Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Tectonic Summit Keynote
Search
Brandon Philips
December 04, 2015
Technology
1
160
Tectonic Summit Keynote
Brandon Philips
December 04, 2015
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
230
Manage the App on Kubernetes
philips
0
320
Production Backbone Monitoring Containerized Apps
philips
0
130
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
640
rkt - KubeCon EU keynote - 2017
philips
1
240
FOSDEM_Keynote_2017-_.pdf
philips
0
97
Tectonic Summit Day 2 Keynote
philips
0
310
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
320
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
530
Other Decks in Technology
See All in Technology
生成AI×財務経理:PoCで挑むSlack AI Bot開発と現場巻き込みのリアル
pohdccoe
1
740
OSS構成管理ツールCMDBuildを使ったAWSリソース管理の自動化
satorufunai
0
650
Potential EM 制度を始めた理由、そして2年後にやめた理由 - EMConf JP 2025
hoyo
2
2.7k
Snowflake ML モデルを dbt データパイプラインに組み込む
estie
0
110
システム・ML活用を広げるdbtのデータモデリング / Expanding System & ML Use with dbt Modeling
i125
1
330
脳波を用いた嗜好マッチングシステム
hokkey621
0
290
遷移の高速化 ヤフートップの試行錯誤
narirou
6
1.5k
Iceberg Meetup Japan #1 : Iceberg and Databricks
databricksjapan
0
380
役員・マネージャー・著者・エンジニアそれぞれの立場から見たAWS認定資格
nrinetcom
PRO
4
6.2k
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
390
クラウド関連のインシデントケースを収集して見えてきたもの
lhazy
8
1.3k
IAMのマニアックな話2025
nrinetcom
PRO
5
1.1k
Featured
See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Faster Mobile Websites
deanohume
306
31k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Side Projects
sachag
452
42k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
GraphQLとの向き合い方2022年版
quramy
44
14k
How to Ace a Technical Interview
jacobian
276
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
380
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Site-Speed That Sticks
csswizardry
4
410
Transcript
Brandon Philips CTO, CoreOS @brandonphilips
Building Tectonic Investments & Plans
Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments
Kubernetes Scaling It scales.
Kubernetes Scaling It scales. But, we can do better.
Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce
container runtime overhead
Consensus Getting Machines to Agree
Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide
distributed lock Automatically handle machine failures
Chubby At the Heart of Google
At the Heart of Kubernetes
PERSIST
ACTIVE
None
ACTIVE
Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer
event history Better memory efficiency
Future Outcomes Improved utilization and application density Scaling of clusters
to 100,000 pods and beyond User runnable performance benchmarks
Establish Kubernetes as the high-scale distributed application kernel GOAL
Distributed Trusted Computing Only software your company allows will run
Distributed Trusted Computing Only software your company allows will run
On hardware your team controls
Identity YOUR TEAM YOUR SERVERS
None
Web Identity Powered by OpenID Connect and OAuth 2.0
Dex User Identity for Cloud Native Open Source Built on
web standards Integrates with Kubernetes Cryptographic best practices
Dex groups for organizing teams Use existing directory IDs Certifications
from OpenID Easily protect apps inside cluster Future Identity Work
Server Identity Machine Identity and Admission
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Build distributed systems with strong cryptographic identity that operators trust
GOAL
Container Lifecycle Audit 1. Build 2. Distribute 3. Run
Image Format Naming & Discovery Runtime Identity & Signing Building
the Standard Software Container
None
A Standard for Software Shipping Containers
Experiment with new container build systems Support image mirrors and
"air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Security Scanning After scanning millions of containers we found that
over 80% still had Heartbleed 80%
Clair Open Source Container Image Auditing
container image
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
Future Work More data sources Integration with Kubernetes Create standard
for auditable container metadata
Create software container standards so developers can build and ship
apps confidently GOAL
Enabling Kubernetes Adoption Networking and Onboarding
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple
IPs is a challenge in many networks Kubernetes Networking
Default Easy Networking Option
192.168.1.10 192.168.1.40
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2
pod 3 pod 4
192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24
A Reasonable Default Provide easy IPv4 overlay pod networking
Container Network Interface Simple network plugins Un-opinionated and minimal interface
Engaged by networking ecosystem Adopted in rkt and Kubernetes
Easy and centrally managed IPSec encryption Future of Flannel Future
of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin
Increasing Adoption Cluster Bootstrap Improvements
Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of
cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes
Increase adoption of Kubernetes through integration and ease of use
in any environment GOAL
Our Role in CNCF
Develop Standard Software Container Donate appc and release appc 1.0
Donate etcd and flannel Donate Critical Software
Shared Plugin Model Donate Container Networking Interface And help create
a Container Volume Interface
Join us
Join us To build critical infrastructure software as open source
Join us To establish Kubernetes as the ubiquitous cluster kernel
Join us To create container specifications that solve problems simply
Thank You Brandon Philips CTO, CoreOS @brandonphilips