Keynote - Brandon Philips - CoreOS Fest 2016

Transcript

1. Keynote: CoreOS Fest 2016 @BrandonPhilips | brandon.philips@coreos.com CTO, CoreOS Inc

2. MISSION Secure the Internet

3. STRATEGY Accelerate with Open Source

4. GOAL Work with People We Love to Work With

5. SUCCESS 1000s Have Contributed to Projects CoreOS Introduced

6. Simone Gotti rkt Contributor

7. Frode Nordahl Dex Contributor (LDAP support)

8. Julien Garcia Gonzalez Clair Contributor (hyperclair CLI)

9. Hitoshi Mitake etcd Contributor

10. All of You We Look Forward to Working with You

11. Coreos & Event Staff From New York, Berlin, and San

    Francisco

12. TIMELINE The Story so Far

13. 3 YEARS AGO None of this existed

14. 2.5 YEARS AGO Foundations Established

15. 1.5 YEARS AGO Standards and Security

16. 1 YEAR AGO Kubernetes v1.0

17. TODAY Production, Scale, and Security

18. NEW TECHNOLOGY Updates and Announcements

19. ETCD v3.0 BETA Efficient and Scalable

20. Punishing Functional Tests

21. Punishing Functional Tests

22. Punishing Functional Tests

23. gRPC Based API ~4x Faster vs JSON HTTP/2 Improves Efficiency

24. New Storage Engine Scales to GB of Data Consistent Performance

    Continuous Snapshots

25. etcd v3 will support Kubernetes as it scales to 5.000

    nodes and beyond

26. BETA AVAILABLE TODAY github.com/coreos/etcd

27. TODAY 9:50am Introduction to etcd v3 B08

28. QUAYCTL BitTorrent Container Image Pulls

29. Image Layers foo-filesystem.tar.gz bar-filesystem.tar.gz meh-filesystem.tar.gz Image metadata Image binary data

    { {“id”: “foo”}, {“id”: “bar”, “meta”: “data”}, {“id”: “meh”, “meta”: “data”}, }

30. Pulling Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 51.4 MB/51.4

    MB Fetch layer4: 97 B/97 B Fetch layer5: 2.7 MB/3.2 MB … ~120MB in Total

31. Squashed Image Layers { {“id”: “meh”, “meta”: “data”}, } meh

    Image metadata Image binary data foo bar

32. Pulling Squashed Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 81.2

    MB/81.2 MB …

33. SIZE SAVINGS Many ~50% Smaller

34. BitTorrent with quayctl $ quayctl rkt torrent pull \ quay.io/coreos/clair

35. BitTorrent with quayctl $ quayctl docker torrent pull \ quay.io/coreos/clair

36. BitTorrent Improvements

37. BitTorrent Improvements

38. BitTorrent Improvements

39. BitTorrent Improvements

40. BitTorrent Improvements

41. AVAILABLE TODAY github.com/coreos/quayctl

42. TODAY 14:20 Distribution to Worldwide Clusters B08

43. JWTPROXY Service to Service Authentication

44. JWTPROXY Service to Service Authentication Micro Service Micro Service

45. SECURITY SCANNING

46. CVE-2015-0235 GHOST

47. CVE-2015-0235 GHOST

48. None
49. None
50. None
51. None

52. builders

53. bt tracker

54. jwtproxy Use HTTP auth headers Negotiate load balancers Compatible with

    TLS infrastructure

55. TOMORROW 9:50 Service to Service Auth B08

56. JWTPROXY AVAILABLE TODAY github.com/coreos/jwtproxy

57. CVE-2015-0235 66 % of analyzed images on Quay.io

58. Security Scanning In Quay Enterprise

59. AVAILABLE TODAY quay.io/plans

60. OPEN CONTAINER INITIATIVE Building an Industry Standard

61. OCI Image Format Spec Maintainers from Across Industry Best of

    Docker Image and appc Image Registry Support in the Coming Months

62. OCI IMAGE v0.1.0 github.com/opencontainers/image-spec

63. TODAY 13:30 Common Container Standards B08

64. LET'S KEEP BUILDING For Production, Scale, and Security

65. GOAL Work with People We Love to Work With

66. Thank you! Keynote: CoreOS Fest 2016 @BrandonPhilips | brandon.philips@coreos.com CTO,

    CoreOS Inc