Since last we met: Opening Note

Transcript

1. Since last we met... Josh Wood | @joshixisjosh9 | [email protected]

   DocOps, CoreOS

2. MISSION Secure the Internet

3. MISSION Secure {the infrastructure that powers} the Internet

4. STRATEGY Accelerate with Open Source

5. SUCCESS 1000s Have Contributed to CoreOS Projects

6. All of You We Look Forward to Working with You

7. Coreos & Event Staff From New York, Berlin, and San

   Francisco

8. NEW TECHNOLOGY Updates and Announcements

9. ETCD v3.0 BETA Efficient and Scalable

10. Punishing Functional Tests

11. Punishing Functional Tests

12. Punishing Functional Tests

13. gRPC Based API ~4x Faster vs JSON HTTP/2 Improves Efficiency

14. New Storage Engine Scales to GB of Data Consistent Performance

    Continuous Snapshots

15. etcd v3 will support Kubernetes as it scales to 5.000

    nodes and beyond

16. BETA AVAILABLE TODAY github.com/coreos/etcd

17. QUAYCTL BitTorrent Container Image Pulls

18. Image Layers foo-filesystem.tar.gz bar-filesystem.tar.gz meh-filesystem.tar.gz Image metadata Image binary data

    { {“id”: “foo”}, {“id”: “bar”, “meta”: “data”}, {“id”: “meh”, “meta”: “data”}, }

19. Pulling Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 51.4 MB/51.4

    MB Fetch layer4: 97 B/97 B Fetch layer5: 2.7 MB/3.2 MB … ~120MB in Total

20. Squashed Image Layers { {“id”: “meh”, “meta”: “data”}, } meh

    Image metadata Image binary data foo bar

21. Pulling Squashed Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 81.2

    MB/81.2 MB …

22. SIZE SAVINGS Many ~50% Smaller

23. BitTorrent with quayctl $ quayctl rkt torrent pull \ quay.io/coreos/clair

24. AVAILABLE TODAY github.com/coreos/quayctl

25. JWTPROXY Service to Service Authentication

26. JWTPROXY Service to Service Authentication Micro Service Micro Service

27. SECURITY SCANNING

28. CVE-2015-0235 GHOST

29. None
30. None
31. None

32. bt tracker

33. jwtproxy Use HTTP auth headers Negotiate load balancers Compatible with

    TLS infrastructure

34. JWTPROXY AVAILABLE TODAY github.com/coreos/jwtproxy

35. CVE-2015-0235 66 % of analyzed images on Quay.io

36. Security Scanning In Quay Enterprise

37. AVAILABLE TODAY quay.io/plans

38. OPEN CONTAINER INITIATIVE A Global Shipping Standard

39. OCI Image Format Spec Maintainers from Across Industry Best of

    Docker Image and appc Image Registry Support in the Coming Months

40. OCI IMAGE v0.1.0 github.com/opencontainers/image-spec

41. rkt 1.0: February 2016 github.com/coreos/rkt • Modern security best practices

    • Modular, composable with well-known tools • ACI, Docker; OCI support as available • Current: v1.5 • Alternate Kubernetes container engine, “rktnetes”

42. LET'S KEEP BUILDING For Production, Scale, and Security

43. Thank you! Until we meet again... @joshixisjosh9 | [email protected] DocOps,

    CoreOS