The CoreOS team has been an active participant in the Kubernetes project since Google began the process of open-sourcing this successor to their internal Borg and Omega systems. We not only believe Kubernetes is the right architecture for modern application infrastructure, we see it as an agent of transformation for IT organizations. We coined the acronym GIFEE – “Google Infrastructure for Everyone” – to help summarize what Kubernetes means for businesses.
With KubeCon opening tomorrow in Seattle, we’re anticipating a great event by celebrating the vibrancy of the Kubernetes community, and in this blog post we'll take a look at efforts we’ve spearheaded across Kubernetes versions.
A vibrant and growing community
The community surrounding the Kubernetes project is one of its greatest strengths. Over the past few years, that community, organized by the Cloud Native Computing Foundation, has expanded to include close to 60 organizations.
Over 1,000 contributors have made over 35,000 commits to Kubernetes. More than 900 people made significant contributions during the Kubernetes v1.4 release cycle. Kubernetes is an exciting, active open source community, and we are proud to play a part in its continued growth and increasing momentum.
CoreOS focus in the Kubernetes Community
Kubernetes takes the best patterns and lessons from its direct ancestor Google Borg, which had years of evolution in an intense production environment. We joined the community to help extend Kubernetes and build on its stability to deliver a secure, reliable, and manageable platform that any enterprise can adopt.
As part of our active commitment to the Kubernetes community, we contribute code and help foster conversation around the direction of the project. Our developers play an active role and members of our team are the project leads for:
CoreOS engineers also co-lead 5 Kubernetes Special Interest Groups (SIGS) including:
SIG-Rktnetes (This group has merged with SIG-Node after the mainlining of the rkt container runtime work in Kubernetes v1.3.)
In addition, CoreOS is active in such SIGs as SIG-Apps, SIG-Cluster Lifecycle, SIG-Cluster Ops, SIG-Network and SIG-Storage.
CoreOS Contributions in each Kubernetes release
With each increment of the Kubernetes version number, we’ve worked closely with community partners, contributing significant features and improvements to get Kubernetes where it is today.
- Improved scheduling: Major performance improvements, reducing time to schedule 30,000 pods onto 1,000 nodes from 8,780 seconds to 587 seconds.
- Improved scaling: Added etcd3 v3 as a primary data store option next to etcd v2. This new API is foundational for continued Kubernetes scaling. Improved the ease of use for network layer security: with TLS bootstrap API group.
- Made huge strides in proving out the self hosted Kubernetes model for deployment and upgrades.
- Introduced Standards Based Authentication: CoreOS developed an OpenID Connect (OIDC) AuthProvider plugin, allowing OIDC Identity Providers (IdPs) to authenticate kubectl and other clients on behalf of the API Server.
- Introduced API Authorization APIs alongside the wider community with the Role-Based Access Control API Authorizer.
- Built a widely-used tool called Kube-AWS which simplifies the installation of Kubernetes on AWS, influencing AWS deployment patterns in the wider community.
- Improved network security Kubelet TLS bootstrap helps users create securely managed Kubernetes clusters with less work.
- Improved scalability of the Kubernetes API primary datastore: etcd v3 support was finalized. In Kubernetes v1.5, the etcd v3 work done over the v1.3 and v1.4 releases will be enabled by default.
- Improved abstractions for different Container Runtimes through our work introducing the rkt container engine as a node execution engine. This ongoing work has informed a number of important design decisions inside of Kubernetes to create a flexible and stable core.
- Introduced Container Image Policies to prevent a container from being admitted for scheduling that does not conform to operational fitness requirements such as: using the correct base image, containing updated versions of critical libraries, or obtaining tags which verify the image has passed through a continuous integration and delivery pipeline. This work will enable tighter integration with Quay features like Container Security Scanning.
Right now we’re focused on the upcoming Kubernetes v1.5 release, and working to improve authentication, cluster lifecycle, cluster ops, instrumentation, and testing. Version 1.5 is scheduled for release in early December.
CoreOS Projects in the Kubernetes Ecosystem
In addition to features and fixes in each Kubernetes release, several projects originated at CoreOS are key components of Kubernetes, like etcd, or are essential support tooling for the orchestrator.
- etcd - Anyone running Kubernetes is running etcd, a reliable distributed key-value store introduced by CoreOS. In Kubernetes, etcd provides the primary backing store for all cluster state and data, employing the Raft consensus algorithm to keep distributed cluster metadata correct available.
- Prometheus - Prometheus, the second project in the CNCF, has CoreOS engineers contriubting heavily. Prometheus is a monitoring and alerting system that natively consumes Kubernetes metrics and APIs. The CoreOS team includes Fabian Reinartz as one of the four core maintainers and Frederic Branczyk working on important parts of the project and the Prometheus Operator.
