End User Track

8:30am PDT

Envoy on Windows: Use-cases, roadmap, and more

Ready to dive a little deeper into the world of Envoy on Windows? Learn about the ongoing efforts to enable the vast ecosystem of Windows applications to leverage the Envoy proxy, what it can do now, and what is coming next. Contributors have been hard at work bringing Windows platform support to Envoy. The project hopes to enable the vast ecosystem of Windows application architectures to leverage Envoy’s rich feature set and benefit from the vibrant Envoy open source community. This talk will show how Envoy users can start to use and evaluate Envoy on Windows, demonstrate how Envoy can be used to enable cloud-native applications on Windows, and discuss the roadmap ahead.

Speakers

Sunjay Bhatia

Staff Engineer, VMware

Sunjay is a maintainer of the Contour Ingress controller and contributor to Gateway API, the Envoy Gateway project, and other CNCF projects in the Kubernetes networking space. He has worked on implementing Windows support in Envoy proxy and various open source components in the Cloud... Read More →

David Schott

Program Manager, Microsoft

David is a Program Manager at Microsoft, working on network interoperability for containers and microservices across operating systems. He has been working on distributed systems, network virtualization, and is a contributor to several Cloud Native Open Source projects, including... Read More →

Thursday October 15, 2020 8:30am - 9:00am PDT
Virtual

Envoy Internal Track

9:00am PDT

How Niantic switched Pokémon GO to use Envoy

Niantic are the creators of Pokemon GO. As one of the world's most popular mobile games, Niantic needs to serve ##'s of players all across the world, concurrently, necessitating the need of a truly planet-scale solution. In this presentation, Rennana Yacobi, Server Core Infrastructure Lead, explains why Niantic made the transition from NGINX to Envoy, starting with the most important question of ‘Why Envoy?’, then reviewing Niantic’s journey with extending Envoy to support our proprietary protocol which includes websockets and player leasing, using xDS to minimize disruptions when scaling, load testing to ensure Envoy can handle millions of QPS at Pokemon GO's scale, where things fall apart, all the way until consolidating everything to the final launch.

Speakers

Renana Yacobi

Staff Software Engineer, Niantic

Renana Yacobi is responsible for delivering game experiences to millions of players across multiple mobile games including Pokemon GO and Harry Potter: Wizards Unite. Renana ensures end user satisfaction by building, scaling, and managing a highly reliable, available, and secure cloud... Read More →

Thursday October 15, 2020 9:00am - 9:30am PDT
Virtual

End User Track

9:00am PDT

xDS transport and versioning evolution

Envoy’s xDS APIs are the foundation for its control plane ecosystem. We are in the process of evolving them towards the Universal Data Plane API (UDPA), supporting clients beyond Envoy (e.g. Google’s gRPC libraries). We also continue to improve support for versioning in xDS and are following on from last year's introduction of major versions with minor/patch versions.

In the first part of this talk, we will dive into UDPA. We will focus on the next steps in the xDS transport protocol evolution. We will provide an introduction to a new URI-centric resource naming scheme and how this will allow for transport simplifications and elimination of technical debt in both Envoy and the control plane. We will also cover advanced use cases, such as federation, caching, control plane scalability and reliability wins.

In the second part of this talk, we will provide a recap on Envoy's existing API versioning story and discuss the implementation of minor/patch versioning for xDS resources. This incremental strategy is the plan-of-record for xDS, managing the trade-off between Envoy/xDS technical debt and control plane complexity/implementation cost.

Speakers

Harvey Tuch

Software Engineer, Google

Harvey Tuch is a Staff Software Engineer at Google where he leads the Envoy Platform team. He is an Envoy senior maintainer and is a driver of the Universal Dataplane API (UDPA) initiative. His Envoy interests include xDS APIs, security, fuzzing and performance.

Mark D. Roth

Staff Software Engineer, Google

Thursday October 15, 2020 9:00am - 9:30am PDT
Virtual

Envoy Internal Track

9:30am PDT

Changing Oil for a Fast Running (Side) Car Quickly and Safely

While we all want our features in production ASAP, safety - on the other hand - is the last thing we should sacrifice. At Pinterest, mesh configuration story looks like this: - thousands clusters - under 25 minutes to fully deploy through all stages and availability zones serially - 0 incidents during xDS v3 migration - every change is validated individually - full visibility into change and client history Thanks to comprehensive pre-deploy validation, holistic health checks and a specially designed feedback channel based on xDS, configuration roll-out is safe and yet very fast. The machinery carries every config change to VMs, dockerized hosts, and k8s automatically. Should an issue happen, it can spot the problem within a minute. In this talk, we will share the architecture, design considerations, good practices, and lessons learned along our path towards configuration nirvana.

