Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Tectonic Summit Keynote
Search
Brandon Philips
December 04, 2015
Technology
1
170
Tectonic Summit Keynote
Brandon Philips
December 04, 2015
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
250
Manage the App on Kubernetes
philips
0
330
Production Backbone Monitoring Containerized Apps
philips
0
150
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
680
rkt - KubeCon EU keynote - 2017
philips
1
250
FOSDEM_Keynote_2017-_.pdf
philips
0
110
Tectonic Summit Day 2 Keynote
philips
0
320
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
360
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
540
Other Decks in Technology
See All in Technology
CSPヘッダー導入で実現するWebサイトの多層防御:今すぐ試せる設定例と運用知見
llamakko
1
270
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
nttcom
1
220
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
110
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
indigo13love
0
290
Amazon CloudWatchのメトリクスインターバルについて / Metrics interval matters
ymotongpoo
3
290
M365アカウント侵害時の初動対応
lhazy
7
5.1k
Recoil脱却の現状と挑戦
kirik
3
470
ビジネス文書に特化した基盤モデル開発 / SaaSxML_Session_2
sansan_randd
0
150
新規事業におけるAIリサーチの活用例
ranxxx
0
170
[MIRU2025]Preference Optimization for Multimodal Large Language Models for Image Captioning Tasks
keio_smilab
PRO
0
110
Kiroから考える AIコーディングツールの潮流
s4yuba
1
400
AIエージェントを支える設計
tkikuchi1002
11
2.4k
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Docker and Python
trallard
45
3.5k
Rails Girls Zürich Keynote
gr2m
95
14k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Why Our Code Smells
bkeepers
PRO
337
57k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
54k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Building an army of robots
kneath
306
45k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Thoughts on Productivity
jonyablonski
69
4.8k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
530
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Transcript
Brandon Philips CTO, CoreOS @brandonphilips
Building Tectonic Investments & Plans
Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments
Kubernetes Scaling It scales.
Kubernetes Scaling It scales. But, we can do better.
Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce
container runtime overhead
Consensus Getting Machines to Agree
Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide
distributed lock Automatically handle machine failures
Chubby At the Heart of Google
At the Heart of Kubernetes
PERSIST
ACTIVE
None
ACTIVE
Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer
event history Better memory efficiency
Future Outcomes Improved utilization and application density Scaling of clusters
to 100,000 pods and beyond User runnable performance benchmarks
Establish Kubernetes as the high-scale distributed application kernel GOAL
Distributed Trusted Computing Only software your company allows will run
Distributed Trusted Computing Only software your company allows will run
On hardware your team controls
Identity YOUR TEAM YOUR SERVERS
None
Web Identity Powered by OpenID Connect and OAuth 2.0
Dex User Identity for Cloud Native Open Source Built on
web standards Integrates with Kubernetes Cryptographic best practices
Dex groups for organizing teams Use existing directory IDs Certifications
from OpenID Easily protect apps inside cluster Future Identity Work
Server Identity Machine Identity and Admission
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Kubernetes API node 1 node 2 node 3
Build distributed systems with strong cryptographic identity that operators trust
GOAL
Container Lifecycle Audit 1. Build 2. Distribute 3. Run
Image Format Naming & Discovery Runtime Identity & Signing Building
the Standard Software Container
None
A Standard for Software Shipping Containers
Experiment with new container build systems Support image mirrors and
"air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Runtime Standard Software Container APPC OCI Image format Naming &
Discovery Runtime Signing
Security Scanning After scanning millions of containers we found that
over 80% still had Heartbleed 80%
Clair Open Source Container Image Auditing
container image
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
/bin/java /opt/app.jar /pkg.db
Future Work More data sources Integration with Kubernetes Create standard
for auditable container metadata
Create software container standards so developers can build and ship
apps confidently GOAL
Enabling Kubernetes Adoption Networking and Onboarding
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple
IPs is a challenge in many networks Kubernetes Networking
Default Easy Networking Option
192.168.1.10 192.168.1.40
10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4
10.0.0.3 10.0.0.8
10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2
pod 3 pod 4
192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24
A Reasonable Default Provide easy IPv4 overlay pod networking
Container Network Interface Simple network plugins Un-opinionated and minimal interface
Engaged by networking ecosystem Adopted in rkt and Kubernetes
Easy and centrally managed IPSec encryption Future of Flannel Future
of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin
Increasing Adoption Cluster Bootstrap Improvements
Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of
cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes
Increase adoption of Kubernetes through integration and ease of use
in any environment GOAL
Our Role in CNCF
Develop Standard Software Container Donate appc and release appc 1.0
Donate etcd and flannel Donate Critical Software
Shared Plugin Model Donate Container Networking Interface And help create
a Container Volume Interface
Join us
Join us To build critical infrastructure software as open source
Join us To establish Kubernetes as the ubiquitous cluster kernel
Join us To create container specifications that solve problems simply
Thank You Brandon Philips CTO, CoreOS @brandonphilips