December 20, 2019

157 words 1 min read

Securing Application Telemetry & Tracing with SPIFFE and Envoy

Securing Application Telemetry & Tracing with SPIFFE and Envoy

Application telemetry, such as Prometheus metrics, distributed logs, and tracing, offer a surplus of information on how an app works, how it's performing, what its communicating with and how. However …
Talk Title Securing Application Telemetry & Tracing with SPIFFE and Envoy
Speakers Sabree Blackmon (Senior Security Engineer, Docker)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

Application telemetry, such as Prometheus metrics, distributed logs, and tracing, offer a surplus of information on how an app works, how it’s performing, what it’s communicating with and how. However, even when these streams do not contain PII, this information can be invaluable to malicious actors in the days of highly distributed systems. In this talk, we will demonstrate how to use Envoy proxy and SPIRE to protect your telemetry endpoints, in both push and pull use cases, utilizing fluentd, Prometheus, and OpenTracing & Jaeger.

metrics envoy prometheus telemetry distributed system use case
comments powered by Disqus
Performance debugging: Finding bottlenecks in distributed systems

Performance debugging: Finding bottlenecks in distributed systems

December 20, 2019

Performance debugging is a crucial part of ensuring code is production ready, particularly as a company and its products grow. However, bottlenecks that hold these services back can be hard to identify. Christian Grabowski shares his experience debugging bottlenecks in distributed systems, at both a macro (metrics, distributed tracing) and a micro (user space and kernel space profiling) level.
Multi-Cloud Ingress LB: Gimbal Use Case in Actapio and Yahoo Japan

Multi-Cloud Ingress LB: Gimbal Use Case in Actapio and Yahoo Japan

December 18, 2019

Gimbal is a open source multi-cloud/cluster ingress load balancer built on Envoy and Kubernetes. This project is developed by Heptio in collaboration with Actapio and Yahoo Japan. It provides multi-te …
Sharded and Federated Prometheus Servers to Monitor Distributed Databases

Sharded and Federated Prometheus Servers to Monitor Distributed Databases

December 12, 2019

At eBay we have developed a geo-distributed transactional document store called NuData. It is deployed on Kubernetes. The current deployment has thousands of pods across three datacenters, and is moni …
Performance Testing Ingress for Internet-Scale Workloads

Performance Testing Ingress for Internet-Scale Workloads

December 11, 2019

Have you ever wondered how much ingress traffic a Kubernetes cluster could handle? How many nodes would it take to handle the traffic of an Alexa top-40 website? Understanding these numbers and how yo …
Collecting Operational Metrics for a Cluster with 5,000 Namespaces

Collecting Operational Metrics for a Cluster with 5,000 Namespaces

December 10, 2019

Kubernetes is popular to provide a multi-tenant, shared infrastructure layer for many eng teams within an org. This is great for the teams, as they have a stable, scalable cluster to build upon. Howev …
A Survey of the OSS Tracing Ecosystem

A Survey of the OSS Tracing Ecosystem

December 6, 2019

There has been great movement over the past two years in the tracing landscape. In this relatively short period of time, projects such as OpenTracing, Jaeger, and OpenCensus have joined Zipkin in the …