►
Description
OpenShift Commons Gathering December 5th 2017 Austin, Texas
Aparna Sinha, Google
A
So-
and
this
is
my
twitter
handle
AP,
but
nagger
in
case,
you
want
to
follow
me
or
you
know,
reach
out
to
me
there.
So
Diana
asked
me
to
talk
about
kubernetes,
1.8
and
beyond.
So
what
is
happening
in
1.9
and
what's
happening
next
year?
I
wanted
to
start
with
a
question
that
actually
my
husband
asked
me
just
the
other
day.
He
said
you
know
you
lead
kubernetes
for
Google.
It's
sounds
like
you
know.
It's
kind
of
popular
I
saw
it
on
Hacker
News.
Why
is
it
popular?
A
Do
you
understand
why
users
like
and
why
do
they
choose
kubernetes?
It
sounds
like
a
complicated
name
and
maybe
a
complicated
technology,
so
I
started.
Thinking
about
that
and
I
wrote
down
a
few
reasons.
You
know
that
I've
heard
in
other
talks.
Well,
it's
open
source.
So
what
you
see
is
what
you
get.
It's
got
a
great
community.
You
know
Red
Hat
as
part
of
it
there's
lots
of
other
companies.
So
you
know
that
it's
a
project
that's
gonna,
go
on.
There
are
very
frequent
releases.
A
Actually
the
technology
makes
it
efficient
to
use
your
underlying
hardware,
so
you
know
some
people
use
it
because
of
that
reason,
and
then
it
runs
anywhere
and
then
lastly,
it's
fast
deployment.
So
these
are
all
reasons
that
I've
heard
and
you've
heard
and
probably
experienced
some
of
these,
but
I
think
that
there's
a
there's
a
real
reason
here,
which
is
behind
all
of
this
and
more
important
than
than
others.
So
what
is
that
reason?
I
think
to
understand
that
and
we
had
a
great
talk
by
Telus.
That
was
a
good
example.
A
Let's
take
a
look
at
what
enterprise
IT
environment
looks
like
and
the
more
I
talked
to
users.
The
more
I
understand
this,
particularly
large
enterprise,
IT
environments.
There
is
a
lot
of
different
types
of
applications,
a
lot
of
different
versions
of
operating
systems,
not
a
lot
of
upgrades.
It's
a
fairly
complicated
environment
and
I
worked
in
that
environment
for
the
early
part
of
my
career,
and
it's
it's
not
easy.
But
what
I've
seen
is
that
every
Enterprise
IT
organization
is
interested
in
the
latest.
They
want
to
be
able
to
do
things
quickly.
A
They
want
to
latch
on
to
the
most
most
compelling
technology
and
it's
important
for
their
business,
so
that
so
they
do
that.
But
often
it
takes
two
to
three
years.
I've
heard
customers
tell
me
it
takes
two
to
three
years
to
introduce
that
new
technology
and
at
the
end
of
that
it
doesn't
actually
give
you
the
benefits
that
you
that
you
sought.
A
So
that's
the
status
that
I've
seen
and
I
think
we
heard
that
a
little
bit
from
Telus
as
well,
so
I
think
the
reason
that
people
choose
kubernetes
and
my
husband
actually
kind
of
educated
me
on
this-
is
because
of
this
last
thing,
the
fast
deployments,
if
in
an
enterprise
environment
that
is
pretty
complicated,
you
can
get
in
there
and
you
can
do
cube.
Cuttle
applied
a
chef
and
you
know
everything
deploys.
A
You
can
deploy
many
many
times
a
day
and
the
Telus
folks
told
us
that
they
went
from
deploying
once
a
week
to
deploying
400
times
a
day.
That's
a
huge
change
and
I've
seen
many
customers
tell
me
you
know
we
did
that
demo.
You
know
my
CIO
got
up
and
he
showed
that
to
the
board
and
for
the
first
time
we
had
something
that
worked
really
quickly
and
gave
us
the
benefits.
I.