Speakers

Fuyuan Bie

Staff Software Engineer, Pinterest

Fuyuan is a staff software engineer working for Pinterest. He has been using Envoy and open-source xDS protocol to address a lot of business-critical challenges. Before joining Pinterest. Fuyuan worked for Uber on its serverless product. And before Uber, he spent 9 years at Microsoft... Read More →

Thursday October 15, 2020 9:30am - 10:00am PDT
Virtual

End User Track

9:30am PDT

CacheFilter: Flexible HTTP Caching in Envoy

Web traffic relies extensively on caching proxies, and Envoy needs robust HTTP caching support to perform that role, but scaling and feature requirements vary too much for a "one size fits all" implementation. CacheFilter is an Envoy filter that handles the many caching-related request and response headers and directives, with the customizability and extensibility to support anything from single-server deployments to planetary-scale caching systems with extensive bespoke needs.

Speakers

Josiah Kiehl

Software Engineer, Google LLC

Josiah is a member of the Envoy project and engineer on Google's Cloud CDN.

Todd Greer

Software Engineer, Google LLC

Todd is the primary author of Envoy's pluggable HTTP caching filter, and has spent the last 7 years improving Google's HTTP caching infrastructure and Cloud CDN service.

EnvoyCon 2020 CacheFilter pdf

Thursday October 15, 2020 9:30am - 10:00am PDT
Virtual

Envoy Internal Track

10:00am PDT

Failing forward to 1 million requests per second

Many companies claim to have a work culture that celebrates failures, but few companies have tested that claim as thoroughly as Spotify did during our migration to Envoy. Come hear war stories of trying, failing, and failing some more with Envoy, and learn how to make sure you learn something new every time you fail.

Speakers

Axel Liljencrantz

Staff Engineer, Spotify

Axel is a general purpose fire fighter. During his 8 year tenure at Spotify, he has been granted the privilege to put out flaming dumpster fires in most parts of the Spotify back-end. He talks endlessly about his adventures, sometimes at conferences. He thinks dogs are better than... Read More →

Mikael Sundberg

Senior Engineer, Spotify

Mikaels car has its own Grafana instance. It runs in the cloud. He has over a decade of experience in back-end development, and a passion for teaching. He thinks dogs are better than cats.

Thursday October 15, 2020 10:00am - 10:30am PDT
Virtual

End User Track

10:00am PDT

Building idiomatic Envoy SDKs for Rust and Go

Support for WebAssembly is slowly coming into upstream Envoy.

Eager to get our hands dirty, we've embarked on a journey to develop our very first Envoy extensions in Rust and Go - languages beloved by the Cloud Native Community.

It's been a bumpy ride and we're happy we've made it :)

In this session we will share our learnings from building Envoy SDKs for Rust and Go:
* what challenges we've met
* what issues remain open
* what makes SDK ergonomic

We will give a demo of practical extensions that have been made possible so far and, most certainly, will beg Envoy folks to give us even more features we miss so much :)

Our goal is to raise awareness in the community about the current state of Wasm, and to invite everyone to collaborate on the SDK for the language of their choice.

Speakers

Yaroslav Skopets

Software Engineer, Tetrate

Yaro is a Software Engineer @ Tetrate and Envoy contributor. Currently, he works on `GetEnvoy Extension Toolkit` (https://www.getenvoy.io) and `Envoy SDK for Rust` (https://github.com/tetratelabs/envoy-wasm-rust-sdk). Previously, Yaro gave a talk `Making Envoy Contributions Feasible... Read More →

Takeshi Yoneda

Software Engineer, Tetrate

Takeshi is a software engineer at Tetrate working on proxy-wasm and WASM extensibility on Envoy. He is the creator of Proxy-wasm Go SDK, a contributor of proxy-wasm and TinyGo, and a maintainer of Flagger, a progressive delivery operator on Kubernetes.

EnvoyCon2020 Building Idiomatic Envoy SDKs for Rust and Go pdf

Thursday October 15, 2020 10:00am - 10:30am PDT
Virtual

Envoy Internal Track

10:30am PDT

Let's make envoy extensions easy!

