EnvoyCon 2019 has ended
November 18, 2019 | San Diego, California
View More Details
Back To Schedule
Monday, November 18 • 9:50am - 10:00am
Envoy Namespaces - Operating an Envoy-based Service Mesh at a Fraction of the Cost - Thomas Graf, Cilium / Isovalent

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The most common architecture currently includes running Envoy as a sidecar proxy inside of application pods. This provides an excellent resource and security isolation but comes at a steep resource consumption cost. Each individual sidecar proxy is running as a separate process and is duplicating all required resources.

This session will introduce the concept of namespaces to Envoy. Similar to namespacing in the Linux kernel which serves as the foundation for containerization, namespaces for Envoy allow to isolate resources and thus share an Envoy instance among multiple application pods running on a single node without losing any of the isolation properties. We’ll look at how a service mesh can be operated at a fraction of the required resources while still providing virtualized logical Envoy instances which present themselves to Envoy control planes as if they were running as a sidecar.

avatar for Thomas Graf

Thomas Graf

Co-Founder & CTO, Cilium / Isovalent
Thomas Graf is Co-Founder & CTO at Isovalent and creator of the Cilium project. Before this, Thomas has been a Linux kernel developer focusing on networking and security for many years.

Monday November 18, 2019 9:50am - 10:00am PST
Pacific Ballroom 16/17/19