Think
when
you
can
do
that,
you
look
like
a
superhero.
That's
right!
That's
superhero,
costume
here!
So
that's
great!
You
know,
that's
wonderful!
A
You
know
the
next
thing
my
husband
asked
me
okay,
so
so
you
can
deploy
faster
great
so
one
day,
that's
hopefully
gonna
become
ubiquitous
and
then
you
know
you
can
retire
and
hopefully
there'll
be
other
things
on
top
of
kubernetes
and
I.
Do
hope
that
I
do
hope
that
it
becomes
ubiquitous
and
and
disappears.
That's
that's
my
hope
for
the
future
of
kubernetes,
but
the
reality
is
that
kubernetes
is
a
small
section
of
the
enterprise
today.
A
The
present
reality
is
a
very
hybrid
mixed
reality.
There
is
a
lot
of
traditional
Enterprise
IT.
There's
a
lot
of
virtualized
non-kin
systems
and
then
there's
a
small
portion.
That's
fully
managed
and
optimized
for
containers,
that's
running
kubernetes
and
that
exists
because
of
that
that
great
deployment
benefit,
but
in
fact
our
system
has
to
live
in
this
in
this
reality.
So
back
to
my
topic,
which
Diana
asked
me
to
talk
about
1.8
1.9,
what
are
we
doing
this
has
to
this
has
to
be
based
on
this
reality
and
I.
Think
it
is.
A
Our
community
is
looking
at
what
matters
to
customers
and
how
can
we
build
a
project
that
actually
caters
to
those
needs?
So
I
think
you
know
a
lot
of
customers
want
to
move
to
the
cloud,
whether
it's
a
private
cloud
or
it's
a
public
cloud.
They
want
to
move
as
they
can
there's
a
lot
of
workloads
that
are
on-premise,
that
that
want
to
have
that
developer
productivity
that
want
to
have
that
benefit.
On-Premise
an
open
shift
provides
that
they
also
want
a
consistent
environment.
A
They
want
to
have
the
same
environment
in
the
cloud
as
they
do
on
premise.
Why?
Because
they
don't
have
to
train
their
teams
twice
or
thrice
for
multiple
environments,
both
their
operations
teams
and
their
developer
teams
and
kubernetes
is
a
good
base
for
that.
But
then,
at
the
end
of
the
day,
every
Enterprise
needs
something:
that's
secure,
that's
private
and
auditable.
So
these
are
actually
the
principles
that
also
drive
the
kubernetes
roadmap
as
it
matures
as
a
product.
A
How
can
we
make
sure
that
users
can
use
it
in
any
environment
so
that
they
can
move
where
they
want
to
at
their
own
pace?
How
can
we
make
sure
that
their
services
run
everywhere?
There's
a
huge
huge
effort
there
in
the
community,
around
kubernetes,
conformance
and
I'll
talk
a
little
bit
about
that,
and
then
how
can
we
make
sure
that
it's
private
and
it's
secure
and
it's
auditable
and
an
open
shift
is
quite
quite
ahead
in
those
in
those
areas.
A
So
the
themes
for
the
last
two
releases
of
upstream
kubernetes,
one
eight
and
one
nine
one
nine
is
coming
out
in
a
week
we're
stability
and
conformance
security
and
extensibility
and,
as
you
can
see,
these
play
to
those
needs.
We're
really
trying
hard
as
a
community
to
make
sure
that
kubernetes
fits
in
with
the
environment
and
can
enable
it's
users
to
expand
that
footprint,
so
can
enable
tell
us
to
go
from
200
applications
to
all
of
their
applications.
A
So
I'm
gonna
go
through
some
of
the
features
in
1.8,
really
along
the
lines
of
the
themes
of
Sakura
bility.
We
really
matured
the
security
framework,
so
role
based
access
control,
moves
to
GA
or
stable,
which
means
that
you
know
it
has
a
long-term
API
stability
guarantee,
not
a
lot
of
changes,
a
lot
of
maturity
that
happened
there
and
it
becomes
on
by
default.
