tectonic summit 2016: brandon philips, cto of coreos, keynote
TRANSCRIPT
![Page 1: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/1.jpg)
Brandon Philips@brandonphilips | [email protected] | coreos.com
![Page 2: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/2.jpg)
Good Morning!
![Page 3: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/3.jpg)
Experts at Every Layer of the Stack
Linux
Container Engines & Runtime Specs
Image Specs, Build, & Hosting
Clustered Database
Cloud Independence & Lifecycle
Identity & Federation
![Page 4: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/4.jpg)
Experts at Every Layer of the Stack
Linux
Container Engines & Runtime Specs
Container Image Build, Hosting, & Specs
Clustered Database
Cloud Independence & Lifecycle
Identity & Federation
![Page 5: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/5.jpg)
Experts at Every Layer of the Stack
Linux
Container Engines & Runtime Specs
Container Image Build, Hosting, & Specs
Clustered Database
Cloud Independence & Lifecycle
Identity & Federation
![Page 6: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/6.jpg)
The shared foundation of thisecosystem is the container
![Page 7: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/7.jpg)
And CoreOS is ensuring that the shared foundation is built on standards
![Page 8: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/8.jpg)
Open Container Initiative
OCI AnnouncedJune 2015
OCI 1.0Q1 2017
rkt OCI supportJuly 2016
OCI Image Spec AddedApril 2016
Quay, Kubernetes, etcQ2 2017
OCI 1.0 RC-1July 2016
![Page 9: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/9.jpg)
Create developer collaboration
Build interoperating products
Confidence in ecosystem stability
Investment in standards
![Page 10: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/10.jpg)
An update aboutthe pod native container engine
![Page 11: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/11.jpg)
rkt community traction
● Laptop Kubernetes, minikube, can use rkt with a single flag
● BlaBlaCar (Series D, $350m) rkt in prod and moving to Kubernetes
● Container Linux services now run under rkt
● Google GKE using rkt for Kubelet mount management
![Page 12: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/12.jpg)
Kubernetes & rkt integration via CRI
Support all OCI standards as they reach 1.0
Continue innovation in design and security
Roadmap for rkt
![Page 13: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/13.jpg)
Kubernetes & rkt integration via CRI
Support all OCI standards as they reach 1.0
Continue innovation in design and security
Roadmap for rkt
![Page 14: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/14.jpg)
Quick Reminder: Pod Basics
cache(pid 5)
asset fetcher(pid 8)
web server(pid 9)
pod sandbox
![Page 15: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/15.jpg)
Quick Reminder: Pod Lifecycle
wor
ker
node
sco
ntro
llers
no
des
EC2 VM EC2 VM EC2 VM
EC2 VM EC2 VM EC2 VM
EC2 VM EC2 VM EC2 VM
![Page 16: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/16.jpg)
Quick Reminder: Pod Lifecycle
A1
KubernetesScheduler
KubeAPI
Monitoring Service
wor
ker
node
sco
ntro
llers
no
des
![Page 17: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/17.jpg)
Quick Reminder: Pod Lifecycle
A1
KubernetesScheduler
KubeAPI
Monitoring Service
wor
ker
node
sco
ntro
llers
no
des
![Page 18: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/18.jpg)
Quick Reminder: Pod Lifecycle
A1
KubernetesScheduler
KubeAPI
Monitoring Service
J2
wor
ker
node
sco
ntro
llers
no
des
![Page 19: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/19.jpg)
Quick Reminder: Pod Lifecycle
A1
KubernetesScheduler
KubeAPI
Monitoring Service
J2
wor
ker
node
sco
ntro
llers
no
des
![Page 20: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/20.jpg)
Container Runtime Interface
cache(pid 5)
asset fetcher(pid 8)
web server(pid 9)
pod sandbox
![Page 21: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/21.jpg)
Container Runtime Interface
cache(pid 5)
asset fetcher(pid 8)
web server(pid 9)
pod sandbox
![Page 22: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/22.jpg)
Container Runtime Interface
cache(pid 5)
asset fetcher(pid 8)
web server(pid 9)
pod sandboxHealth Check Fail
![Page 23: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/23.jpg)
Container Runtime Interface
cache(pid 5)
asset fetcher(pid 8)
pod sandbox
![Page 24: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/24.jpg)
Container Runtime Interface
cache(pid 5)
asset fetcher(pid 8)
pod sandbox
web server(pid 10)
![Page 25: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/25.jpg)
rkt and CRI will help enable faster innovation in Kubernetes in 2017.
