October 11, 2021
Los Angeles, California + Virtual
View More Details Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Any (Anyone can attend - no experience required) [clear filter]
Monday, October 11

9:00am PDT

Opening Remarks - Matt Klein, Creator of Envoy & Engineer, Lyft
Join us as we kick off EnvoyCon North America 2021!


Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the creator of Envoy. He has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the... Read More →

Monday October 11, 2021 9:00am - 9:10am PDT
Room 502 AB + Online

9:10am PDT

Using Envoy as an Egress Proxy for TLS Enabled Traffic - Amit Jain & Kiran Kumar, VMware
Modern apps are increasingly relying on using external 3rd party services (such as Twilio for e.g) and shared cloud services (such as S3 for e.g.). External interactions are important not only for security but for the app's continuity and resiliency as well. The use of Envoy as an egress proxy for external interactions has been limited though, mostly as the external interactions are TLS protected and Envoy is not able to decrypt the external TLS sessions. This session demos a solution that enables Envoy as an egress proxy for external access. It builds upon a combined approach of deploying Envoy as a transparent egress sidecar proxy along with the SSLproxy (github.com/sonertari/SSLproxy). In this approach, SSLproxy acts as a transparent TLS interception proxy and Envoy provides traffic management & security on the decrypted traffic. We dive into the traffic stitching mechanism and a new Envoy listener filter that acts as the glue between Envoy and SSLproxy and extends Envoy for the integrated solution.

avatar for Kiran Kumar

Kiran Kumar

Software Architect, VMware
Kiran is a software architect at VMware. Prior to joining VMware, worked at Mesh7 (acquired by VMware), a cloud-native application security company.
avatar for Amit Jain

Amit Jain

Director Of Research & Development, VMware
Amit Jain is currently leading App Security & Services team for Modern Cloud-Native apps at VMware. Prior to joining VMware, Amit Jain founded Mesh7 (acquired by VMware), a cloud-native application security company, and served as the CTO.Amit has 20+ yrs. of experience in architecting... Read More →

Monday October 11, 2021 9:10am - 9:40am PDT
Room 502 AB + Online

9:40am PDT

Lessons Learned: Four Years with Emissary-ingress and Envoy - Flynn, Ambassador Labs
The Emissary-ingress (née Ambassador API Gateway) project got its start in 2017, with the stated goal of making it easy for developers to harness the power and flexibility of Envoy, in Kubernetes, without needing to be experts on either Envoy or Kubernetes. Realizing that goal has been quite a journey: to bring Envoy to non-experts, the Emissary-ingress team has needed to learn an enormous amount about how Envoy, from the basics of how it works and how to configure it to best effect, to how to build it, test it, extend it, and debug it. The experience has been by turns challenging, surprising, frustrating, delightful, and ultimately extremely rewarding: after four years, Emissary-ingress is a CNCF project running in thousands of installations around the world, bringing Envoy into production use for organizations that wouldn't otherwise be able to take advantage of it. Join Flynn from Ambassador Labs to dive further into the challenges we've seen, the many lessons we've learned along the way, and the things we think anyone working with Envoy should know.

avatar for Flynn


Technical Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →

Monday October 11, 2021 9:40am - 10:10am PDT
Room 502 AB + Online

10:30am PDT

Health Checks: A Boon or a Curse? - Venil Noronha & John Murray, Stripe
Health checks are an essential part of distributed systems of today that allow one to operate services in a reliable manner. Without health checks, operating a large latency-sensitive system becomes impossible. However, as the composition of environments differ, it can become a real burden to support health checks. Additionally, as the system scales, users tend to face the dreaded N-square problem, and then hit a tipping point, and traditional solutions don't seem to work. In this talk, we will discuss the benefits of health checks in Envoy, some problems we have encountered at scale at Stripe, and options to mitigate such issues.

avatar for John Murray

John Murray

Software Engineer, Stripe
John is an infrastructure Engineer working on the Service Networking team at Stripe. He is an occasional contributor to Envoy proxy and has spent most of his career working with web-services.
avatar for Venil Noronha

Venil Noronha

Software Engineer, Stripe
Venil Noronha is an engineer with the Service Networking team at Stripe. He contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and Golan... Read More →

Monday October 11, 2021 10:30am - 11:00am PDT
Room 502 AB + Online

1:15pm PDT

Lightning Talk: Connecting the (Proxy) Dots: A Beginners Guide to Reading Envoy Debug Logs - Casey Kurosawa, Ambassador Labs
In the world of support engineering, one of the most valuable questions you can answer is "where is this problem coming from?" When it comes to debugging Envoy Proxy-based applications -- where the traffic can be coming in and out, backwards and sideways -- it can be particularly difficult to answer this question when you’re trying to figure out why a request is failing. This talk will provide a brief overview of how Envoy is structured, and then conduct a live walk through of the debug logs of a request. Attendees will learn how the information in these logs relate to Envoy's internal mechanics.


