Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Tectonic Summit Keynote
Search
Brandon Philips
December 04, 2015
Technology
1
160
Tectonic Summit Keynote
Brandon Philips
December 04, 2015
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
210
Manage the App on Kubernetes
philips
0
300
Production Backbone Monitoring Containerized Apps
philips
0
100
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
530
rkt - KubeCon EU keynote - 2017
philips
1
230
FOSDEM_Keynote_2017-_.pdf
philips
0
75
Tectonic Summit Day 2 Keynote
philips
0
290
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
230
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
510
Other Decks in Technology
See All in Technology
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.6k
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110
0→1開発における技術選定において一番大切なこと
bicstone
1
330
入社後初めてのタスクでk8sアップグレードした話.pdf
kkato1
1
380
ChatGPT for IT Service Management (IT Pro)
dahatake
3
210
DevOpsDays History and my DevOps story
kawaguti
PRO
8
1.6k
Hands-on / Kaname Frusawa / Cloud Compare Users Meetup 2024 at University of Tokyo on April 17
paraworld
2
470
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
3k
社内勉強会運営のコツ
senoo
6
1.1k
ユーザーストーリーのレビューを自動化したみたの
bun913
1
330
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
110
Tebiki株式会社 エンジニア採用資料
tebiki
0
4.1k
Featured
See All Featured
The Invisible Side of Design
smashingmag
294
49k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.4k
Debugging Ruby Performance
tmm1
70
11k
Building Effective Engineering Teams - LeadDev
addyosmani
27
1.8k
A Modern Web Designer's Workflow
chriscoyier
688
190k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
Writing Fast Ruby
sferik
620
60k
Designing the Hi-DPI Web
ddemaree
276
33k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Music & Morning Musume
bryan
41
5.6k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
240
1.2M
What’s in a name? Adding method to the madness
productmarketing
PRO
15
2.6k
Transcript
Brandon Philips CTO, CoreOS @brandonphilips
Building Tectonic Investments & Plans
Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments
Kubernetes Scaling It scales.
Kubernetes Scaling It scales. But, we can do better.
Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce
container runtime overhead
Consensus Getting Machines to Agree
Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide
distributed lock Automatically handle machine failures
Chubby At the Heart of Google
At the Heart of Kubernetes
PERSIST
ACTIVE
None
ACTIVE
Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer
event history Better memory efficiency
Future Outcomes Improved utilization and application density Scaling of clusters
to 100,000 pods and beyond User runnable performance benchmarks
Establish Kubernetes as the high-scale distributed application kernel GOAL
Distributed Trusted Computing Only software your company allows will run
Distributed Trusted Computing Only software your company allows will run
On hardware your team controls
Identity YOUR TEAM YOUR SERVERS
None
Web Identity Powered by OpenID Connect and OAuth 2.0
Dex User Identity for Cloud Native Open Source Built on
web standards Integrates with Kubernetes Cryptographic best practices
Dex groups for organizing teams Use existing directory IDs Certifications
from OpenID Easily protect apps inside cluster Future Identity Work
Server Identity Machine Identity and Admission
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Build distributed systems with strong cryptographic identity that operators trust
GOAL
Container Lifecycle Audit 1. Build 2. Distribute 3. Run
Image Format Naming & Discovery Runtime Identity & Signing Building
the Standard Software Container
None
A Standard for Software Shipping Containers
Experiment with new container build systems Support image mirrors and
"air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Security Scanning After scanning millions of containers we found that
over 80% still had Heartbleed 80%
Clair Open Source Container Image Auditing
container image
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
Future Work More data sources Integration with Kubernetes Create standard
for auditable container metadata
Create software container standards so developers can build and ship
apps confidently GOAL
Enabling Kubernetes Adoption Networking and Onboarding
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple
IPs is a challenge in many networks Kubernetes Networking
Default Easy Networking Option
192.168.1.10 192.168.1.40
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2
pod 3 pod 4
192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24
A Reasonable Default Provide easy IPv4 overlay pod networking
Container Network Interface Simple network plugins Un-opinionated and minimal interface
Engaged by networking ecosystem Adopted in rkt and Kubernetes
Easy and centrally managed IPSec encryption Future of Flannel Future
of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin
Increasing Adoption Cluster Bootstrap Improvements
Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of
cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes
Increase adoption of Kubernetes through integration and ease of use
in any environment GOAL
Our Role in CNCF
Develop Standard Software Container Donate appc and release appc 1.0
Donate etcd and flannel Donate Critical Software
Shared Plugin Model Donate Container Networking Interface And help create
a Container Volume Interface
Join us
Join us To build critical infrastructure software as open source
Join us To establish Kubernetes as the ubiquitous cluster kernel
Join us To create container specifications that solve problems simply
Thank You Brandon Philips CTO, CoreOS @brandonphilips