CoreOS NYC Meetup

Transcript

1. Eugene Yakubovich Software Developer Maintainer of flannel @eyakubovich Under the

   hood of Tectonic

2. Under the hood of tectonic CoreOS Linux CoreOS projects (etcd,

   fleet, flannel) Kubernetes Tectonic layer

3. What is CoreOS Linux?

4. kernel systemd etcd ssh docker python java nginx mysql openssl

   app tro distro distro distro distro distro

5. kernel systemd etcd ssh docker python java nginx mysql openssl

   app tro distro distro distro distro distro

6. tro distro distro distro distro distro python openssl-A app1 java

   openssl-B app2 java openssl-B app3 kernel systemd etcd ssh docker

7. tro distro distro distro distro distro python openssl-A app1 java

   openssl-B app2 java openssl-B app3 CoreOS

8. tro distro distro distro distro distro CoreOS container container container

9. atomic with rollback auto updates

10. None
11. None
12. None
13. None

14. PUT /v2/keys/foo HTTP/1.1 value=bar

15. GET /v2/keys/foo HTTP/1.1 {“node”: {“value”: “bar”}}

16. Fault Tolerant Distributed K/V Store

17. fleet

18. None
19. None
20. None

21. 10.0.16.0/24 10.0.24.0/24 10.0.71.0/24

22. 10.0.16.0/24 10.0.24.0/24 10.0.71.0/24 10.0.16.2 10.0.24.3

23. None

24. $ rkt run example.com/app:v2.0.0 rkt: searching for app image example.com/app:v2.0.0

    rkt: fetching image from https://example.com/app-v2.0.0-linux-amd64.aci Downloading signature from https://example.com/app-v2.0.0-linux-amd64.aci.asc Downloading ACI: [=================] 3.79 MB/3.79 MB openpgp: signature made by unknown entity

25. $ rkt run example.com/app:v2.0.0 rkt: searching for app image example.com/app:v2.0.0

    rkt: fetching image from https://example.com/app-v2.0.0-linux-amd64.aci Downloading signature from https://example.com/app-v2.0.0-linux-amd64.aci.asc Downloading ACI: [=================] 3.79 MB/3.79 MB openpgp: signature made by unknown entity $ rkt trust --prefix example.com/app https://example.com/pubkeys.gpg Prefix: "example.com/app" Key: "https://example.com/pubkeys.gpg" GPG key fingerprint is: 8B86 DE38 890D DB72 9186 7B02 5210 BD88 8818 2190 ACI Builder <[email protected]> Are you sure you want to trust this key (yes/no)? yes Trusting "https://example.com/pubkeys.gpg" for prefix "example.com/app". Added key for prefix "example.com/app" at "/etc/rkt/trustedkeys/prefix. d/example.com/app/8b86de38890ddb7291867b025210bd8888182190"

26. $ rkt trust --prefix example.com/app https://example.com/pubkeys.gpg Prefix: "example.com/app" Key: "https://example.com/pubkeys.gpg"

    GPG key fingerprint is: 8B86 DE38 890D DB72 9186 7B02 5210 BD88 8818 2190 ACI Builder <[email protected]> Are you sure you want to trust this key (yes/no)? yes Trusting "https://example.com/pubkeys.gpg" for prefix "example.com/app". Added key for prefix "example.com/app" at "/etc/rkt/trustedkeys/prefix. d/example.com/app/8b86de38890ddb7291867b025210bd8888182190" $ rkt run example.com/app:v2.0.0 rkt: searching for app image example.com/app:v2.0.0 rkt: fetching image from https://example.com/app-v2.0.0-linux-amd64.aci Downloading signature from https://example.com/app-v2.0.0-linux-amd64.aci.asc Downloading ACI: [=================] 3.79 MB/3.79 MB rkt: signature verified: ACI Builder <[email protected]>

27. [Service] ExecStart = /usr/bin/rkt run --inherit-env example.com/app:v2.0.0 Restart = always

    CPUShares = 512 MemoryLimit = 1G Environment = HTTP_PROXY=192.0.2.3:5000 Environment = STORAGE_PATH=/opt/app Environment = TMPDIR=/var/tmp
28. None
29. None

30. Replication Controller x 4

31. kube-apiserver kube-controller-manager kube-scheduler kube-kubelet kube-proxy kube-kubelet kube-proxy

32. HOW-TO /GoogleCloudPlatform /kubernetes /tree /master /docs /getting-started-guides /coreos

33. Boot up master ◦ Start a CoreOS image ◦ Bring

    up etcd ◦ Configure and bring up flannel ◦ Download and start ➢ kube-apiserver ➢ kube-controller-manager ➢ kube-scheduler

34. Boot up workers ◦ Bring up etcd proxy ◦ Download

    and bring up ➢ kube-proxy ➢ kubelet
35. None

36. fleet deploy { } run kube-* CoreOS Linux + etcd

    + flannel

37. Workers talk to control cluster via proxy

38. None

39. Questions? Sign up for Tectonic at tectonic.com