Tectonic Summit Keynote

Transcript

1. Brandon Philips CTO, CoreOS @brandonphilips

2. Building Tectonic Investments & Plans

3. Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments

4. Kubernetes Scaling It scales.

5. Kubernetes Scaling It scales. But, we can do better.

6. Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce

   container runtime overhead

7. Consensus Getting Machines to Agree

8. Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide

   distributed lock Automatically handle machine failures

9. Chubby At the Heart of Google

10. At the Heart of Kubernetes

11. PERSIST

12. ACTIVE

13. None

14. ACTIVE

15. Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer

    event history Better memory efficiency

16. Future Outcomes Improved utilization and application density Scaling of clusters

    to 100,000 pods and beyond User runnable performance benchmarks

17. Establish Kubernetes as the high-scale distributed application kernel GOAL

18. Distributed Trusted Computing Only software your company allows will run

19. Distributed Trusted Computing Only software your company allows will run

    On hardware your team controls

20. Identity YOUR TEAM YOUR SERVERS

21. None

22. Web Identity Powered by OpenID Connect and OAuth 2.0

23. Dex User Identity for Cloud Native Open Source Built on

    web standards Integrates with Kubernetes Cryptographic best practices

24. Dex groups for organizing teams Use existing directory IDs Certifications

    from OpenID Easily protect apps inside cluster Future Identity Work

25. Server Identity Machine Identity and Admission

26. Kubernetes API node 1 node 2 node 3

27. Kubernetes API node 1 node 2 node 3

28. Kubernetes API node 1 node 2 node 3

29. Kubernetes API node 1 node 2 node 3

30. Kubernetes API node 1 node 2 node 3

31. Kubernetes API node 1 node 2 node 3

32. Build distributed systems with strong cryptographic identity that operators trust

    GOAL

33. Container Lifecycle Audit 1. Build 2. Distribute 3. Run

34. Image Format Naming & Discovery Runtime Identity & Signing Building

    the Standard Software Container
35. None

36. A Standard for Software Shipping Containers

37. Experiment with new container build systems Support image mirrors and

    "air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers

38. Runtime Standard Software Container APPC OCI Image format Naming &

    Discovery Runtime Signing

39. Runtime Standard Software Container APPC OCI Image format Naming &

    Discovery Runtime Signing

40. Security Scanning After scanning millions of containers we found that

    over 80% still had Heartbleed 80%

41. Clair Open Source Container Image Auditing

42. container image

43. /bin/java /opt/app.jar /pkg.db

44. /bin/java /opt/app.jar /pkg.db

45. /bin/java /opt/app.jar /pkg.db

46. Future Work More data sources Integration with Kubernetes Create standard

    for auditable container metadata

47. Create software container standards so developers can build and ship

    apps confidently GOAL

48. Enabling Kubernetes Adoption Networking and Onboarding

49. 10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4

    10.0.0.3 10.0.0.8

50. PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple

    IPs is a challenge in many networks Kubernetes Networking

51. Default Easy Networking Option

52. 192.168.1.10 192.168.1.40

53. 10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4

    10.0.0.3 10.0.0.8

54. 10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2

    pod 3 pod 4

55. 192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24

56. A Reasonable Default Provide easy IPv4 overlay pod networking

57. Container Network Interface Simple network plugins Un-opinionated and minimal interface

    Engaged by networking ecosystem Adopted in rkt and Kubernetes

58. Easy and centrally managed IPSec encryption Future of Flannel Future

    of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin

59. Increasing Adoption Cluster Bootstrap Improvements

60. Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of

    cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes

61. Increase adoption of Kubernetes through integration and ease of use

    in any environment GOAL

62. Our Role in CNCF

63. Develop Standard Software Container Donate appc and release appc 1.0

64. Donate etcd and flannel Donate Critical Software

65. Shared Plugin Model Donate Container Networking Interface And help create

    a Container Volume Interface

66. Join us

67. Join us To build critical infrastructure software as open source

68. Join us To establish Kubernetes as the ubiquitous cluster kernel

69. Join us To create container specifications that solve problems simply

70. Thank You Brandon Philips CTO, CoreOS @brandonphilips