The Kubernetes community has aspirations of becoming the Linux kernel of distributed systems. Together we want to build a scalable, stable, and secure platform for distributed system that is the ubiquitous choice for people building server infrastructure. This talk will discuss the major community efforts made in recent months to deliver this goal and the work we need to do to continue our momentum.
Sched Link: http://sched.co/68lU
2. CoreOS, Inc (2013 - today)
Mission: "Secure the Internet"
Started at the OS level: CoreOS Linux
● Modern, minimal operating system
● Self-updating (read-only) image
● Updates must be automatic and seamless
14. 90+ Projects on GitHub, 1,000+ Contributors
OPEN SOURCE
CoreOS.com - @coreoslinux - github/coreos
Secure solutions, support plans, training + more
ENTERPRISE
sales@coreos.com - tectonic.com - quay.io
15. Product Management via Keynote
Users running Kubernetes infrastructure
Community building Kubernetes
Businesses building products on Kubernetes
16. Where We Are Pushing Kubernetes
Simpler to deploy and configure clusters
Increasing scale of clusters throughout stack
Security based on good practices
rkt engine powering Kubernetes nodes
Standards to ensure portability
29. That seems hard, what do we get?
Bootstrap requirements down to working SSH
Rolling updates for Kubernetes itself!
Kubelet version controlled by API
Help Wanted! Goal: working in v1.3
34. etcd v3.0 - "Scaling etcd to thousands of nodes"
● Efficient transport via gRPC and HTTP/2
● New powerful API based on k8s use-case
● Disk-backed and memory efficient storage
● Incremental snapshot for consistent performance
● Fix re-list issues with longer and memory-efficient
key history
36. v3 API - Watches
● support multiple keys and prefixes per stream
○ watchKey(foo)
○ watchPrefix(coreos)
● support watch from historical point
○ watchKey(foo, index_of_an_hour_ago)
○ user-driven history compaction
37. v3 API - Lease
l := lease.Create(10*second)
kv.Put("foo", "bar", l.ID)
// key will be removed without keeping
// alive the lease
go KeepAlive(l.id)
38. Help Wanted: mirror maker
Label queries are the new DNS
Need API mirrors to give queries 100% uptime
Help wanted, no work started.
43. Dex - OIDC Provider
Open source standards based identity-provider
SQL, LDAP, and other identity backend
connectors
Applicable outside of Kubernetes but that is our
use case
75. ● TPM, Trusted Platform Module
○ physical chip on the motherboard
○ cryptographic keys + processor
● Used to "measure" system state
● Historically just use to verify bootloader/OS (on
proprietary systems)
rkt TPM measurement
76. ● CoreOS added support to GNU Grub
● rkt can now record information about running
pods in the TPM
● attestable record of what images and pods are
running on a system
rkt TPM measurement
87. ● Coordinate promotion of Cloud Native architectures
● A home for Cloud Native OSS projects like Kubernetes
○ Technical board to evaluate additional projects
● Provides shared resources to projects like video
conferencing, test servers, etc
88. ● Creating technical standards for containers
● Started with runC and a runtime specification
● Large mandate to standardize an image format
○ In-progress
89. Multiple Image Formats in v1.3 API
● Today Kubernetes only supports the Docker
Image Format and naming
● Use cases for executing other formats
○ OCI Image Format
○ tar archive chroots
○ jar?
○ static binary?
● Support signing and content verification
90. Help Push Kubernetes Forward
Simpler to deploy and configure clusters
Increasing scale of clusters throughout stack
Security based on good practices
rkt engine powering Kubernetes nodes
Standards to ensure portability