![Page 26: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/26.jpg)
Kubernetes & rkt integration via CRI
Support all OCI standards as they reach 1.0
Continue innovation in design and security
Roadmap for rkt
![Page 27: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/27.jpg)
rkt and runc
cache(pid 5)
asset fetcher(pid 8)
web server(pid 8)
runc runc runc
pod sandbox
![Page 28: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/28.jpg)
Kubernetes & rkt integration via CRI
Support all OCI standards as they reach 1.0
Continue innovation in design and security
Roadmap for rkt
![Page 29: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/29.jpg)
rkt is the only container engine with both Linux native and VM isolation.
![Page 30: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/30.jpg)
rkt is the only container engine with both Linux native and VM isolation.
We continue to explore new ideas.
![Page 31: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/31.jpg)
Normal rkt execution
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
pod sandbox
cache(pid 10)
debug agent(pid 38)
web server(pid 20)
pod sandbox
![Page 32: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/32.jpg)
VM rkt execution
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
pod sandbox
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
pod sandbox
![Page 33: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/33.jpg)
bash(uid 1001, pid 8)
Lifecycle of a process
bash(uid 1001, pid 9)
fork()identical perms
su(uid 0, pid 9)
exec() setuid binaryelevate perms
bash(uid 0, pid 9)
exec()identical perms
Normal Execution Path
![Page 34: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/34.jpg)
bash(uid 1001, pid 8)
Lifecycle of a process
bash(uid 1001, pid 9)
fork()identical perms
bash(uid 0, pid 9)
open() kernel exploitelevate perms
Exploit Execution Path
Container Terminated
![Page 35: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/35.jpg)
VM rkt execution
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
Privilege EscalationValidator
pod sandboxCan PID 8
open /proc/9/environ it
is uid 0?
![Page 36: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/36.jpg)
VM rkt execution
Yes, valid elevation to uid 0
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
Privilege EscalationValidator
pod sandbox
![Page 37: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/37.jpg)
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
VM rkt execution
rootkit payload
Privilege EscalationValidator
pod sandbox
![Page 38: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/38.jpg)
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
VM rkt execution
rootkit payload
Privilege EscalationValidator
pod sandboxCan PID 9
open /etc/shadow it is
uid 0?
![Page 39: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/39.jpg)
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
VM rkt execution
rootkit payload
No, invalid transition to uid 0
Privilege EscalationValidator
pod sandbox
![Page 40: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/40.jpg)
cache(pid 5)
debug agent(pid 8)
web server(pid 9)
kvm virtual machine
pod sandbox
VM rkt execution
Privilege EscalationValidator
Container Terminated
![Page 41: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/41.jpg)
![Page 42: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/42.jpg)
Tectonic will support users withDocker Engine or rkt engine.
End-to-end.
![Page 43: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/43.jpg)
Kubernetes scales.And we have worked end-to-end
to make it happen
![Page 44: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/44.jpg)
● Clients talk to Kubernetes API server
● API is stateless and horizontally scales
● State from API persisted to etcd DB
Quick Reminder: Kubernetes Architecture
![Page 45: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/45.jpg)
● etcd introduced in 2013 by CoreOS
● Persistent database of Kubernetes
● Auto-leader election for availability
etcd Overview
![Page 46: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/46.jpg)
etcd is the foundation of Kubernetes
![Page 47: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/47.jpg)
CoreOS ensures it isscalable, simple, solid
etcd is the foundation of Kubernetes
![Page 48: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/48.jpg)
Scaling Milestones of Kubernetes
100 Nodes300 PodsJune 2015
2,000 Nodes60,000 Pods
November 2016
1,000 Nodes30,000 Pods
March 2016
5,000 Nodes150,000 PodsDecember 2016
![Page 49: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/49.jpg)
● Google Chubby
● etcd by CoreOS
● ZooKeeper by Apache
● Consul by Hashicorp
Consistent Key-Value Database
![Page 50: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/50.jpg)
● Google Chubby (closed source)
1.etcd by CoreOS
2.ZooKeeper by Apache
3.Consul by Hashicorp
Consistent Key-Value Database, Benchmark
![Page 51: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/51.jpg)
Memory, key to scalability
![Page 52: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/52.jpg)
Latency, key to reliability
![Page 53: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/53.jpg)
Latency, key to reliability
etcd's delivers consistent latency
![Page 54: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/54.jpg)
Scaling Milestones of Kubernetes
2,000 Nodes60,000 Pods
November 2016
1,000 Nodes30,000 Pods
March 2016
5,000 Nodes150,000 PodsDecember 2016
20,000 Nodes600,000 Pods
2017
![Page 55: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/55.jpg)
CoreOS ensures it isscalable, simple, solid
etcd is the foundation of Kubernetes
![Page 56: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/56.jpg)
etcd Operator
![Page 57: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/57.jpg)
etcd Operator
![Page 58: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/58.jpg)
etcd Operator
![Page 59: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/59.jpg)
etcd Operator
![Page 60: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/60.jpg)
CoreOS ensures it isscalable, simple, solid
etcd is the foundation of Kubernetes
![Page 61: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/61.jpg)
![Page 62: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/62.jpg)
etcd is Trusted by 100s of OSS Projects
![Page 63: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/63.jpg)
Google. Amazon. Microsoft.
