This document provides a summary of a presentation about modern container orchestration with Kubernetes and CoreOS. It discusses what CoreOS is, how to easily set up CoreOS and Kubernetes, machine configuration, distributed configuration with etcd, scheduling and running workloads with Kubernetes, and service discovery using Kubernetes labels. It also briefly mentions CoreOS careers and continuous delivery of the OS.

1. Modern Container
Orchestration
Kubernetes, CoreOS, and more
@coreoslinux
@brandonphilips

2. Brandon Philips
CTO, CoreOS
github.com/philips

3. Easy CoreOS+Kubernetes Setup
vagrant, aws, bare metal, etc
coreos.com/kubernetes/docs/latest/

4. Demo Instructions
github.com/philips/hacks
2015-all-things-open

5. What is CoreOS?

6. What is CoreOS?

9. What is CoreOS?

11. The smartest way to run your container infrastructure.
tectonic.com @tectonic

12. QUAY
Secure hosting for private Docker repositories
quay.io @quayio

13. Why build CoreOS?

14. you

15. you as a sw engineer

16. your
with Ada.Text_IO;
procedure Hello_World is
use Ada.Text_IO;
begin
Put_Line("Hello, world!");
end;
#include <stdio.h>
int main()
{
printf("Hello, world!n");
}
package main
import "fmt"
func main() {
fmt.Println("Hello, world!")
}

17. your container
image

18. your /bin/java
/opt/app.jar
/lib/libc

19. your /bin/python
/opt/app.py
/lib/libc

20. your com.example.app
d474e8c57737625c

21. your d474e8c57737625c
Signed By: Alice

22. you as an ops engineer

23. your

24. your
com.example.webapp
x3

25. your
com.example.webapp
x3

26. your
???
com.example.webapp
x3

27. How do we do it?

28. reduce API contracts
minimal

29. kernel
systemd
rkt
ssh
docker
python
java
nginx
mysql
openssl
app
trodistrodistrodistrodistrodistro

30. python
java
nginx
mysql
openssl
apptrodistrodistrodistrodistrodistro
kernel
systemd
rkt
ssh
docker

31. python
openssl-A
app1
trodistrodistrodistrodistrodistro
java
openssl-B
app2
java
openssl-B
app3
kernel
systemd
rkt
ssh
docker

32. CoreOS
container
trodistrodistrodistrodistrodistro
container
container

33. OS operations

34. updates
OS operations

35. manual updates

36. automatic updates

37. automatic updates

40. atomic update with rollback
CoreOS Updates

41. machine configuration
OS operations

42. get into the cluster
machine config

43. [Service]
ExecStart=/usr/bin/kubelet --
api_servers=https://172.17.4.101 --
register-node=true --hostname-
override=172.17.4.201 --cluster_dns=10.
3.0.10 --cluster_domain=cluster.local
--tls-cert-file=worker.pem --tls-
private-key-file=worker-key.pem

44. [Service]
ExecStart=/usr/bin/kubelet --
api_servers=https://172.17.4.101 --
register-node=true --hostname-
override=172.17.4.201 --cluster_dns=10.
3.0.10 --cluster_domain=cluster.local
--tls-cert-file=worker.pem --tls-
private-key-file=worker-key.pem

45. [Service]
ExecStart=/usr/bin/kubelet --
api_servers=https://172.17.4.101 --
register-node=true --hostname-
override=172.17.4.201 --cluster_dns=10.
3.0.10 --cluster_domain=cluster.local
--tls-cert-file=worker.pem --tls-
private-key-file=worker-key.pem

46. [Service]
ExecStart=/usr/bin/kubelet --
api_servers=https://172.17.4.101 --
register-node=true --hostname-
override=172.17.4.201 --cluster_dns=10.
3.0.10 --cluster_domain=cluster.local
--tls-cert-file=worker.pem --tls-
private-key-file=worker-key.pem

47. distributed configuration
cluster operations

48. etcd

50. /etc
distributed

51. Available
Leader
Follower

52. Available
Leader
Follower

53. Available
Leader
Follower

54. Unavailable
Leader
Follower

55. Available
Leader
Follower

56. Available
Leader
Follower

57. Temporarily Unavailable
Leader
Follower

58. Available
Leader
Follower

59. Unavailable
Leader
Follower

60. what should run
cluster operations

61. k8s/mesos/etc scheduler
scheduling

62. getting work to servers
scheduling

63. $ scp app host:/opt
$ ssh host systemd-run /opt/app

64. $ scp app host:/opt
$ ssh host systemd-run /opt/app

65. $ fab deploy:app

66. $ fab deploy:app

67. $ fab deploy:app

68. $ fab deploy:collector-app

69. $ fab deploy:collector-app

70. $ fab deploy:collector-app

71. $ fab deploy deploy:collector-app

72. $ fab lowest-loadaverage

73. $ fab lowest-loadaverage
host1

74. $ fab lowest-loadaverage
host1
$ fab -H host1 deploy:job

75. You
Scheduler API
Scheduler
Machine(s)

76. while true {
todo = diff(desState, curState)
schedule(todo)
}

77. while true {
todo = diff(desState, curState)
schedule(todo)
}

78. while true {
todo = diff(desState, curState)
schedule(todo)
}

79. while true {
todo = diff(desState, curState)
schedule(todo)
}

80. $ kubectl run host-info
--image=quay.io/philips/host-info
--replicas=1
$ kubectl get pods
POD IP
host-info-97wt8 10.2.29.4