Speakers

Varun Talwar

Founder and CEO, Tetrate

Thursday October 15, 2020 10:30am - 10:35am PDT
Virtual

Sponsored Talk

10:30am PDT

Break

Thursday October 15, 2020 10:30am - 11:00am PDT
Virtual

Breaks

10:35am PDT

The Road to Adopting Envoy at Red Hat

Speakers

Jamie Longmuir

Principal Product Manager, Red Hat

Thursday October 15, 2020 10:35am - 10:40am PDT
Virtual

Sponsored Talk

10:40am PDT

COVID API Hub: an Envoy Production Use Case

Speakers

Kaitlin Moreno

Software Developer, Grey Matter

Thursday October 15, 2020 10:40am - 10:45am PDT
Virtual

Sponsored Talk

11:00am PDT

Using Web Assembly to develop Envoy Filters for supporting Yahoo Headers

Today at Verizon Media (formerly Yahoo), the on-prem Kubernetes platform spans 35 clusters across multiple data centers serving ~2500 apps. There are 2 ingress layers - Apache Traffic Server (ATS) serving 2M peak RPS and Istio Ingress based Envoy Proxy with a peak of 220K RPS. One of the key plugins of ATS is the verification/generation of Yahoo Headers, used by apps to obtain downstream client information such as the remote address/port, and a signature generated using a combination of base64, MD5, and a private key to ensure header integrity. To migrate all ATS traffic to Envoy, it is necessary to port all plugins from ATS with minimal changes. To achieve this, an Envoy Web Assembly (Wasm) filter was implemented using the Proxy Wasm standard, which is able to process these headers. This talk will provide an overview of the filter implementation and the learnings achieved along the way.

Speakers

Mrunmayi Dhume

Principal Software Engineer, Verizon Media (Yahoo)

Mrunmayi Dhume is a Principal Software Engineer in the Core Infrastructure team at Verizon Media. She is part of the team responsible for providing L3/L4 routing solutions and leads the design and implementation of the routing layer and identity provider system components for Kubernetes... Read More →

Michael Cieplak

Software Engineer, Verizon Media (Yahoo)

Michael Cieplak is a Software Engineer working in the Core Infrastructure team at Verizon Media (formerly Yahoo). He is part of the team which works on modernizing the tech stack through Kubernetes/Istio and works on a variety of products ranging from ingress routing components to... Read More →

EnvoyCon 2020 Envoy Wasm Filters for supporting Yahoo Headers pdf

Thursday October 15, 2020 11:00am - 11:30am PDT
Virtual

End User Track

11:00am PDT

Hands-on WASM filters and singletons

In this presentation, Emmanuel will start by introducing the basics of WASM extensions, but will quickly move on to his project of developing a custom authz/authn with WASM. He will talk about his decision making process and introduce his development environments on k8s and docker-compose. He will be covering his software architecture, such as the use of a singleton stack and chained WASM filters. Covered topics also includes WASM bytecode download (LDS), policy download, prometheus metrics, library integration, data sharing, hidden headers, code testing, debugging technics, performance measurements for a real project! This presentation will also touch on practical issues such as programming languages choice (C++, rust, assembly script, tinyGo), learning curves, build pipelines, and development velocity (carvel/ytt)

Speakers

Emmanuel Mayssat

DevOPS Staff Engineer, American Express

Currently at American Express. Areas of interest include not only Envoy, xDS, Bazel, C++, google-test, gRPC/protobuf, proxy WASM, and more proxy WASM! But also Anthos, Tanzu, RH Openshift, data/control plane, Istio service mesh, API gateways, FaaS, Knative, Buildpacks, Tekton, Riff... Read More →

Thursday October 15, 2020 11:00am - 11:30am PDT
Virtual

Envoy Internal Track

11:30am PDT

Safely deploying a 100K line Envoy YAML configuration to production

Have you ever caused a production incident due to an Envoy misconfiguration? You’re not alone! This talk is about how Lyft has built guardrails to prevent such failures. The presenters will share their experience operating Envoy configurations at scale. They will explore the challenges around handling constantly changing cluster and routing configurations and the tools used to guarantee accuracy and consistency in those changes. These tools empower service owners less familiar with Envoy to make configuration changes independently and quickly without approval barriers. This talk will introduce the audience to various Envoy configuration testing strategies:

Validating behavior for thousands of routes to avoid blackholing traffic
Auditing and safely removing unused routes and clusters
Safely deprecating fields between Envoy versions
Validating Envoy’s static and realtime configurations

Speakers

Jyoti Mahapatra

Software Engineer, Lyft

Jyoti Mahapatra is a software engineer on the Networking team, working on the networking team at Lyft. Before Lyft, he worked at Microsoft in multiple projects, namely Azure HdInsight, Microsoft Teams and Azure Devops. Jyoti enjoys working on infrastructure projects and will be speaking... Read More →