- Bootkube - A Kubernetes Incubator project introduced by CoreOS that can deploy self-hosted Kubernetes clusters. Installation of Kubernetes as a self-hosted system is a critical component of our vision to make Kubernetes simple to install and manage anywhere. Bootkube is informing the improvements necessary with working code and real cluster installation to make self-hosted the best deployment option for Kubernetes.
- Localkube - As a part of the Minikube project, this is an easy way for you to get started using Kubernetes on your laptop. If you want to experiment with Kubernetes, this helps you get up and running easily.
- Operators - A class of Kubernetes agents that represents human operational knowledge in software. These application-specific controllers extend the Kubernetes API to create, configure, and manage instances of complex stateful applications on behalf of a Kubernetes user. They build upon the basic Kubernetes resource and controller concepts, but include domain or application-specific knowledge to automate common tasks. An etcd Operator and Prometheus Operator were introduced last week.
CoreOS staff nominated for CNCF Community Award
Our team actively contributes to the Kubernetes ecosystem. In fact, four of our teammates are nominated for the first-ever Cloud Native Computing Foundation Community Award. The winner will be announced in Chris Aniszczyk’s keynote this Wednesday at KubeCon. Xiang, Fabian, Hongchao and Euan will all be on site at KubeCon this week. Drop by the CoreOS booth and say hello.
Xiang Li has been instrumental to the development of etcd and Kubernetes. He is the author of a Raft implementation in Go, which is the key enabler of a number of modern distributed systems, like CockroachDB, TiDB, Dgraph, Docker Swarm, and Kubernetes. He created and is a maintainer of etcd - a distributed reliable key-value store for storing critical metadata and distributed coordination.
Fabian Reinartz’s work on Prometheus expands the reach of the cloud native ecosystem. He has contributed immensely to Prometheus’s general development, and added features like the highly available Alertmanager and integration with Kubernetes.
Hongchao Deng is a prolific committer to open source cloud native projects. He has contributed a diverse group of primary features for etcd v3, Kubernetes, and on scale and performance testing of apiserver and of the Kubernetes scheduler.
Euan Kemp’s work mainly focuses on the rktnetes project, making the rkt container runtime a first-class citizen in Kubernetes. He has also contributed to fixing networking issues, improving testing code for various Kubernetes components (especially relating to the kubelet), and patching any rough edges as he encounters them.
Delivering Kubernetes to the enterprise with CoreOS Tectonic
Last week, CoreOS celebrated the one year anniversary of the general availability of [Tectonic](https://tectonic.com]. In Tectonic, we deliver all the innovation from the upstream Kubernetes community, and extend this with tools and utilities to ease adoption for enterprise use cases. Businesses need simple installation, management, and monitoring capabilities, along with reliable security. Tectonic delivers these features atop pure open-source Kubernetes
With Tectonic, our development philosophy is to work with the community to enable these capabilities, and allow anyone to extend Kubernetes to include them. Last week, we announced a new class of software in Kubernetes, called an Operator. This is a direct representation of our Kubernetes community philosophy. Operators are Kubernetes agents that represent human operational knowledge in software to reliably manage and scale complex applications atop Kubernetes. Tectonic works with the Operator framework to provide enterprise features to our customers.
We also align Tectonic releases with the Kubernetes release version, so that Tectonic 1.4 includes Kubernetes 1.4. We only include the pure upstream codebase – not a Kubernetes fork –so that our customers not only get all the latest innovations from the community, but also avoid lock-in to a specific vendor’s version.
Ultimately, we partner with our customers to help them succeed with Kubernetes, and with the community to help Kubernetes itself succeed. Our involvement allows us to deliver not just great tooling for the platform, but also the best customer support, deployment services, and maintenance for Kubernetes.
With Tectonic, that support is delivered by some of the Kubernetes community’s most active producers, not just packagers of the software.
KubeCon - Celebrate with the community
We will celebrate the amazing growth and success of the Kubernetes community at KubeCon this week. The first KubeCon in November 2015 had close to 500 attendees. In one year the conference has doubled in size to bring in 1,000+ attendees and an even better slate of speakers and experts. Come see our talks, visit the CoreOS booth, and join us for our evening events. We have six speakers giving 10+ talks, so you'll have plenty of opportunities to learn more from CoreOS Kubernetes experts.
Tectonic Summit: The enterprise Kubernetes event
If we don’t see you at KubeCon, join us at Tectonic Summit, CoreOS’s enterprise Kubernetes event happening in New York City on December 12 and 13.