Sep 20, 2022
Believe it or not, it’s time for KubeCon + CloudNativeCon NA 2022—and once again you’ll find a ton of great Linkerd content there. We’ve put together this Linkerd Community Guide to help make sure you don't miss any of these delightful nuggets of Linkerd goodness.
You’ll be able to find us at three different booths this year: Buoyant will have a booth in the expo hall, Linkerd will have a kiosk in the Project Pavilion, and of course we’ll be running our virtual booth. And if that’s still not enough, we’ll be at KubeCrash on October 5 and 6, and at ServiceMeshCon on Tuesday. Read on for the details!
KubeCrash is a virtual free conference focused on crash courses for open source tech. Taking place on October 5 from 12 pm to 6 pm Central European Time and October 6 from 12pm to 6pm Eastern Time, there's a spot for everyone's timezone. To learn more about the event, check out our KubeCrash announcement . We hope to see you there!
KubeCon North America will be happening live in Detroit, Michigan, from October 24 to 29. In addition to the Linkerd talks during KubeCon itself, Buoyant is hosting a day-zero workshop on Linkerd in production and delivering multiple talks at ServiceMeshCon!
You’ll be able to find Linkerd maintainers at the Linkerd booth in the CNCF Project Pavilion, as well as the Buoyant booth (S53). Both are located in the sponsor expo hall. Come by for a live conversation with the people behind your favorite service mesh!
Here's our pick for Linkerd-related talks and workshops at KubeCon and ServiceMeshCon.
9am - 1 pm: Service Mesh in Production with Linkerd (workshop) — Flynn, Buoyant
Buoyant will be hosting a hands-on workshop at Fort Pontchartrain Detroit (steps from the convention center!), where we’ll cover how to run a service mesh in production. Participants will install Linkerd on a Kubernetes cluster, then work through Linkerd’s installation, care, and feeding, following production-ready best practices. We will cover high-availability deployments, avoiding downtime during upgrades and certificate rotation, Linkerd 2.12’s new route-based policies and iptables-NFT mechanisms, and — of course — Linkerd's reliability, security, and observability features. If time permits, we will explore multicluster Linkerd as well.
9:25 - 9:55 am: Building a scalable, compliant, multi-cloud bank with a service mesh — Kasper Nissen, Lunar Bank
Kasper will share how Lunar Bank built a scalable, multi-cloud bank with cloud native tech (including Linkerd!), allowing for rapid product iteration while simplifying compliance with strict regulatory requirements. The flexible technical setup also allows them to rapidly absorb newly acquired startups, ensuring they start generating value for the bank quickly.
10:15 - 11:45 pm: Zero Trust Networking in Practice with a Service Mesh (workshop) — Jason Morgan, Buoyant
This hands-on workshop is all about learning the ins and outs of a zero-trust approach to Kubernetes security. We’ll talk about the elements of overall Kubernetes security that must be in place before a service mesh can be effective, including a basic threat model for Kubernetes clusters as a whole; encryption, authentication, and authorization of traffic within the cluster; how to effectively use the least-privilege model of security; and more. This workshop will use Linkerd, cert-manager, and Kyverno but the techniques will be applicable to many different projects.
1:15 - 1:25 pm: Writing Kubernetes controllers with Rust (kube-rs, kubert) — Eliza Weisman, Buoyant
The Rust programming language is an excellent choice for writing reliable, fault-tolerant, efficient, and safe software – exactly what you want in a Kubernetes controller. In this session, Linkerd maintainer Eliza Weisman will take a lightning look at the Linkerd team’s experience when they chose to use Rust to write the new Linkerd policy controller
2:55 - 3:25 pm: Stretching CNI Boundaries with Service Meshes, a Roadmap for the Future — Alex Leong, Buoyant
Container Network Interface (CNI) plugins such as Calico or Cilium are typically used to give cluster operators a way to manage container network connectivity and policy. However, service meshes such as Linkerd and Istio also use CNI plugins to manage the networking rules that allow their sidecar proxies to intercept incoming and outgoing traffic. This makes it increasingly common to have more than one CNI plugin installed at a time, which can lead to race conditions where the CNI plugins compete. Join Alex for a look at how this happens and what you can do about it.
3:25pm - 4:00pm: Flagger, Linkerd, And Gateway API: Oh My! — Jason Morgan, Buoyant & Sanskar Jaiswal, Weaveworks
In this session, you’ll learn about Flagger, Linkerd, and the Gateway API specification. You’ll also learn how to use Flagger and Linkerd to enable automated progressive delivery. The Gateway API specification is gaining momentum in the Kubernetes space as it attempts to change how users manage traffic. Both Flagger and Linkerd were able to standardize on the Gateway API to enable their users to simplify how they define traffic management within, and between, their clusters. Join Jason and Sanskar to discuss how each project independently implemented the Gateway API, how those implementations benefitted their respective projects, and how this allowed them to work together without any explicit configuration.
5:25pm - 6:00pm: Whose Packet Is It Anyway? Life of a Packet Through a Service Mesh — Kevin Leimkuhler, Buoyant & Doug Jordan, Airbnb
In this talk, Kevin and Doug will trace a packet through its journey between a meshed client and server. They'll explore how the path of a packet changes after installing a service mesh, the additional hops it introduces, and which networking changes ensure the application's behavior isn't affected. First they'll observe the networking rule changes that allow for a proxy to intercept traffic. Once we understand what changes about how a packet travels through the kernel, we'll better understand how to observe it in the following steps. Next, in order to observe this packet on its journey they'll take a dive into the Kubernetes networking debugging space. How do you properly use debug containers to observe traffic between other containers? Once you have debugging capabilities, what tools can we use to observe the traffic? Using these tools, attendees will understand what is happening behind the scenes of a service mesh and how a packet travels within it.
2:30pm - 3:05pm: Overview and state of Linkerd. Alex Leong, Buoyant
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd's recent adoption of the Gateway API and the many new features that move unlocks.
11:00am - 11:35am: Emissary + Linkerd Resilience Patterns: Rate Limits, Retries & Timeout. Flynn, Buoyant & Daniel Bryant, Ambassador Labs
Emissary-ingress and Linkerd have long put a focus on offering the features you need in the real world while also providing operational simplicity. In this joint talk, Flynn and Daniel will cover the different ways these tools can work together to provide the resilience that cloud-native apps need, while maintaining the simplicity and reliability that lets everyone sleep at night.
2:55pm - 3:30pm: What We Learned From the Gateway API: Designing Linkerd’s New Policy CRD. Matei David, Buoyant
A major new feature in Linkerd 2.12 was the introduction of policy-based routing, using CRDs from the Gateway API. In this talk, Linkerd maintainer Matei will take a detailed look at the concepts that Linkerd borrowed from the Gateway API, how Linkerd’s internal models had to change to accommodate them, and what this change means for users down the road. A major focus of the talk is Linkerd’s incorporation of the policy-attachment model outlined by the SIG-Network community, and its implications for the future of Linkerd.
Do you have a Linkerd story you'd like to share at the next KubeCon, but aren't sure how to make it happen? We'd be thrilled to help you get started. Sign up for the Linkerd Community Anchor Program and some very friendly people will give you hands-on help in telling your story.
If you can't make it to Kubecon this year, don't worry. You can always find us in the Linkerd Slack channel — hop in and say hi. Whether in person or virtually, we hope to see you at KubeCon NA in Detroit!