Lisa Lu

Research Fellow, Stanford Law School

Lisa Lu was previously a software engineer on the Networking team at Lyft, where she worked on operating Envoy and its configurations for the service mesh and the edge. The router check tool was the first project she worked on for Lyft and open source Envoy, and she has been passionate... Read More →

EnvoyCon 2020 Slides pdf

Thursday October 15, 2020 11:30am - 12:00pm PDT
Virtual

End User Track

11:30am PDT

Understanding, maintaining and securing Envoy's supply chain

Envoy depends on over 60 external dependencies for its data and control plane functionality, as well as for its build, test and features such as observability. This talk will provide an overview of the third party dependencies that constitute the Envoy software supply chain. We will enumerate, categorize and describe the key dependencies, with a focus on security and how they relate to the Envoy threat model. The talk will cover how Envoy’s dependencies have been maintained, versioned and tested, how the Envoy community plans to evolve and increase confidence in the supply chain, as well as how organizations can apply strategies to minimize unnecessary dependencies.

Speakers

Michael Payne

Executive Director, JPMorgan Chase

Michael Payne is an engineer at JPMorgan Chase where he leads the Kubernetes Architecture team. He works with the Envoy community particularly in the areas of dependency management and supply chain. His Envoy interests include new protocols (UDP, HTTP/3), load balancing and egress... Read More →

Harvey Tuch

Software Engineer, Google

Understanding, maintaining and securing Envoy's supply chain pdf

Thursday October 15, 2020 11:30am - 12:00pm PDT
Virtual

Envoy Internal Track

12:00pm PDT

Improving performance of RPCs with envoy at Wikimedia

Performance of remote procedure calls between services depend on a lot of factors, but when you start doing RPCs over a high latency network and/or using TLS (so when you have to perform RPCs across different datacenters, for example), the cost of establishing a connection is very steep. This is particularly problematic for environment which don't support persistent connection pools - one notable example being the PHP language, that we use to run MediaWiki. This talk will go through how Wikimedia introduced envoy in its mixed on-prem/kubernetes environment, and how that allowed to improve the performance, reliability and observability of its stack. Particular focus will be put on: the performance effects for our PHP applications running at scale, the operational problems adopting envoy allowed solving, and the challenges introduced by moving to use it.

Speakers

Giuseppe Lavagetto

Principal Site Reliability Engineer, Wikimedia Foundation

An astrophysicist by trade, I have been disguising myself for the last decade as an SRE for the Wikimedia Foundation, the non-profit that runs your favourite free online encyclopedia. My work focuses mostly on making our application layer flexible, automated and dynamic.

envoycon 2020 pdf

Thursday October 15, 2020 12:00pm - 12:30pm PDT
Virtual

End User Track

12:00pm PDT

PostgreSQL Network Filter for EnvoyProxy

How do you monitor Postgres? What information can you get out of it, and to what degree does this information help to troubleshoot operational issues? What if you want/need to log all the queries? That may bring heavy trafficked databases down. At OnGres we’re obsessed with improving PostgreSQL’s observability. So we worked together with Tetrate folks on an Envoy’s Network Filter extension for PostgreSQL, to provide and extend observability of the traffic inout a cluster infrastructure. This extension is public and open source. You can use it anywhere you use Envoy. It allows you to capture automated metrics and to debug network traffic. This talk will be a technical deep-dive into PostgreSQL’s protocol decoding, Envoy proxy filters and will cover all the capabilities of the tool and its usage and deployment in any environment.

Speakers

Fabrízio de Royes Mello

PostgreSQL Developer, OnGres Inc

Currently help people and teams to take the full potential of relational databases, especially PostgreSQL, helping them to design the structure of the database (modeling), build physical architecture (database schema), programming (procedural languages), SQL (usage, tuning, best practices... Read More →

Christoph Pakulski

Software Engineer, Tetrate

Christoph has been involved in development of network delivery systems for close to 20 years. His area of expertise include network security, routing, wireless protocols and video delivery systems. He specializes in time critical, event driven systems. Currently he works at Tetrate... Read More →

PostgreSQL Network Filter for EnvoyProxy pdf

Thursday October 15, 2020 12:00pm - 12:30pm PDT
Virtual

Envoy Internal Track

12:30pm PDT

Authorization with Envoy at Square

Every organization has different authentication and authorization needs and it is not always clear how Envoy can help to abstract this from the application layer. In this talk we will show you how Square leverages Envoy's ’s ext_authz filter and how our centralized authorization service has become the new source of truth for hundreds of services. We will cover how we migrated multiple authorization libraries to this centralized authorization service and how we rolled out these changes to production. This process has benefited other teams and allowed them to launch new features that were previously not possible.

