We’re still riding the wave of excitement from the amazing week that was KubeCon + CloudNativeCon North America 2024 in Salt Lake City. This KubeCon was a momentous occasion for the Solo.io team and cloud-native community. We proudly made multiple major announcements including the release of community website ambientmesh.io and the donation of Gloo Gateway OSS to the CNCF designed to help the community revolutionize their API connectivity with our new solution pattern Omni Gateway.
There was A LOT to cover at KubeCon this year so Lin Sun, Director of Open Source @ Solo.io and I divided and conquered coverage over the week and have put together our top highlights from the week:
Day One: Monday, Nov 11th - Kubernetes Contributor Summit
I kicked off my KubeCon week with the North America Contributor Summit. I’ve been part of the Kubernetes sig-release since 1.27 and am currently one of the release lead shadows on the 1.32 Kubernetes release. As part of being on the release team, I got to attend the Kubernetes contributor summit before KubeCon. This was a great event that hosted mix of talks by Kubernetes contributors, unconference sessions, and SIG and workgroup meetings.
One of the highlights of the Kubernetes Contributor Summit was merging in 100% test coverage PR live. This was the last PR to cover Kubernetes conformance technical debt, taking us to 100% conformance testing! This is a major achievement for SIG Arch to celebrate at the Kubernetes Contributors Summit and fun to see the enhancement finally closed from a release team perspective!
Day 2: Tuesday, Nov 12th - Lots of Co-Located Events!
Argo Day:
AI was definitely the hype topic this year as at every conference, everybody was discussing its use cases even at Argo Day! In the “Welcome and Project Update” talk Pratik Wadher from Intuit highlighted AI use cases that were enabled with Argo and other talks at Argo Day covered how Intuit uses AI, how Argo is being used to build NVIDIA’s Kubernetes internal developer platform, to run large metaflow flows with argo for AI/ML workloads. The Argo project update also highlighted some new exciting Kubernetes ecosystem integrations such as the Argo Workflows Kubernetes Gateway API integration and new metrics support with OpenTelemetry integration, Kubernetes API call tracking, and pod monitoring.
The Argo documentary, which details Argo CD’s journey from a single workflow engine to a robust collection of tools, also premiered later in the week at KubeCon. It’s always fun to see the history and growth of a CNCF project. My favorite CNCF documentary is “Inside Envoy: The Proxy for the Future” release a couple of years ago at Kubecon and also featured our very own Idit Levine!
Istio Day:
Istio Day kicked off with a session titled “Vanishing Point: Reimagining the Meaning of a Mesh” challenging attendees to “start from scratch, try to reimagine what it means to have a service mesh”. It featured throwback answers to “What is a mesh?” from the Solo.io team Christian Posta, Lin Sun, Louis Ryan, and Idit Levine. Tracing the evolution from centralized systems like F5 BigIP to decentralized models such as SpringBoot, Linkerd, and Istio’s sidecar architecture, the session ended on Istio’s Ambient mode which introduces a seamless, cost-efficient solution that is “as essential yet invisible as plumbing”: “When you have problems, it’s all you can think about.”
During Istio Day, Confluent shared insights into their service mesh journey, emphasizing how they built security and reliability “one sidecar at a time.” Adam Sayah (Solo.io) and Cody Ray (Confluent) explained that this transition to service mesh was driven by compliance requirements such as FedRAMP, an internal push for zero trust, and the need for FIPS-compliant binaries and mTLS for encryption in transit.
With tens of thousands of Kubernetes clusters, hundreds of services, and nearly 5,000 connections requiring constant monitoring, service mesh provided centralized observability, improved compliance, and faster delivery. Despite some challenges, Cody showcased a compelling ROI, with projected savings exceeding $3.5 million annually, making service mesh a crucial component of Confluent’s scalable, secure infrastructure.
Lin also gave a great talk at Istio Day on AI. She showcased how microservices and Istio service mesh in Kubernetes empower developers to build scalable, resilient, and future-proof GenAI applications. Through a series of impressive live demos, Lin used open-source projects including Kubernetes, Istio Ambient mode, Prometheus, OpenAI API, and Ollama to demonstrate how Istio secures GenAI traffic. One of these demos included asking a locally running chatbot "Fun things to do in Salt Lake City" and performing sentiment analysis on a picture of the audience, all of which ran through the Ambient mesh set up on Lin's laptop.
The talk “Migrating A Monolith to Kubernetes with Istio our Journey at Adobe” was presented by Edward Adasiak and Rahul Tripath from Adobe, and James Ilse from Solo.io. They discussed Adobe’s end user story of migrating Adobe's Document Cloud application to Kubernetes using Istio as a service mesh. It was an insightful talk as they covered topics including the challenges that they ran into when implementing Istio in a newly containerized legacy monolith and discussed the lessons learned during the migration process. After migration, the team successfully shifted the microservices traffic without downtime and deployed Istio via CI/CD, leading to benefits like predictive scaling, reduced deployment risks, lower support overhead, and increased developer velocity with a new testing cluster for each PR.
