Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Tectonic Summit Keynote
Search
Brandon Philips
December 04, 2015
Technology
1
170
Tectonic Summit Keynote
Brandon Philips
December 04, 2015
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
250
Manage the App on Kubernetes
philips
0
330
Production Backbone Monitoring Containerized Apps
philips
0
140
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
670
rkt - KubeCon EU keynote - 2017
philips
1
240
FOSDEM_Keynote_2017-_.pdf
philips
0
110
Tectonic Summit Day 2 Keynote
philips
0
320
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
340
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
540
Other Decks in Technology
See All in Technology
_第3回__AIxIoTビジネス共創ラボ紹介資料_20250617.pdf
iotcomjpadmin
0
150
Node-RED × MCP 勉強会 vol.1
1ftseabass
PRO
0
140
MySQL5.6から8.4へ 戦いの記録
kyoshidaxx
1
220
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
120
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
26k
Navigation3でViewModelにデータを渡す方法
mikanichinose
0
220
ひとり情シスなCTOがLLMと始めるオペレーション最適化 / CTO's LLM-Powered Ops
yamitzky
0
440
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
0
200
BrainPadプログラミングコンテスト記念LT会2025_社内イベント&問題解説
brainpadpr
1
160
地図も、未来も、オープンに。 〜OSGeo.JPとFOSS4Gのご紹介〜
wata909
0
110
Javaで作る RAGを活用した Q&Aアプリケーション
recruitengineers
PRO
1
110
Featured
See All Featured
Practical Orchestrator
shlominoach
188
11k
Designing for humans not robots
tammielis
253
25k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Stop Working from a Prison Cell
hatefulcrawdad
270
20k
Designing Experiences People Love
moore
142
24k
Typedesign – Prime Four
hannesfritz
42
2.7k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Designing for Performance
lara
609
69k
Raft: Consensus for Rubyists
vanstee
140
7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Transcript
Brandon Philips CTO, CoreOS @brandonphilips
Building Tectonic Investments & Plans
Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments
Kubernetes Scaling It scales.
Kubernetes Scaling It scales. But, we can do better.
Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce
container runtime overhead
Consensus Getting Machines to Agree
Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide
distributed lock Automatically handle machine failures
Chubby At the Heart of Google
At the Heart of Kubernetes
PERSIST
ACTIVE
None
ACTIVE
Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer
event history Better memory efficiency
Future Outcomes Improved utilization and application density Scaling of clusters
to 100,000 pods and beyond User runnable performance benchmarks
Establish Kubernetes as the high-scale distributed application kernel GOAL
Distributed Trusted Computing Only software your company allows will run
Distributed Trusted Computing Only software your company allows will run
On hardware your team controls
Identity YOUR TEAM YOUR SERVERS
None
Web Identity Powered by OpenID Connect and OAuth 2.0
Dex User Identity for Cloud Native Open Source Built on
web standards Integrates with Kubernetes Cryptographic best practices
Dex groups for organizing teams Use existing directory IDs Certifications
from OpenID Easily protect apps inside cluster Future Identity Work
Server Identity Machine Identity and Admission
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Build distributed systems with strong cryptographic identity that operators trust
GOAL
Container Lifecycle Audit 1. Build 2. Distribute 3. Run
Image Format Naming & Discovery Runtime Identity & Signing Building
the Standard Software Container
None
A Standard for Software Shipping Containers
Experiment with new container build systems Support image mirrors and
"air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Security Scanning After scanning millions of containers we found that
over 80% still had Heartbleed 80%
Clair Open Source Container Image Auditing
container image
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
Future Work More data sources Integration with Kubernetes Create standard
for auditable container metadata
Create software container standards so developers can build and ship
apps confidently GOAL
Enabling Kubernetes Adoption Networking and Onboarding
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple
IPs is a challenge in many networks Kubernetes Networking
Default Easy Networking Option
192.168.1.10 192.168.1.40
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2
pod 3 pod 4
192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24
A Reasonable Default Provide easy IPv4 overlay pod networking
Container Network Interface Simple network plugins Un-opinionated and minimal interface
Engaged by networking ecosystem Adopted in rkt and Kubernetes
Easy and centrally managed IPSec encryption Future of Flannel Future
of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin
Increasing Adoption Cluster Bootstrap Improvements
Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of
cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes
Increase adoption of Kubernetes through integration and ease of use
in any environment GOAL
Our Role in CNCF
Develop Standard Software Container Donate appc and release appc 1.0
Donate etcd and flannel Donate Critical Software
Shared Plugin Model Donate Container Networking Interface And help create
a Container Volume Interface
Join us
Join us To build critical infrastructure software as open source
Join us To establish Kubernetes as the ubiquitous cluster kernel
Join us To create container specifications that solve problems simply
Thank You Brandon Philips CTO, CoreOS @brandonphilips