Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Tectonic Summit Keynote
Search
Brandon Philips
December 04, 2015
Technology
1
160
Tectonic Summit Keynote
Brandon Philips
December 04, 2015
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
230
Manage the App on Kubernetes
philips
0
310
Production Backbone Monitoring Containerized Apps
philips
0
130
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
640
rkt - KubeCon EU keynote - 2017
philips
1
240
FOSDEM_Keynote_2017-_.pdf
philips
0
97
Tectonic Summit Day 2 Keynote
philips
0
310
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
320
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
530
Other Decks in Technology
See All in Technology
Windows の新しい管理者保護モード
murachiakira
0
200
脳波を用いた嗜好マッチングシステム
hokkey621
0
280
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
2
1.5k
CDKでカスタムランタイムを作成して、Lambdaをnode.js23+TypeScriptで動かしてみた
smt7174
2
100
AIエージェント時代のエンジニアになろう #jawsug #jawsdays2025 / 20250301 Agentic AI Engineering
yoshidashingo
8
3.4k
Snowflakeの開発・運用コストをApache Icebergで効率化しよう!~機能と活用例のご紹介~
sagara
1
410
ESXi で仮想化した ARM 環境で LLM を動作させてみるぞ
unnowataru
0
160
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
200
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
100
クラウド食堂とは?
hiyanger
0
110
ディスプレイ広告(Yahoo!広告・LINE広告)におけるバックエンド開発
lycorptech_jp
PRO
0
300
EDRの検知の仕組みと検知回避について
chayakonanaika
11
4.6k
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Site-Speed That Sticks
csswizardry
4
400
4 Signs Your Business is Dying
shpigford
182
22k
Designing Experiences People Love
moore
140
23k
Statistics for Hackers
jakevdp
797
220k
Optimizing for Happiness
mojombo
376
70k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Docker and Python
trallard
44
3.3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
Brandon Philips CTO, CoreOS @brandonphilips
Building Tectonic Investments & Plans
Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments
Kubernetes Scaling It scales.
Kubernetes Scaling It scales. But, we can do better.
Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce
container runtime overhead
Consensus Getting Machines to Agree
Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide
distributed lock Automatically handle machine failures
Chubby At the Heart of Google
At the Heart of Kubernetes
PERSIST
ACTIVE
None
ACTIVE
Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer
event history Better memory efficiency
Future Outcomes Improved utilization and application density Scaling of clusters
to 100,000 pods and beyond User runnable performance benchmarks
Establish Kubernetes as the high-scale distributed application kernel GOAL
Distributed Trusted Computing Only software your company allows will run
Distributed Trusted Computing Only software your company allows will run
On hardware your team controls
Identity YOUR TEAM YOUR SERVERS
None
Web Identity Powered by OpenID Connect and OAuth 2.0
Dex User Identity for Cloud Native Open Source Built on
web standards Integrates with Kubernetes Cryptographic best practices
Dex groups for organizing teams Use existing directory IDs Certifications
from OpenID Easily protect apps inside cluster Future Identity Work
Server Identity Machine Identity and Admission
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Build distributed systems with strong cryptographic identity that operators trust
GOAL
Container Lifecycle Audit 1. Build 2. Distribute 3. Run
Image Format Naming & Discovery Runtime Identity & Signing Building
the Standard Software Container
None
A Standard for Software Shipping Containers
Experiment with new container build systems Support image mirrors and
"air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Security Scanning After scanning millions of containers we found that
over 80% still had Heartbleed 80%
Clair Open Source Container Image Auditing
container image
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
Future Work More data sources Integration with Kubernetes Create standard
for auditable container metadata
Create software container standards so developers can build and ship
apps confidently GOAL
Enabling Kubernetes Adoption Networking and Onboarding
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple
IPs is a challenge in many networks Kubernetes Networking
Default Easy Networking Option
192.168.1.10 192.168.1.40
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2
pod 3 pod 4
192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24
A Reasonable Default Provide easy IPv4 overlay pod networking
Container Network Interface Simple network plugins Un-opinionated and minimal interface
Engaged by networking ecosystem Adopted in rkt and Kubernetes
Easy and centrally managed IPSec encryption Future of Flannel Future
of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin
Increasing Adoption Cluster Bootstrap Improvements
Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of
cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes
Increase adoption of Kubernetes through integration and ease of use
in any environment GOAL
Our Role in CNCF
Develop Standard Software Container Donate appc and release appc 1.0
Donate etcd and flannel Donate Critical Software
Shared Plugin Model Donate Container Networking Interface And help create
a Container Volume Interface
Join us
Join us To build critical infrastructure software as open source
Join us To establish Kubernetes as the ubiquitous cluster kernel
Join us To create container specifications that solve problems simply
Thank You Brandon Philips CTO, CoreOS @brandonphilips