etcd is Trusted by 100s of OSS Projects
Including Projects From Teams At
![Page 64: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/64.jpg)
Self-driving architecture simplifies Kubernetes.
![Page 65: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/65.jpg)
![Page 66: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/66.jpg)
$ uname -s minix$ gcc linux.c
![Page 67: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/67.jpg)
$ uname -s minix$ gcc linux.c
![Page 68: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/68.jpg)
![Page 69: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/69.jpg)
$ uname -s linux$ gcc linux.c
![Page 70: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/70.jpg)
$ uname -s linux$ gcc linux.c
![Page 71: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/71.jpg)
Self-Hosted Architecture
wor
ker
node
sco
ntro
llers
no
des
EC2 VM EC2 VM EC2 VM
EC2 VM EC2 VM EC2 VM
EC2 VM EC2 VM EC2 VM
![Page 72: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/72.jpg)
Self-Hosted Architecture
KubernetesScheduler
KubeAPI
Monitoring Service
cont
rolle
rs
node
s
A1
J2
wor
ker
node
s
![Page 73: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/73.jpg)
Self-Hosted Architecture
KubernetesScheduler
KubeAPI MS
cont
rolle
rs
node
s
A1
J2
wor
ker
node
s
KS
![Page 74: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/74.jpg)
Self-Hosted Architecture
KubernetesScheduler
KubeAPI MS
cont
rolle
rs
node
s
A1
J2
wor
ker
node
s
KS
![Page 75: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/75.jpg)
![Page 76: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/76.jpg)
Toil is the kind of work tied to running a production service that tends to be manual, repetitive, automatable, tactical, devoid of enduring value, and that scales linearly as a service grows.
Self-Driving Removes Toil
![Page 77: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/77.jpg)
CHECK
But... Failures Still Happen
Self-Driving Removes Toil
![Page 78: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/78.jpg)
Self-Driving Monitoring Architecture
KubernetesScheduler
KubeAPI
Monitoring Service
cont
rolle
rs
node
s
![Page 79: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/79.jpg)
Self-Driving Monitoring Architecture
KubernetesScheduler
KubeAPI
Monitoring Service
cont
rolle
rs
node
s
![Page 80: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/80.jpg)
![Page 81: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/81.jpg)
"Self-hosted" is being adopted in the Kubernetes community.
![Page 82: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/82.jpg)
Kubernetes User Identity
![Page 83: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/83.jpg)
Kubernetes User Identity
![Page 84: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/84.jpg)
Kubernetes User Identity
![Page 85: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/85.jpg)
Kubernetes User Identity
![Page 86: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/86.jpg)
OpenID Connect (OIDC) provider with LDAP plugin.
Integrated into upstream Kubernetes.
No external databases, simply use the Kubernetes API.
Default in Tectonic.
![Page 87: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/87.jpg)
![Page 88: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/88.jpg)
CoreOS is ensuring that the shared foundation is built on standards
![Page 89: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/89.jpg)
rkt will help enable faster innovation in Kubernetes in 2017.
![Page 90: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/90.jpg)
Kubernetes scales.And we have worked end-to-end
to make it happen.
![Page 91: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/91.jpg)
Self-driving architecture simplifies and removes toil.
![Page 92: Tectonic Summit 2016: Brandon Philips, CTO of CoreOS, Keynote](https://reader036.vdocuments.us/reader036/viewer/2022062503/5871ae051a28abda6a8b60c3/html5/thumbnails/92.jpg)
Experts at Every Layer of the Stack
Linux
Container Engines & Runtime Specs
Container Image Build, Hosting, & Specs
Clustered Database
Cloud Independence & Lifecycle
Identity & Federation