Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Since last we met: Opening Note
Search
Josh Wood
May 09, 2016
Technology
1
82
Since last we met: Opening Note
CoreOS Fest San Francisco, 111 Minna Gallery:
http://www.meetup.com/coreos/events/230147579/
Josh Wood
May 09, 2016
Tweet
Share
More Decks by Josh Wood
See All by Josh Wood
OpenShift and Kubernetes
joshix
0
140
SRE Principle and Operator Practice
joshix
0
600
Operator Hub and your Kubernetes Cluster
joshix
0
420
Operators are about automation
joshix
0
140
Automating Stateful Applications with Kubernetes Operators
joshix
0
160
Developing Apps on OpenShift
joshix
0
54
Intro to building Kubernetes Operators
joshix
1
110
Kubernetes Operators for App Developers
joshix
0
65
Kubernetes Operators
joshix
0
110
Other Decks in Technology
See All in Technology
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
The Role of Developer Relations in AI Product Success.
giftojabu1
1
150
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
950
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
日経電子版のStoreKit2フルリニューアル
shimastripe
1
150
AGIについてChatGPTに聞いてみた
blueb
0
130
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
330
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
930
Terraform Stacks入門 #HashiTalks
msato
0
360
Featured
See All Featured
Building Applications with DynamoDB
mza
90
6.1k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
It's Worth the Effort
3n
183
27k
For a Future-Friendly Web
brad_frost
175
9.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Being A Developer After 40
akosma
87
590k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Why Our Code Smells
bkeepers
PRO
334
57k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Transcript
Since last we met... Josh Wood | @joshixisjosh9 |
[email protected]
DocOps, CoreOS
MISSION Secure the Internet
MISSION Secure {the infrastructure that powers} the Internet
STRATEGY Accelerate with Open Source
SUCCESS 1000s Have Contributed to CoreOS Projects
All of You We Look Forward to Working with You
Coreos & Event Staff From New York, Berlin, and San
Francisco
NEW TECHNOLOGY Updates and Announcements
ETCD v3.0 BETA Efficient and Scalable
Punishing Functional Tests
Punishing Functional Tests
Punishing Functional Tests
gRPC Based API ~4x Faster vs JSON HTTP/2 Improves Efficiency
New Storage Engine Scales to GB of Data Consistent Performance
Continuous Snapshots
etcd v3 will support Kubernetes as it scales to 5.000
nodes and beyond
BETA AVAILABLE TODAY github.com/coreos/etcd
QUAYCTL BitTorrent Container Image Pulls
Image Layers foo-filesystem.tar.gz bar-filesystem.tar.gz meh-filesystem.tar.gz Image metadata Image binary data
{ {“id”: “foo”}, {“id”: “bar”, “meta”: “data”}, {“id”: “meh”, “meta”: “data”}, }
Pulling Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 51.4 MB/51.4
MB Fetch layer4: 97 B/97 B Fetch layer5: 2.7 MB/3.2 MB … ~120MB in Total
Squashed Image Layers { {“id”: “meh”, “meta”: “data”}, } meh
Image metadata Image binary data foo bar
Pulling Squashed Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 81.2
MB/81.2 MB …
SIZE SAVINGS Many ~50% Smaller
BitTorrent with quayctl $ quayctl rkt torrent pull \ quay.io/coreos/clair
AVAILABLE TODAY github.com/coreos/quayctl
JWTPROXY Service to Service Authentication
JWTPROXY Service to Service Authentication Micro Service Micro Service
SECURITY SCANNING
CVE-2015-0235 GHOST
None
None
None
bt tracker
jwtproxy Use HTTP auth headers Negotiate load balancers Compatible with
TLS infrastructure
JWTPROXY AVAILABLE TODAY github.com/coreos/jwtproxy
CVE-2015-0235 66 % of analyzed images on Quay.io
Security Scanning In Quay Enterprise
AVAILABLE TODAY quay.io/plans
OPEN CONTAINER INITIATIVE A Global Shipping Standard
OCI Image Format Spec Maintainers from Across Industry Best of
Docker Image and appc Image Registry Support in the Coming Months
OCI IMAGE v0.1.0 github.com/opencontainers/image-spec
rkt 1.0: February 2016 github.com/coreos/rkt • Modern security best practices
• Modular, composable with well-known tools • ACI, Docker; OCI support as available • Current: v1.5 • Alternate Kubernetes container engine, “rktnetes”
LET'S KEEP BUILDING For Production, Scale, and Security
Thank you! Until we meet again... @joshixisjosh9 |
[email protected]
DocOps,
CoreOS