CoreOS rkt and Kubernetes

Transcript

1. rkt and Kubernetes Josh Wood DocOps at CoreOS [email protected] @joshixisjosh9

2. CoreOS is running the world’s containers We’re hiring: [email protected] [email protected]

   90+ Projects on GitHub, 1,000+ Contributors coreos.com Support plans, training and more OPEN SOURCE ENTERPRISE
3. None

4. rkt A modern, secure container runtime Simple CLI tool -

   exorcism (no daemon) Composable with systemd, standard init systems

5. rkt Implements appc spec Cryptographic image validation, detached signatures Logs

   to sealed TPM facility on DTC systems

6. App Container (appc) github.com/appc [email protected]

7. $ actool discover coreos.com/etcd ACI: https://github.com/.../etcd-darwin-amd64.aci ASC: https://github.com/.../etcd-darwin-amd64.aci. asc Keys:

   https://coreos.com/dist/pubkeys/aci-pubkeys. gpg $ .aci: sigs and discovery
8. None

9. rkt run • Isolates containers with the linux container primitives

   (cgroups, ns), systemd-nspawn • Container apps in a machine slice PID namespace • Manage with standard init tools: systemd • Network isolation

10. $ rkt run quay.io/josh_wood/caddy rkt: using image from local store

    for image name coreos.com/rkt/stage1-coreos:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.330635] caddy[4]: Activating privacy features... done. [ 1161.333482] caddy[4]: :2015 $ rkt run
11. None

12. rkt fly • Leverages the packaging, discovery, distribution, and validation

    features of rkt/appc • Reduced isolation for privileged components • chroot file system isolation only • Has access to host-level mount, network, PID name spaces • Method for shipping k8s kubelet in CoreOS

13. $ rkt run \ --stage1-path=/usr/share/rkt/stage1-fly.aci \ quay.io/josh_wood/caddy rkt: using image

    from local store for image name coreos.com/rkt/stage1-fly:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.333482] caddy[4]: :2015 $ rkt run stage1=fly

14. rkt and Kubernetes on CoreOS rkt fly executes kubelet: packaging

    and distribution of containers, access at host level rkt acts as container execution engine, runs cluster work

15. $ rkt run --stage1-path=stage1-fly.aci \ /usr/bin/kubelet -- --container-runtime=rkt rkt: using

    image from local store for image name coreos.com/rkt/stage1-fly:1.0.0 [...] $ rkt runs k8s runs rkt

16. rkt and Kubernetes on CoreOS • rkt fly executes kubelet:

    packaging and distribution of containers, ns at host level • rkt is container execution engine, runs cluster work • Pod :: Pod • CNI networking
17. None

18. Cf. coreos.com/rkt https://github. com/kubernetes/kubernetes/blob/master/docs/g etting-started-guides/rkt/ http://blog.kubernetes.io/2016/01/why-

19. May 9 & 10, 2016 | Berlin, Germany • Early

    bird tickets • Sponsorships are still available • Submit a talk before February 29th! coreos.com/fest @coreosfest

20. [email protected] @joshixisjosh9 github.com/joshix QUESTIONS? Thanks! We’re hiring: coreos.com/careers Let’s talk!

    IRC More events: coreos.com/community LONGER CHAT?