Members of the Istio Technical Oversight Committee, including Lin Sun, Louis Ryan, and John Howard participated in a panel discussion on Gartner hype cycle's placement of service mesh in the "trough of disillusionment." The panelists reflected on how the initial excitement of Istio was tempered by the reality of bugs and performance overheads. They emphasized that while "service mesh technology can be useful when deploying microservices in Kubernetes, it’s never required," and although it can add resource consumption and complexity, it also simplifies key tasks like security and observability.
As Louis pointed out,
“You shouldn’t actively be using all of the features of a service mesh all the time,"
highlighting the flexibility to pick up the tool as needed. They discussed how Istio, in particular, aims to be a "Swiss Army Knife," offering a variety of tools for different scenarios, but not all are necessary all the time.
The discussion also centered on the evolution of Istio towards becoming a more stable, "boring" tool. Keith explained that the goal was never to adopt a technology for its own sake, but to "solve a problem," and that upgrades should be "boring and stable." They also discussed the transition to "ambient" mode, where the complexity of service mesh fades into the background, with Keith noting, “Ambient has been mentioned in literally every talk." This shift aims to make Istio easier to use, as seen Lin’s earlier demo where "adding pods into ambient and egress gateways is seamless because it disappeared into infrastructure" demonstrating how the tool now integrates smoothly into existing infrastructure, ultimately achieving the stability they had aimed for.
Day 3: Wednesday, Nov 13th - Main Conference Starts!
The Ambassador Breakfast
Lin Sun and I are both proudly CNCF ambassadors and were invited to the Ambassador breakfast session at KubeCon. 🍳The CNCF Ambassadors program has members from all around the world, focused on the mission of “making cloud native ubiquitous” through community leadership and mentorship. It was a fun opportunity to meet with all the other ambassadors from the community and learn about the different projects they are a part of!
Session Highlight: “Life of a Packet: Ambient Edition - John Howard, Solo.io & Keith Mattix, Microsoft”
John Howard from Solo.io and Keith Mattix from Microsoft presented a talk to walk through how a packet travels through Istio’s ambient mode. They began by providing an architectural overview of how outbound traffic in the mesh is routed to a Ztunnel, offering insight into Ztunnel networking. Ztunnel is designed to be lightweight and scalable, handling large clusters efficiently with minimal resource consumption. The Ztunnel handles mTLS termination, applies policies, and forwards traffic to the appropriate application. It routes traffic based on service configurations, utilizing Linux networking features to direct packets to specific pods or service cluster IPs.
The core design principle of ambient mode’s in-pod traffic redirection is that the Ztunnel proxy can capture the data path inside the Linux network namespace of the workload pod. This is achieved through the cooperation between the Istio CNI node agent and the Ztunnel node proxy. This approach allows Istio’s ambient mode to seamlessly work alongside any Kubernetes CNI plugin, without disrupting Kubernetes networking features. Ztunnel ensures secure communication by using HTTP Connect with mutual TLS encryption, reducing the overhead of multiple TLS handshakes thanks to HTTP/2 multiplexing. Traffic between services uses a dedicated port, which simplifies routing by avoiding complex IPtables rules.
Highlights from the Solo.io booth:
Day 3 was the first day of the main conference and the Solo.io team were excited to showcase to the community our new brand at our Diamond booth. It was a momentous day for us as months of work from our team was finally revealed! Today was a packed content day for the on-site Solo.io team so let’s cover some of the highlights.
One of the top demo sessions of the day at the Solo.io booth was Eitan live demo on “AI Gateway: Semantic Caching”. You can check out the Solo docs on Solo’s AI Gateway semantic caching features.
I also gave a series of live demos on Gloo AI Gateway as part of my booth talks "AI Gateway: Credential Management & Access Control” and "AI Gateway: Rate Limiting". Check out the Solo docs on Solo’s AI Gateway features.
Our booth experience a huge line of as we had book signings by Lin Sun and Christian Posta at the booth celebrating their release of their books “Sidecar-less Istio Explained”, the “Omni-Directional API Management for Platform Engineering”, and the new Istio picture book, “Izzy Saves the Birthday: An Istio Story” which introduces Istio’s new mascot, Izzy the Dolphin! 🐬
Day 4: Thursday, Nov 14th - The hype of KubeCon + CloudNativeCon continues!
By Day 4, we were all buzzing from the energy that the week has brought so far and we were eager to consume more amazing content and hear insights from around the community. The major highlight of today was our keynote presented by Idit Levine, CEO @ Solo.io and Keith Babo, VP of Product @ Solo with the topic “A New Frontier for Kubernetes Network Security”
Idit and Keith’s keynote cover three distinct uses cases of API connectivity form ingress, east/west, and egress, and introduced the new common solution pattern, Omni Gateway. To support these use cases, Idit announced the intention to donate Solo’s open-source Gloo Gateway as a CNCF incubation project enabling Kubernetes users to implement the Omni Gateway pattern using open-source and open standards that are part of the CNCF.
