locally • Provide access to all portable k8s features Develop against a local Kubernetes cluster • Lightweight, single-command installation • Works across Linux & OS X. (Windows support soon) • Includes all dependencies • Local cluster can be managed via kubectl • Built-in Dashboard Status: GA since Kubernetes v1.3 Check out Minikube repo! @dlorenc @luxas @aaron-prindle @jimmidyson
on Kubernetes • mysql, redis, zookeeper, ... Clustered apps need “identity” and sequencing guarantees • stable hostname, available in DNS • an ordinal index • stable storage: linked to the ordinal & hostname • discovery of peers for quorum • startup/teardown ordering Mysql, Postgres, Zookeeper, etcd, etc. Status: ALPHA in Kubernetes v1.3 @smarterclayton @bprashanth
multiple clusters • High availability across regions & cloud providers - Geographically aware DNS gets clients to the "closest" healthy cluster. - DNS + Kubernetes cluster-local service discovery. - Can default to cluster-local with failover to remote clusters. - Is API-compatible with a vanilla Kubernetes service. - Has no clusterIP (as it is cluster-independent) - Has a federation-wide load balancer hostname Give it a try by following this guide. Status: Beta in Kubernetes v1.3 Cross-cluster Load Balancer/DNS End-user Cluster 1 Cluster 2 Cluster 3 @huangyuqi @jianhuiz @quinton-hoole @justinsb @nikhiljindal @madhusudancs @mml
across zones in a single cluster Supports heterogeneous nodes Pods can be placed on specific node pools Staged rollout of Kubernetes upgrades (A/B testing) Support for multiple zones Combine this with Cluster Autoscaling! Status: Available in GKE Load Balancer End-user us-central1-b us-central1-a us-central1-f @a-robinson
permissions the same as other Google Cloud Platform Permissions Invite anyone with a Google account to use your cluster. Give Writer or Reader permissions. Status: Available in GKE K8s API Server Kubectl Google Auth'n Gcloud Google Auth'z Token @cjcullen [email protected][email protected] Can get pods? Yes. Get Pods
the API RBAC: Role-Based Access Control Create any number of different roles. Assign any users or groups to roles. Similarities to AWS, GCP IAM. Applies to all future Kinds easily. Status: Available everywhere but GKE @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS)
- RBAC @deads2k (RedHat) @liggitt (RedHat) @ericchiang (CoreOS) ClusterRole pod-reader ClusterRoleBinding eric Role whatever RoleBinding vish Role secret-deleter RoleBinding rohit 1 2 3 4 5 1: eric can read pods in the whole cluster 2: vish can read pods in namespace default 3: rohit can read pods in namespace other 4: rohit can delete secrets in namespace other 5: not allowed
& always online Work In Progress Protection against memory pressure - Evict pods under memory pressure - Configurable hard & soft limits - In-built support for overcommit - Beta in v1.3 Nodes scalable to 100+ pods @derekwaynecarr @vishh