81. $ kubectl scale rc host-info
--replicas=2
$ kubectl get pods
POD IP
host-info-97wt8 10.2.29.4
host-info-f839d 10.2.29.8

82. pod
env=prod
app=web
pod
env=prod
app=web
pod
env=prod
app=web
rc web-prod
select(env=prod,app=web)
count=1

83. pod
env=prod
app=web
pod
env=prod
app=web
pod
env=prod
app=web
rc web-prod
select(env=prod,app=web)
count=1

84. pod
env=prod
app=web
rc web-prod
select(env=prod,app=web)
count=1

85. pod
env=prod
app=web
rc web-prod
select(env=prod,app=web)
count=5

86. pod
env=prod
app=web
pod
env=prod
app=web
pod
env=prod
app=web
pod
env=prod
app=web
pod
env=prod
app=web
rc web-prod
select(env=prod,app=web)
count=5

87. where is it running
cluster operations

88. dns, LBs, k8s labels
services

89. flexible service discovery
k8s labels

90. pod
env=dev
app=web
pod
env=test
app=web
pod
env=prod
app=web

91. pod
env=dev
app=web
pod
env=test
app=web
pod
env=prod
app=web
service test.example.com
select(env=dev,app=web)
service beta.example.com
select(env=test,app=web)
OR
select(env=prod,app=web)
service example.com
select(env=prod,app=web)

92. pod
env=test
app=web
pod
env=prod
app=web
pod
env=prod
app=web
pod
env=dev
app=web
pod
env=test
app=web
pod
env=prod
app=web
service test.example.com
select(env=dev,app=web)
service beta.example.com
select(env=test,app=web)
OR
select(env=prod,app=web)
service example.com
select(env=prod,app=web)

93. pod
app=foo,version=1
service foo.cluster.local
select(app=foo)

94. pod
app=foo,version=1
pod
app=foo,version=2
service foo.cluster.local
select(app=foo)

95. pod
app=foo,version=1
pod
app=foo,version=2
service foo.cluster.local
select(app=foo)

96. $ kubectl expose rc host-info
--port=80
--target-port=5483
--type=NodePort
$ curl http://172.17.4.202:32430/

97. architecture in practice
cluster operations

98. worker
kubelet
worker
kubelet
worker
kubelet
scheduler
& API
worker
kubelet
w
kut
worker
kubelet

99. worker
kubelet
worker
kubelet
scheduler
& API

100. worker &
API
works on 1 node too

101. Easy CoreOS+Kubernetes Setup
vagrant, aws, bare metal, etc
coreos.com/kubernetes/docs/latest/

102. coreos.com/careers
work with us

103. @coreoslinux
@tectonicstack
@brandonphilips
thank you

104. continuous delivery of the OS
- Linux Kernel API promise
- Containers are required
- Consistency of configuration

105. $ date -d "-674 days"
Mon Jul 1 2013

106. Alpha
α

107. Alpha Beta
α β

108. Alpha Beta Stable
α β S

109. $ cd coreos/manifest

110. $ cd coreos/manifest
$ git tag | wc -l

111. $ cd coreos/manifest
$ git tag | wc -l
329

112. $ uname -r
3.8.0

113. $ uname -r
3.8.0
$ uname -r
4.0.0

114. $ init --version
systemd 207

115. $ init --version
systemd 207
$ init --version
systemd 219

116. github.com/coreos/etcd

122. ...

125. ok?
ok?

126. no
yes

128. done

129. ok?

131. github.com/coreos/etcd

132. container
networking

133. github.com/appc/cni
- Defining external plugins e.g. ipvlan, bridge, etc
- Used in rkt today for setting up network namespaces
- Collaborating with folks from Red Hat, Cisco, and
others

134. 192.168.1.10
192.168.1.40

135. 192.168.1.10
192.168.1.40

136. 10.0.0.3
10.0.0.8
10.0.1.10
10.0.1.20
192.168.1.10
192.168.1.40

138. 192.168.1.10
192.168.1.40
10.0.0.0/24 10.0.1.0/24

139. routes to
192.168.1.40
192.168.1.10
192.168.1.40
10.0.0.0/24 10.0.1.0/24

140. 192.168.1.40
10.0.1.0/24
192.168.1.10
routes to
192.168.1.10