Jetpack FreeBSD/Go Kurma Linux/Go rkt Linux/Go Independent GitHub organization Contributions from Cloud Foundry, Mesosphere, Google, Red Hat and many others
Benefit from standard packaging, signing and distribution at all isolation levels. Privileged eg. Kubelet Container/cgroup eg. Webapp Virtual Machine eg. Untrusted code
$ sudo rkt gc Moving pod "81627cc6" to garbage Moving pod "cd642877" to garbage Moving pod "d65abad6" to garbage Pod "81627cc6" not removed: still within grace period (30m0s) Pod "cd642877" not removed: still within grace period (30m0s) Pod "d65abad6" not removed: still within grace period (30m0s) Garbage Collection Run as a cron job, customizable grace period
$ sudo rkt trust --prefix=storage.coreos.com $ sudo rkt trust --prefix=coreos.com/etcd $ sudo rkt trust --root ~/aci-pubkeys.gpg Tools for trust Easily control what runs on your server
$ find /etc/rkt/trustedkeys/ /etc/rkt/trustedkeys/ /etc/rkt/trustedkeys/prefix.d /etc/rkt/trustedkeys/prefix.d/coreos.com /etc/rkt/trustedkeys/prefix.d/coreos.com/etcd /etc/rkt/trustedkeys/prefix.d/coreos. com/etcd/8b86de38890ddb7291867b025210bd8888182190 /etc/rkt/trustedkeys/root.d /etc/rkt/trustedkeys/root. d/d8685c1eff3b2276e5da37fd65eea12767432ac4 Tools for trust Easily control what runs on your server
$ sudo rkt run --insecure-options=image --interactive \ docker://busybox -- /bin/sh Run Docker containers with rkt Use a more secure runtime without changing images
Containers on CoreOS are powering ISE's high- throughput, low-latency financial exchange Running in production Bare metal & AWS Billions of transactions a day 150 million req/sec
We really look at that [CoreOS] number growing significantly over this next year. We did some of these benchmarks to see if our production trading systems could leverage this type of infrastructure, and it was highly successful for us, and we look forward to using it more in our other environments. On the Linux side, everything in AWS is CoreOS. On the physical side, 20% is CoreOS, and growing. “ ” Robert Cornish CTO Paul Morgan Systems Architect
Verify integrity of the OS release Customer key embedded in the firmware Verify configuration state Verify images with trusted keys Kubernetes rkt CoreOS Linux Firmware & TPM Cluster Containers Hardware OS
Verify integrity of the OS release Customer key embedded in the firmware Verify configuration state Verify images with trusted keys Only attested machines are allowed to join Kubernetes rkt CoreOS Linux Firmware & TPM Cluster Containers Hardware OS
Verify integrity of the OS release Customer key embedded in the firmware Verify configuration state Verify images with trusted keys Only attested machines are allowed to join Kubernetes rkt CoreOS Linux Firmware & TPM Cluster Containers Hardware OS Tamper-proof audit log (TPM)
New Level of Security Run in third party or hostile data centers with zero trust Prevent invisible attacks Verifiable audit log for when things go wrong Putting you in control Your company is in cryptographic control your environment
robszumski
minorun365
nikkei_engineer_recruiting
takuyay0ne
yanzm
tkhresk
nishiharatsubasa
tammyeverts
kazumax55
nazonohito51
shotatsuge
mtsmfm
soudai
philnash
marcelosomers
destraynor
keithpitt
ddemaree
carmenintech
holman
tanoku
orderedlist
brettharned
schacon
rocio