CoreOS Fest 2016 provided updates on CoreOS projects including etcd v3, Kubernetes security tools DEX and DTC, and Prometheus. Key announcements included etcd improving performance and storage, DEX enabling external authentication for Kubernetes, and Prometheus becoming a CNCF project. Keynotes covered security in systemd, the Linux kernel status, and distributed system design tool Runway. CoreOS also announced a $28M funding round and partnerships with Calico and Intel.
2. Outline
• Bit about CoreOS Fest background
• News
– etcd v3, DEX, DTC
– prometheus, DEIS, systemd, Linux kernel
– Business
3. What the heck CoreOS is Fest about?
• What is CoreOS ?
– Operating system, Company, project umbrella
– The “other”container camp
– Similarly to docker the aim is building a container
based distributed platform for running custom
applications => GIFEE == cloud native computing
• reusing existing building blocks
– Omaha, systemd, docker, prometheus, kubernetes…
• New tools e.g: coreos-kubernetes
• New building blocks e.g: Clair, DEX, DTC
7. Kubernetes security
• DTC (Distributed Trust Computing) [1]
– Verifying the infrastructure integrity utilizing secure boot and
TPM chips
– Easily integrates into Kubernetes, no hacks needed
– Packet [2] [3]
• DEX [4]
– Enabling external authenticators for Kubernetes
– OAuth 2.0
– LDAP support [5]
[1] https://coreos.com/blog/coreos-trusted-computing.html
[2] http://stackpointcloud.com
[3] https://www.packet.net
[4] https://github.com/coreos/dex
[5] https://coreos.com/blog/dex-ldap-support.html
8. jwtproxy
• service to service authentication proxy
– use AUTH headers since this is the only field
compatible across all infra solutions
e.g. different load balancer implementations
– compatible with TLS infrastructure
[1] https://github.com/coreos/jwtproxy
9. Prometheus
• open-source systems monitoring and alerting toolkit by SoundCloud [1]
• Part of CNCF now! [2]
• Modeled after Google’s internal monitoring system
– Pull based metrics collection solution
– HTTP as a transport protocol
– Use labels to differentiate the characteristics of the thing that is being measured
• Inbuilt Kubernetes integration for automatic pod registration and metrics
collection
• Interesting Kubernetes related usecase [3]
• Prometheus conf 2016. Aug 25-26 , Berlin [4]
[1] https://prometheus.io
[2] https://cncf.io/news/announcement/2016/05/cloud-native-computing-
foundation-accepts-prometheus-second-hosted-project
[3] https://coreos.com/blog/improving-kubernetes-scheduler-
performance.html
[4] https://promcon.io
10. Keynotes
• Security Features in systemd, Lennart Poettering [1]
• State of the Linux Kernel, Greg Kroah-Hartman [2]
• Runway: a new tool for distributed systems design, Diego
Ongaro [3]
[1] http://0pointer.de/blog/projects/security.html
[2] https://www.linux.com/news/greg-kh-update-linux-kernel-
46-next-week-new-security-features
[3] http://www.internetnews.com/blog/skerner/coreos-fest-
runway-provides-a-new-model-distributed-systems-
design.html
11. Funky hacks
• quayctl: pulling container images via bittorrent
[1]
• Stackanetes: running OpenStack on top of
Kubernetes [2][3]
• Hyperclair: a lightweight command-line tool for
working locally with Clair
[1] https://github.com/coreos/quayctl
[2] https://tectonic.com/blog/stackanetes-openstack-on-k8s-prototype.html
[3] https://github.com/stackanetes/stackanetes
[4] https://github.com/wemanity-belgium/hyperclair
12. Secure the internet
Secure Operating System Secure container platform Additional security tools
systemd
Auto
updates
Linux
kernel
rkt kubernetes Clair jwtproxy
DEX DTC
13. Biz news
• CoreOS closed $28M Series B investment
• Canel: joint venture between Calico and
CoreOS to build best of breed network
solution
• Cooperation with Intel
– Clear containers
– Stackanetes