Rohit Ghumare
CNCF Ambassador
Dombivli, India
As a Google Developer Expert specializing in Google Cloud, I am a passionate DevOps Advocate and a dedicated Community Evangelist. I lead and nurture multiple communities across diverse platforms, fostering DevOps and Developer Relations awareness. My commitment to the open-source ecosystem is demonstrated through delivering presentations, crafting documentation and blogs, and contributing code. Presently, my focus is on innovating within the service mesh technology stack.
Links
Area of Expertise
Topics
What Does Istio Ambient Mesh Mean For Your Wallet?
Istio is the most widely used service mesh platform in the world for large-scale production deployments. In September 2022, Google and Solo.io announced the release of the Istio Ambient Mesh to the community. Ambient offers a revolutionary data-plane architecture that allows service mesh users to ditch sidecars. It slashes operational complexity and enables incremental mesh adoption, all while reducing cost and computational overhead within a service mesh.
Injected sidecars can be replaced by two new components. First is a node-level zero-trust tunnel (ztunnel) that provides mTLS and Layer-4 capabilities. A service-account-level proxy called a waypoint leverages Envoy to deliver Layer-7 capabilities.
This talk will help you understand both the why and how of Istio Ambient Mesh. It includes a demo showcasing the new capabilities, including onboarding new services without sidecars and mixing Ambient with traditional sidecar-injected services. It will also provide pointers to further no-cost educational opportunities and user certification options.
Securing service meshes with eBPF
eBPF has several use-cases. For instance, it can be used by anyone trying to add traffic control, create network policy, add observability, routing traffic to a service mesh control plane, or for load balancing. Securing your applications with a defense in depth architecture and gaining visibility in your application behavior are the two key requirements to be successful in any modern cloud native deployment. While service meshes like Istio provide these capabilities via a user space proxy mechanism it's not always feasible to inject sidecars proxies for all your applications. On the other hand Kernel technologies like eBPF when used in a CNI like Cilium provides security and metrics transparently but lacks the richness of information and policy capabilities provided by a layer 7 proxy with strong identities.
In this session, We will present how we can leverage capabilities provided by both these technologies and achieve better security and observability ensuring all your applications can have uniform policy and visibility irrespective of whether they are in the mesh or not or if they are running as a container in Kubernetes or long running VM where making privileged changes are often not possible.
Art of DevOps: Harmonizing Code, Culture, and Continuous Delivery
In software development and IT operations, DevOps stands out as a masterpiece that merges the artistry of code creation with the discipline of operational excellence. This session delves into the "Art of DevOps," highlighting how it transcends mere technological practices and becomes a culture of continuous improvement, collaboration, and innovation. Participants will gain insights into the core principles of DevOps, understand its transformative impact on organizations, and learn how to integrate development and operations teams seamlessly. By marrying the agility of development with the stability of operations, DevOps acts as the paintbrush that crafts high-quality software products and services. Join us to explore the palette of tools, techniques, and best practices that make DevOps a transformative art form in the world of technology.
Service mesh but without the Side-car on top of GKE
A service mesh like Istio can provide foundational mechanisms to implement a zero-trust application and network architecture, however, it introduces operational complexity. What if we can get the best of the service-mesh security primitives like workload identity, and mutual TLS while reducing operational complexity? A completely sidecar-free mesh can improve a security posture with cryptographic workload identity, and Layer 4, and Layer 7 policies without the cost of ownership of current service mesh implementations.
- Deploy an application on GKE using a service mesh
- Service mesh with no side-care i.e. dream come true better for networking
- Observability on Prometheus and Grafana
- Application Up in a more efficient way
Sidecar-less Service mesh, Is it a dream or a reality ?
Every service mesh, including Istio, uses a sidecar proxy as its data plane. With this pattern, a mesh can intercept and enhance the capability of networking communication on behalf of an application. However, this sidecar deployment pattern comes with a set of challenges which include operational cost and complexity. With the advent of eBPF in modern kernels and some coordination with the Linux networking capabilities, we can remove the need to have a sidecar and adopt a transparent approach. In this talk, we dive into the future of Istio to show how Istio can run in an ambient mode while maintaining the features of Istio running in a standard mode.
Benefits: the top concerns we address with sidecar-less mode are simplified operational and management overhead, broader application compatibility, reduced infrastructure costs, and improved performance.
Kubernetes Observability with eBPF
eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. BumbleBee (https://github.com/solo-io/bumblebee) is a new Open Source project which helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components - automatically exposing your data as metrics or logs. In this workshop, we're introducing eBPF and the different ways to create eBPF programs. Then, attendees are creating their first eBPF program using BCC and libbpf to have a better understanding of the main concepts. Finally, they are going through several labs to build and deploy an eBPF program with BumbleBee. They also deploy Prometheus and a web application on Kubernetes to display all the communications happening in the Kubernetes cluster.
90DaysOfDevOps - 2024 Community Edition Sessionize Event
API World 2023 Sessionize Event
State of Open Con 23 Sessionize Event
Devfest Mumbai 2022 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top