Casey Kurosawa

Solutions Engineer, Ambassador Labs

Monday October 11, 2021 1:15pm - 1:25pm PDT
Room 502 AB + Online

1:25pm PDT

Lightning Talk: State of Go Control Plane: What Does the Future Behold? - Alec Holmes, greymatter.io
In the recent years of Envoy’s lifecycle, the service mesh landscape has matured drastically. With the industry growing and utilizing the xDS APIs, the products coming to market and the various solutions designed around the complexities of envoys discovery mechanisms, control plane bifurcation and disparity are more relevant than ever. Go Control Plane has become a targeted part of the Envoy ecosystem, and this talk will walk through what's planned in the pipeline, and what has been merged in this year.

avatar for Alec Holmes

Alec Holmes

Software Engineer, greymatter.io
My name is Alec Holmes, I'm a core engineer at Greymatter.io working on our product and love growing the Envoy project. I'm actively maintaining go-control-plane and deeply enjoy experiencing world wide collaboration in the Envoy ecosystem . Talk to me about anything! I love Go, xDS... Read More →

Monday October 11, 2021 1:25pm - 1:35pm PDT
Room 502 AB + Online

2:05pm PDT

Extending Envoy Using WebAssembly (Wasm) - Daneyon Hansen, Tetrate
If you’ve ever wondered what WebAssembly (Wasm) is and how it works with Envoy, this session is for you. At the heart of Envoy lies a variety of filters that provide features such as network routing, observability, and security. Did you know that you can also write your own filters to extend Envoy functionality? In this session, you will learn about Envoy extensibility and the details of extending Envoy with Wasm.

avatar for Daneyon Hansen

Daneyon Hansen

Software Engineer, Solo.io
As a Software Engineer at Solo.io, Daneyon has a wide range of technical responsibilities. He has contributed to several CNCF projects and was a maintainer of Contour, Envoy Gateway, and Gateway API before joining Solo.io. Daneyon is currently focused on adding Gateway API support... Read More →

Monday October 11, 2021 2:05pm - 2:35pm PDT
Room 502 AB + Online

3:55pm PDT

Speeding up Istio: Our Journey Implementing Delta xDS - Aditya S Prerepa, Tetrate & John Howard, Google
xDS is the way config is distributed to Envoy. Most of the ways the xDS API is implemented today (and in Istio) is through the state-of-the-world design. If one out of a thousand clusters changes and Envoy needs to know about the change, most control planes (including Istio) will send all of the thousand clusters to reflect the configuration change. On top of that, every configuration type is converged into one stream with Istio (ADS), which does not do the network any favors. This is the “quick and dirty” way, when logically, there should be no reason to send configuration when it hasn’t changed. This is what the delta xDS API aims to solve. Delta (or incremental) xDS is a variant of ADS/xDS, which has a different interface. If one configuration changes, that is the only configuration that will be sent. Istio is having quite a journey implementing delta xDS, sending only the “deltas” in configuration changes. Especially in a service mesh like Istio, which is the largest and most in-use mesh, there are quite a few caveats that need to be covered. This talk will be about the journey of Istio in implementing delta xDS, along with the expected benefits & apparent struggles that we had, along with guidance for future implementers of this amazing API.

avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, as a maintainer and member of the Technical Oversight Committee.
avatar for Aditya S Prerepa

Aditya S Prerepa

Software Engineer, Tetrate
Aditya is a maintainer for Istio and is a senior in high school. He works at Tetrate.

Monday October 11, 2021 3:55pm - 4:25pm PDT
Room 502 AB + Online

4:25pm PDT

Closing Remarks - Matt Klein, Creator of Envoy & Engineer, Lyft
Join us for closing remarks and a wrap-up of the day's content!


Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the creator of Envoy. He has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the... Read More →

Monday October 11, 2021 4:25pm - 4:35pm PDT
Room 502 AB + Online
  • Timezone
  • Filter By Venue Los Angeles, CA, USA
  • Filter By Type
  • Breakout Sessions
  • Closing Remarks
  • Lightning Talks
  • Networking
  • Opening Remarks
  • Content Experience Level
  • Talk Type

Filter sessions
Apply filters to sessions.