Christian Posta and Louis Ryan’s “What Istio got Wrong: Learning from the Last Seven Years of Service Mesh” session was jammed packed as they presented the learnings from Istio's evolution, discussing Istio’s hype cycle, early missteps, and lessons learned. They discussed how Istio had high expectations but struggled with implementation due to its lack of focus and overwhelming feature set. They also explored how the project tried to solve multiple problems from connecting, securing, controlling, and observing microservices but it led to architectural complexity and operational challenges for users. Since the Istio 1.0 release, the Istio project has learned a lot such as the importance of simplifying architecture, establishing open governance, and staying focused on core use cases.
We also had Idit Levine and Eitan Yarmush’s session on “Harnessing the Power of Envoy Proxy for Building an LLM Gateway” which highlighted the difference between “typical” web traffic and Gen AI traffic, and why you need to understand the request itself when building an LLM Gateway. They walked through the features required for an LLM Gateway, ranging from credential management, prompt management, consumption control, and visibility. Envoy introduced external processing which allows you to implement logic in other languages quickly and in a performant manner. Idit and Eitan live demo showed prompt guarding, weighted rate limiting, and semantic caching.
Lawrence Gadban and I also ran a hands-on tutorial of how to use Argo Rollouts with the Gateway API provider of your choice. The tutorial walked through basic Kubernetes rollouts, switching to Argo Rollouts, native Istio traffic management with Argo Rollouts, and finally how using Argo Rollouts with Gateway API simplifies the “mess” that comes with needing to support multiple providers. It was great hearing that people enjoyed trying out the tutorial so much that they wanted it to keep running after our session was over!
Other highlights of today included; Niranjan Shankar from Microsoft and Ram Vennam from Solo.io session on ‘Kubernetes Multi-Cluster Networking 101’ where they gave an overview of multi-cluster challenges ranging from connectivity, to service discovery, and how to secure multi-cluster networking.
At the learning lounge attendees had an opportunity to discuss the Istio Certificate Associate (ICA) Certification with Peter Jausovec, the initial creator. The Istio Certified Associate exam is a pre-professional certification for engineers that confirms foundational knowledge of Istio principles, terminology, and best practices. The exam consists of performance-based and multiple-choice questions spanning multiple categories - installation, traffic management, security, and resiliency.
The attendees who visited the learning lounge were mostly newcomers to Istio and the cloud-native world and had questions about the best way to prepare for the exam. The Linux Foundation has two courses available—Introduction to Istio (LFS144) and Istio Service Mesh Essentials (LFS245)—that are both great options for learning about Istio. Another useful resource is a collection of live streams called Mesh Week that goes through the ICA domains and competencies and explains the concepts.
To round out the jam packed day, at the Solo.io booth we had technology partners co-present short talks and booth sessions throughout the day including:
- Ram Vennam from Solo.io and Sai Vennam from AWS co-presenting a session on AWS ECS/EKS integration with Istio Ambient mode
- And Christian and Alex Steiner from NVIDIA presenting NVIDIA NIM at Scale: AI inference model scaling and failover
Day 5 Friday - The Home Stretch! Final Day of KubeCon + CloudNativeCon NA
The week finished strong with Lin from Solo.io and Karena from RedHat, representing the CNCF TOC and giving a keynote session on four cloud native technology areas to watch for based on their experience reviewing incoming projects into CNCF and interacting with the end user community. They had major two predictions. The first was – impact of cloud native and AI – which was not a surprise, and the second – was the implications of cost and going green – which generated lively discussion about the price and footprint of AI and how domain-specific AI can be used to learn your organization's needs and spending pattern to help optimize cloud spend and carbon footprints. Some of the other technology trends to watch out for included multi-cluster and simplification of solutions.
In the afternoon, John Howard gave an insightful talk on Kubernetes where he deep dived into testing Kubernetes networking without Kubernetes! His talk explored how Linux namespaces can streamline the process for Istio's networking proxy and how users could sidestep complex setups. His talk also explored how Istio started simulating a Kubernetes environment to give a realistic testing setup, without the complexity/time overhead of getting a real cluster setup. You can read this blog for more information.
Lin, along with Mitch Connors from Microsoft also gave an Istio contributor workshop on the final day of KubeCon which taught folks how to get started contributing to Istio. The interactive workshop ended with a challenge for the attendees to implement a small improvement to Istio and submit a PR for the work. It is exciting to see folks get hands-on experience and huddle together to learn how to contribute to Istio.
Wrapping Up
It was an incredibly busy and fulfilling week for us at KubeCon this year. Part of the joy was connecting with the community—whether at a talk, at the Solo.io booth, or catching up with peers and friends in the hallway tracks. For us, it was the random encounters with the community’s friendly faces and the volume of exciting conversations where we learned from each other's experiences that truly captured what KubeCon is all about.
The spirit of collaboration and openness is what drives the cloud-native community forward, bringing us closer to the goal of making cloud-native ubiquitous.
You can check out ALL of Solo.io’s session at KubeCon North America here on YouTube.
Thanks for reading, and see you at London for KubeCon Europe 2025!
