Keynote - Brandon Philips - CoreOS Fest 2016

Slide 1

Slide 1 text

Keynote: CoreOS Fest 2016 @BrandonPhilips | brandon.philips@coreos.com CTO, CoreOS Inc

Slide 2

Slide 2 text

MISSION Secure the Internet

Slide 3

Slide 3 text

STRATEGY Accelerate with Open Source

Slide 4

Slide 4 text

GOAL Work with People We Love to Work With

Slide 5

Slide 5 text

SUCCESS 1000s Have Contributed to Projects CoreOS Introduced

Slide 6

Slide 6 text

Simone Gotti rkt Contributor

Slide 7

Slide 7 text

Frode Nordahl Dex Contributor (LDAP support)

Slide 8

Slide 8 text

Julien Garcia Gonzalez Clair Contributor (hyperclair CLI)

Slide 9

Slide 9 text

Hitoshi Mitake etcd Contributor

Slide 10

Slide 10 text

All of You We Look Forward to Working with You

Slide 11

Slide 11 text

Coreos & Event Staff From New York, Berlin, and San Francisco

Slide 12

Slide 12 text

TIMELINE The Story so Far

Slide 13

Slide 13 text

3 YEARS AGO None of this existed

Slide 14

Slide 14 text

2.5 YEARS AGO Foundations Established

Slide 15

Slide 15 text

1.5 YEARS AGO Standards and Security

Slide 16

Slide 16 text

1 YEAR AGO Kubernetes v1.0

Slide 17

Slide 17 text

TODAY Production, Scale, and Security

Slide 18

Slide 18 text

NEW TECHNOLOGY Updates and Announcements

Slide 19

Slide 19 text

ETCD v3.0 BETA Efficient and Scalable

Slide 20

Slide 20 text

Punishing Functional Tests

Slide 21

Slide 21 text

Punishing Functional Tests

Slide 22

Slide 22 text

Punishing Functional Tests

Slide 23

Slide 23 text

gRPC Based API ~4x Faster vs JSON HTTP/2 Improves Efficiency

Slide 24

Slide 24 text

New Storage Engine Scales to GB of Data Consistent Performance Continuous Snapshots

Slide 25

Slide 25 text

etcd v3 will support Kubernetes as it scales to 5.000 nodes and beyond

Slide 26

Slide 26 text

BETA AVAILABLE TODAY github.com/coreos/etcd

Slide 27

Slide 27 text

TODAY 9:50am Introduction to etcd v3 B08

Slide 28

Slide 28 text

QUAYCTL BitTorrent Container Image Pulls

Slide 29

Slide 29 text

Image Layers foo-filesystem.tar.gz bar-filesystem.tar.gz meh-filesystem.tar.gz Image metadata Image binary data { {“id”: “foo”}, {“id”: “bar”, “meta”: “data”}, {“id”: “meh”, “meta”: “data”}, }

Slide 30

Slide 30 text

Pulling Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 51.4 MB/51.4 MB Fetch layer4: 97 B/97 B Fetch layer5: 2.7 MB/3.2 MB … ~120MB in Total

Slide 31

Slide 31 text

Squashed Image Layers { {“id”: “meh”, “meta”: “data”}, } meh Image metadata Image binary data foo bar

Slide 32

Slide 32 text

Pulling Squashed Layers $ rkt fetch docker://quay.io/ex/app:v1.0 Fetch layer1: 81.2 MB/81.2 MB …

Slide 33

Slide 33 text

SIZE SAVINGS Many ~50% Smaller

Slide 34

Slide 34 text

BitTorrent with quayctl $ quayctl rkt torrent pull \ quay.io/coreos/clair

Slide 35

Slide 35 text

BitTorrent with quayctl $ quayctl docker torrent pull \ quay.io/coreos/clair

Slide 36

Slide 36 text

BitTorrent Improvements

Slide 37

Slide 37 text

BitTorrent Improvements

Slide 38

Slide 38 text

BitTorrent Improvements

Slide 39

Slide 39 text

BitTorrent Improvements

Slide 40

Slide 40 text

BitTorrent Improvements

Slide 41

Slide 41 text

AVAILABLE TODAY github.com/coreos/quayctl

Slide 42

Slide 42 text

TODAY 14:20 Distribution to Worldwide Clusters B08

Slide 43

Slide 43 text

JWTPROXY Service to Service Authentication

Slide 44

Slide 44 text

JWTPROXY Service to Service Authentication Micro Service Micro Service

Slide 45

Slide 45 text

SECURITY SCANNING

Slide 46

Slide 46 text

CVE-2015-0235 GHOST

Slide 47

Slide 47 text

CVE-2015-0235 GHOST

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

builders

Slide 53

Slide 53 text

bt tracker

Slide 54

Slide 54 text

jwtproxy Use HTTP auth headers Negotiate load balancers Compatible with TLS infrastructure

Slide 55

Slide 55 text

TOMORROW 9:50 Service to Service Auth B08

Slide 56

Slide 56 text

JWTPROXY AVAILABLE TODAY github.com/coreos/jwtproxy

Slide 57

Slide 57 text

CVE-2015-0235 66 % of analyzed images on Quay.io

Slide 58

Slide 58 text

Security Scanning In Quay Enterprise

Slide 59

Slide 59 text

AVAILABLE TODAY quay.io/plans

Slide 60

Slide 60 text

OPEN CONTAINER INITIATIVE Building an Industry Standard

Slide 61

Slide 61 text

OCI Image Format Spec Maintainers from Across Industry Best of Docker Image and appc Image Registry Support in the Coming Months

Slide 62

Slide 62 text

OCI IMAGE v0.1.0 github.com/opencontainers/image-spec

Slide 63

Slide 63 text

TODAY 13:30 Common Container Standards B08

Slide 64

Slide 64 text

LET'S KEEP BUILDING For Production, Scale, and Security

Slide 65

Slide 65 text

GOAL Work with People We Love to Work With

Slide 66

Slide 66 text

Thank you! Keynote: CoreOS Fest 2016 @BrandonPhilips | brandon.philips@coreos.com CTO, CoreOS Inc