Speakers

Jelle Vanhorenbeke

Software Engineer, Square Inc

Software Engineer on Square's developers IAM team. Currently working on productionizing an Envoy based Authentication and Authorization solution for all of Square's services.

EnvoyCon 2020 Authorization at Square Jelle Vanhorenbeke pdf

Thursday October 15, 2020 12:30pm - 1:00pm PDT
Virtual

End User Track

12:30pm PDT

Community and Extensibility: Building Envoy's Flexible Compression Subsystem

HTTP compression is used by web proxies to compress data before sending it out over the wire. This saves network bandwidth and speeds up transfers. Until its v1.15 release, Envoy implemented limited unidirectional Gzip compression. Through a cross-company (also cross-continent!) collaboration, compression was generalized to its own extension subsystem to make it possible to add new compression schemes, custom implementations of existing formats, and have fully bidirectional (de)decompression. This talk will walk the audience through the evolution of compression in Envoy, highlighting the flexibility of the extension system, and dive into two use cases now possible with compression subsystem: 0-touch bidirectional (de)compression between mobile clients and edge; and new compression implementations now possible, e.g., a compressor utilizing HW accelerators to optimize server compute.

Speakers

Mikko Yinen

Cloud Software Architect, Intel

Mikko Ylinen is a cloud and edge software architect at Intel’s Cloud Software open source team. He comes with an embedded linux and operating systems engineering background but has most recently worked on security and confidential computing related topics in containers and cloud... Read More →

Jose Nino

Senior Software Engineer, Lyft

Jose Nino worked on Lyft’s Networking team for 2+ years building out infrastructure that enabled Lyft to scale technically and socially as it developed and rolled out an Envoy-based service-oriented architecture. He was instrumental in building control plane technologies, and resilience... Read More →

Thursday October 15, 2020 12:30pm - 1:00pm PDT
Virtual

Envoy Internal Track

1:00pm PDT

xds-relay: Performance initiatives for control plane management

In this talk, presenters will share their experience running Envoy and Lyft’s control plane at scale. They will explore the challenges of operating Lyft’s service mesh to be reactive to Kubernetes’ dynamic infrastructure and evolving xDS versions. This talk is a deep dive into a new open source project, xds-relay, that the Lyft team has developed to bring their solutions to the greater community. xds-relay is a lightweight caching, aggregation, and low latency distribution layer for xDS compliant clients and servers. At scale, xds-relay reliably distributes xDS protos to thousands of xDS clients over gRPC. Join Lyft’s journey as the presenters share how Lyft envisions the future of control planes. The presenters will cover a range of topics including pluggable xDS transformations, automatic endpoint subsetting, API driven configurations, and State-of-the-world to Delta xDS conversion.

Speakers

Jessica Yuen

Software Engineer, Lyft

Jess Yuen is the lead for the xds-relay project and an engineer on the Networking team at Lyft. She works closely with service mesh technologies and gravitates towards building resilient systems that are performant at scale. Prior to Lyft, she worked at Heptio on Kubernetes projects... Read More →

Jyoti Mahapatra

Software Engineer, Lyft

Thursday October 15, 2020 1:00pm - 1:30pm PDT
Virtual

End User Track

1:00pm PDT

Envoy on Kittens: Improving Developer and Maintainer Velocity

In this talk Itay will present RepoKitteh (https://repokitteh.io), a lightweight, rapid and low cost approach for GitHub automation. The presenter will explain the necessity for GitHub automation, how RepoKitteh approaches the problem and how it compares to the alternatives, such hand crafted custom integrations and GitHub actions. The integration with Envoy will be detailed, and a demonstration of implementing new automations will be given. At the end of this talk, Envoy contributors will be empowered and inspired to add their own RepoKitteh integrations.

Speakers

Itay Donanhirsh

Software Engineer, SoftKitteh LLC

Itay Donanhirsh is a software engineer at Checkr focused on highly distributed systems. Prior to Checkr, he was working for Lyft. His experience with CI systems and interactions of developers with it inspired the creation of RepoKitteh, which is the subject of this talk. Among other... Read More →

Thursday October 15, 2020 1:00pm - 1:30pm PDT
Virtual

Envoy Internal Track