Slide 1

Slide 1 text

Brandon Philips CTO, CoreOS @brandonphilips

Slide 2

Slide 2 text

Building Tectonic Investments & Plans

Slide 3

Slide 3 text

Kubernetes Scaling Cluster-wide Identities Container Standards Increasing Kubernetes Use Investments

Slide 4

Slide 4 text

Kubernetes Scaling It scales.

Slide 5

Slide 5 text

Kubernetes Scaling It scales. But, we can do better.

Slide 6

Slide 6 text

Initial Focus Improve scheduler throughput Build fine-grained scheduler benchmarks Reduce container runtime overhead

Slide 7

Slide 7 text

Consensus Getting Machines to Agree

Slide 8

Slide 8 text

Consensus Store CHALLENGE GOALS Store critical data Replicate data Provide distributed lock Automatically handle machine failures

Slide 9

Slide 9 text

Chubby At the Heart of Google

Slide 10

Slide 10 text

At the Heart of Kubernetes

Slide 11

Slide 11 text

PERSIST

Slide 12

Slide 12 text

ACTIVE

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

ACTIVE

Slide 15

Slide 15 text

Upcoming Improvements API Efficient GRPC protocol Multi-key transactions DATASTORE Longer event history Better memory efficiency

Slide 16

Slide 16 text

Future Outcomes Improved utilization and application density Scaling of clusters to 100,000 pods and beyond User runnable performance benchmarks

Slide 17

Slide 17 text

Establish Kubernetes as the high-scale distributed application kernel GOAL

Slide 18

Slide 18 text

Distributed Trusted Computing Only software your company allows will run

Slide 19

Slide 19 text

Distributed Trusted Computing Only software your company allows will run On hardware your team controls

Slide 20

Slide 20 text

Identity YOUR TEAM YOUR SERVERS

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

Web Identity Powered by OpenID Connect and OAuth 2.0

Slide 23

Slide 23 text

Dex User Identity for Cloud Native Open Source Built on web standards Integrates with Kubernetes Cryptographic best practices

Slide 24

Slide 24 text

Dex groups for organizing teams Use existing directory IDs Certifications from OpenID Easily protect apps inside cluster Future Identity Work

Slide 25

Slide 25 text

Server Identity Machine Identity and Admission

Slide 26

Slide 26 text

Kubernetes API node 1 node 2 node 3

Slide 27

Slide 27 text

Kubernetes API node 1 node 2 node 3

Slide 28

Slide 28 text

Kubernetes API node 1 node 2 node 3

Slide 29

Slide 29 text

Kubernetes API node 1 node 2 node 3

Slide 30

Slide 30 text

Kubernetes API node 1 node 2 node 3

Slide 31

Slide 31 text

Kubernetes API node 1 node 2 node 3

Slide 32

Slide 32 text

Build distributed systems with strong cryptographic identity that operators trust GOAL

Slide 33

Slide 33 text

Container Lifecycle Audit 1. Build 2. Distribute 3. Run

Slide 34

Slide 34 text

Image Format Naming & Discovery Runtime Identity & Signing Building the Standard Software Container

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

A Standard for Software Shipping Containers

Slide 37

Slide 37 text

Experiment with new container build systems Support image mirrors and "air-gapped" systems Create new container runtimes like rkt Provide a reliable contract to application writers

Slide 38

Slide 38 text

Runtime Standard Software Container APPC OCI Image format Naming & Discovery Runtime Signing

Slide 39

Slide 39 text

Runtime Standard Software Container APPC OCI Image format Naming & Discovery Runtime Signing

Slide 40

Slide 40 text

Security Scanning After scanning millions of containers we found that over 80% still had Heartbleed 80%

Slide 41

Slide 41 text

Clair Open Source Container Image Auditing

Slide 42

Slide 42 text

container image

Slide 43

Slide 43 text

/bin/java /opt/app.jar /pkg.db

Slide 44

Slide 44 text

/bin/java /opt/app.jar /pkg.db

Slide 45

Slide 45 text

/bin/java /opt/app.jar /pkg.db

Slide 46

Slide 46 text

Future Work More data sources Integration with Kubernetes Create standard for auditable container metadata

Slide 47

Slide 47 text

Create software container standards so developers can build and ship apps confidently GOAL

Slide 48

Slide 48 text

Enabling Kubernetes Adoption Networking and Onboarding

Slide 49

Slide 49 text

10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4 10.0.0.3 10.0.0.8

Slide 50

Slide 50 text

PROBLEMS VALUE Less complex DNS Works Same IP inside Multiple IPs is a challenge in many networks Kubernetes Networking

Slide 51

Slide 51 text

Default Easy Networking Option

Slide 52

Slide 52 text

192.168.1.10 192.168.1.40

Slide 53

Slide 53 text

10.0.1.10 10.0.1.20 pod 1 pod 2 pod 3 pod 4 10.0.0.3 10.0.0.8

Slide 54

Slide 54 text

10.0.0.3 10.0.0.8 10.0.1.10 10.0.1.20 192.168.1.10 192.168.1.40 pod 1 pod 2 pod 3 pod 4

Slide 55

Slide 55 text

192.168.1.10 192.168.1.40 10.0.0.0/24 10.0.1.0/24

Slide 56

Slide 56 text

A Reasonable Default Provide easy IPv4 overlay pod networking

Slide 57

Slide 57 text

Container Network Interface Simple network plugins Un-opinionated and minimal interface Engaged by networking ecosystem Adopted in rkt and Kubernetes

Slide 58

Slide 58 text

Easy and centrally managed IPSec encryption Future of Flannel Future of CNI Continued network vendor adoption Release of first revision of the standard Promoted as default Kubernetes network plugin

Slide 59

Slide 59 text

Increasing Adoption Cluster Bootstrap Improvements

Slide 60

Slide 60 text

Increasing Adoption Operational Guides to Recovery Bootstrap and configuration of cluster Upgrades from Kubernetes releases Disaster recovery of etcd and Kubernetes

Slide 61

Slide 61 text

Increase adoption of Kubernetes through integration and ease of use in any environment GOAL

Slide 62

Slide 62 text

Our Role in CNCF

Slide 63

Slide 63 text

Develop Standard Software Container Donate appc and release appc 1.0

Slide 64

Slide 64 text

Donate etcd and flannel Donate Critical Software

Slide 65

Slide 65 text

Shared Plugin Model Donate Container Networking Interface And help create a Container Volume Interface

Slide 66

Slide 66 text

Join us

Slide 67

Slide 67 text

Join us To build critical infrastructure software as open source

Slide 68

Slide 68 text

Join us To establish Kubernetes as the ubiquitous cluster kernel

Slide 69

Slide 69 text

Join us To create container specifications that solve problems simply

Slide 70

Slide 70 text

Thank You Brandon Philips CTO, CoreOS @brandonphilips