ICYMI, IstioCon ‘21 was happening previous week 22-26 Feb 2021. Luckily the videos are still there, so if you want to check what’s been discussed you can still do it, it’s nice that you can login with  Apple ID also 😉

Talks I found interesting #

I want to sketch a mesh for you - by Christian Posta #

• ✨ installing the Istio control plane with the revision flag istioctl install ... --revision 1-0-3
  • version istio control planes & components to separate them from each other, as an operator of a system, the service mesh is a critical component of that system
  • canary upgrades through both Control Planes where workloads are managed by each of them
• was doing the istio-workshop
• using HashiCorp Vault as your CA
• cool  AirPods Max, really good sound quality 👍

Improving Security with Istio #

• Alex Soto was screaming a lot, was funny

Taming Istio configuration with Helm #

• Ryan Michela showed off here other sides of Helm:
  • sometimes you find broken or incomplete charts
  • CRDs problem is not solved on both Helm or Kubernetes sides and sometimes results in intermitent installation failures caused by race conditions in K8s
  • writing charts is tedious
  • You don’t need most of Helm to get the most from Helm
• ✨ Helm Starters – ok, this is something that I just found out 🤔
  • it’s a Helm chart that makes helm charts 😮
  • helm create my-service --starter some/thing
• used bookinfo in the demos

Deep dive into Istio Auth Policies #

• ✨ Lawrence Gadban just showed me that Istio has OPA (Open Policy Agent) built-in; not the real OPA, but it mimics that functionality with the Auth Policies
• Istio mTLS == Envoy at its core
• SPIFFE – doesn’t matter what the accronyms mean, keep in mind that it’s there to remove the need for app-level authentication & complex network level ACL config

Istio Debugging: Finding and fixing issues in a multi-cluster service graph #

• Eitan & Scott emphasized the fact that Service Mesh provides telemetry data OOTB
• your Single Pane of Glass (SPOG) collects telemetry data accross multiple envs
• what caught my eye was their (solo.io) definition for Single Pane of Glass:
  • a layer which aggregates all of your telemetry data in a single place
  • adds context for cross-cluster and hybrid-env data
  • creates actionable, useful metrics to help prevent and or solve outages
• show that SPOG & manually inject faults
  • helps understand & grok what’s going on in the system

Debugging Istio within the Department of Defense #

• Nick Nellis & Adam Toy gave this presentation, most interesting part was Adam’s, here’s why
• DevSecOps managed services, team name’s Platform One
• plain and simple application flow diagram (top to bottom)
• did a clear demo showing off how he introduced faults
• really valuable that often he showed on the slides where we’re at in the whole app flow
• check the Response Headers of the 404 request in the WebInspector browser
• ✨ covers 90% of the issues troubleshooting Istio -> istioctl analyze

Wrap up #

Most interesting talk for me was Adam Toy’s as I can clearly see that he repeated it multiple times, so he was sure of all the steps he was following there.

I could only follow 2 days in a row with the live sessions, then I lost interest as I couldn’t follow some presentations (they were really bad prepared), so I decided to just watch the recordings.

Overall, this IstioCon ‘21 was a win, as I managed to learn quite some new stuff about Istio overall, well, tbh, most important part for me was the troubleshooting and solving real life problems.

PS: everything marked with ✨ are stuff that I won after this Con, thanks guys for the great conference!