CoreOS @ gluecon 2015

74

Transcript of CoreOS @ gluecon 2015

About MeCTO/CO-FOUNDERsystems engineer

@brandonphilipsgithub.com/philips

What is CoreOS?

What is CoreOS?

What is CoreOS?

Why build CoreOS?

reduce API contracts

minimal

kernelsystemdetcdsshdocker

pythonjavanginxmysqlopenssl

app

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

pythonjavanginxmysqlopenssl

app

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

kernelsystemdetcdsshdocker

pythonopenssl-A app1

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

javaopenssl-B app2

javaopenssl-B app3

kernelsystemdetcdsshdocker

CoreOS

pythonopenssl-A app1

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

javaopenssl-B app2

javaopenssl-B app3

CoreOS

container

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

container

container

https://github.com/philips/hacksfolder: system-api-tutorial

APIs

Linux syscalls

API

manual updates

automatic updates

automatic updates

atomic with rollback

auto updates

omaha

API

run and isolate apps

containers

http registry

image fetch

pid nsisolated pid 1

user nsisolated uid 0

network nsisolated netdev

mount nsisolated /

cgroupsmanage resources

cgroupscount resources

cgroupslimit resources

namespaces

API

cgroups

API

docker engine

REST

API

dbus

API

machines and clusters

configuration

get into the cluster

machine conf

#cloud-config

ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2E…

coreos: etcd: discovery: https://discovery.etcd.io/ba09c units: - name: etcd2.service command: start - name: fleet.service command: start

#cloud-config

ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2E…

coreos: etcd: discovery: https://discovery.etcd.io/ba09c units: - name: etcd2.service command: start - name: fleet.service command: start

#cloud-config

ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2E…

coreos: etcd: discovery: https://discovery.etcd.io/ba09c units: - name: etcd2.service command: start - name: fleet.service command: start

RESThypercalls

filesystems

API

what is running

cluster conf

k8s, discoverd, confd

services

what should run

cluster conf

locksmith

coordination

fleet, k8s

scheduling

etcd

API

etcd

/etcdistributed

Available

Available

Available

Unavailable

Available

Leader

Follower

Leader

Follower

Available

Leader

Follower

Temporarily Unavailable

Leader

Follower

Available

http+json

API

getting work to servers

scheduling

You

Scheduler API

Scheduler

Machine(s)

$ kubectl run-container my-nginx --image=nginx --replicas=1 --port=80

$ kubectl get podsPOD IPmy-nginx-97wt8 10.2.29.4

http+json

API

$ cat nginx.service[Service]ExecStart=/usr/bin/rkt \ docker://nginx

$ fleetctl start nginx.serviceJob nginx.service launched on e1cd2bcd.../172.17.8.101

http+json

API

while true { todo = diff(desState, curState) schedule(todo)}

while true { todo = diff(desState, curState) schedule(todo)}

while true { todo = diff(desState, curState) schedule(todo)}

while true { todo = diff(desState, curState) schedule(todo)}

the future