Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)

Slide 1

Slide 1 text

Brandon Philips @brandonphilips | [email protected] | coreos.com Simple to Manage Anywhere Kubernetes Upgrades

Slide 2

Slide 2 text

90+ Projects on GitHub, 1,000+ Contributors OPEN SOURCE Secure solutions, support plans, training + more ENTERPRISE CoreOS is Running the World’s Containers Linux

Slide 3

Slide 3 text

Two Vulnerabilities Oct. 20th 2016

Slide 4

Slide 4 text

Linux Kernel Local Root Escalation Released fix same day for CoreOS Linux Majority of hosts running the patch within 24 hours

Slide 5

Slide 5 text

Kubernetes Client Cert Validation Failure Released fix 10 days after disclosure Manual upgrade for users

Slide 6

Slide 6 text

Kubernetes Client Cert Validation Failure Released fix 10 days after disclosure Manual upgrade for users Mask

Slide 7

Slide 7 text

MasK Kubernetes Client Cert Validation Failure Released fix 10 days after disclosure Manual upgrade for users

Slide 8

Slide 8 text

Automation Opportunity

Slide 9

Slide 9 text

Container Linux Updating CoreOS Linux VM / Bare Metal OS Update

Slide 10

Slide 10 text

Updating CoreOS Linux Container Linux OS Update VM / Bare Metal

Slide 11

Slide 11 text

Updating CoreOS Linux Container Linux VM / Bare Metal

Slide 12

Slide 12 text

Kubernetes Updating Kubernetes Deployment Application Container

Slide 13

Slide 13 text

Kubernetes Updating Kubernetes Application Container Deployment

Slide 14

Slide 14 text

Kubernetes Updating Kubernetes Deployment

Slide 15

Slide 15 text

Self-Hosting

Slide 16

Slide 16 text

gcc // gcc source code #include int main() { compile_c(argv[1]); } gcc

Slide 17

Slide 17 text

go // golang source code package main import "os" func main() { compile_go(os.Args[1:]) } go

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

$ uname -s minix $ gcc linux.c

Slide 20

Slide 20 text

$ uname -s minix $ gcc linux.c

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

$ uname -s linux $ gcc linux.c

Slide 23

Slide 23 text

$ uname -s linux $ gcc linux.c

Slide 24

Slide 24 text

Running our components in pods would solve many problems, which we'll otherwise need to implement other, less portable, more brittle solutions to... Full self-hosting is the eventual goal. - Brian Grant Kubernetes Project Co-Founder

Slide 25

Slide 25 text

Kubernetes Updating Kubernetes Deployment API Server Container

Slide 26

Slide 26 text

Kubernetes Updating Kubernetes API Server Container Deployment

Slide 27

Slide 27 text

Kubernetes Updating Kubernetes Deployment

Slide 28

Slide 28 text

Today's World

Slide 29

Slide 29 text

AWS APIs AWS VPC v1.4.3 kube-aws kargo Kops kube-up.sh EC2 EC2 EC2 EBS EBS EBS

Slide 30

Slide 30 text

AWS VPC v1.4.4 EC2 EC2 EC2 EBS EBS EBS AWS APIs kube-aws kargo Kops kube-up.sh

Slide 31

Slide 31 text

A Better Way

Slide 32

Slide 32 text

AWS APIs kube-aws kargo kops k8s API kubectl AWS VPC v1.4.3 EC2 EC2 EC2 EBS EBS EBS

Slide 33

Slide 33 text

AWS APIs kube-aws kargo kops k8s API kubectl AWS VPC v1.4.4 EC2 EC2 EC2 EBS EBS EBS

Slide 34

Slide 34 text

Azure APIs k8s API kubectl VirtualNet v1.4.3 VM VM VM PD PD PD

Slide 35

Slide 35 text

Azure APIs k8s API kubectl VirtualNet v1.4.4 VM VM VM PD PD PD

Slide 36

Slide 36 text

k8s API kubectl Ethernet v1.4.3 Bare Metal Bare Metal Bare Metal SAN SAN SAN

Slide 37

Slide 37 text

k8s API kubectl Ethernet v1.4.4 Bare Metal Bare Metal Bare Metal SAN SAN SAN

Slide 38

Slide 38 text

- Foundation to automate cluster upgrades - Use Kubernetes compute, net, storage abstractions and APIs - Let infrastructure tools focus on infrastructure Self-hosted Goals

Slide 39

Slide 39 text

Self-Driving Kubernetes Preview

Slide 40

Slide 40 text

kind: TectonicVersionUpdate spec: desiredVersion: 1.4.5 paused: false status: currentVersion: 1.4.3 paused: false Behind The Button Press

Slide 41

Slide 41 text

Cluster is running v1.4.3 and configured to run v1.4.5 ● API Server is v1.4.3 ● Scheduler is v1.4.3 Kubernetes Version Operator Differences from desired config ● API Server should be v1.4.5 ● Scheduler should be v1.4.5 How to get there ● Upgrade all API servers Daemons to v1.4.5 safely one-by-one ● Upgrade all Scheduler Deployments to v1.4.5 ● Update status to v1.4.5

Slide 42

Slide 42 text

- A self-hosted cluster launched via Bootkube - Upgraded via Kubernetes APIs and an Operator - Automated by single-button or fully automatic Self-Driving Kubernetes Cluster

Slide 43

Slide 43 text

- Use Bootkube; provide feedback - Learn more 9am Tomorrow "KubeCeption" talk - Join SIG Cluster Lifecycle, discuss, tweet Next Steps

Slide 44

Slide 44 text

Kubernetes Client Cert Validation Failure Released fix 10 days after disclosure Manual upgrade for users MasK

Slide 45

Slide 45 text

Secure

Slide 46

Slide 46 text

Sekure Deal with it

Slide 47

Slide 47 text

tectonic.com/summit - @TectonicSummit December 12 & 13 2016 - New York City

Slide 48

Slide 48 text

Thank you! Brandon Philips @brandonphilips | [email protected] | tectonic.com We’re hiring in all departments! Email: [email protected] Positions: coreos.com/ careers