Also
network
policy
and
Clayton
actually
covered
a
lot
of
these
things
in
Clayton
and
Matt
or
Mike
I.
Think
they
covered
a
lot
of
this
in
their
talk.
A
You
also
get
the
east-west
security
and
the
ability
to
set
policies
at
an
l7
level
and
that
really
truly
gets
to
a
compelling
enterprise
product
that
has
that
has
end-to-end
security,
so
that
that's
one
maturing
the
security
and
the
thing
that's
gonna
continue
through
the
at
least
the
first
half
of
2018
second
piece
under
stability
is
the
graduation
of
the
workloads
API,
so
the
workloads
API
is
actually
broken
into.
There's
the
apps
API
and
the
batch
API
apps
consists
of
deployments,
which
has
been
one
of
the
longest
standing
objects
in
kubernetes.
A
It's
finally
graduating
to
stable
as
part
of
the
overall
apps
workloads,
API,
so
deployments.
Daemon
sets
replica
sets
and
stateful
sets
all
four
of
those
are
graduating
to
stable
in
a
couple
of
weeks,
which
is
a
huge
accomplishment,
and
what
is
what
is
what
the
community
has
done?
There
is
to
really
rationalize
those
make
sure
that
they're
consistent
with
each
other-
and
you
know,
they'll
be
available
by
default
in
1-9
and
I.
Think,
what's
really
cool
is
that
you
know
again
deployments
and
replica
sets
are
the
oldest
and
very
broadly
used.
A
People
are
always
asking
me:
when
are
you
moving
that
to
stable?
Why
is
that
not
stable
already,
but
stateful
sets
actually
in
Demon's
sets.
These
are
newer
and
that
that
the
community
is
has
brought
those
forward
together.
I
think
really
shows
our
commitment
to
to
allowing
you
to
run
all
of
these
workloads
side
by
side
together
in
one
environment
and
that's
the
whole
consistency
and
resource
efficiency
benefit.
A
Batch
workloads
has
also
moved
forward,
so
cron
jobs
finally
moved
to
beta,
and
we
expect
that
to
move
to
stable
over
the
course
of
next
year.
So
that's
that's.
That's
one
stability.
The
second
piece
here
is
on
extensibility,
so
CRD
is
replaced
GPRS.
We
have
a
lot
of
33
letter,
acronyms
I'm,
not
even
sure
that
I
can
keep
them
accustomed.
Resource
definitions
is
CR
DS,
which
is
a
you
know,
and
that's
now
moved
to
beta.
A
That's
a
great
way
of
extending
kubernetes
replaced
third-party
resources,
which
was
a
previous
version,
but
the
the
real
gist
behind
this.
The
thrust
behind
it
is
to
allow
you
to
extend
kubernetes
to
add
a
custom,
API
or
a
custom
resource
or
a
custom
controller
to
kubernetes
and
I
think
this
is
particularly
important
in
consuming
the
rest
of
the
kubernetes
ecosystem.
A
So,
for
example,
if
you
want
to
run
service
catalog
or
you
want
to
run
SEO
on
top
of
kubernetes
along
with
kubernetes,
and
these
are
ways
to
extend
your
kubernetes
environment
to
non
kubernetes
environment,
you
use
C
RDS
or
you
use
some
of
these
extension
mechanisms
to
run
those
pieces
on
top
of
kubernetes.
So
those
are
the
three
I
would
say,
major
things
maturing
security
maturing
applications
and
workloads
and
extensibility,
and
that
in
in
1.8
there
are
also
experimental
features.
A
Experimental
features
being
alpha
features
so
particularly
in
scheduling
priority
and
preemption
moved
to
alpha
and
I
think
it
will
continue
to
graduate.
This
really
gives
you
more
sophisticated
scheduling,
capabilities
and
we've
been
working
on
that
over
the
course
of
this
year.
I
think
where
that
really
takes
us
is
towards
multi-tenancy,
so
that
you
will
be
able
to
schedule
multiple
different
types
of
workloads
and
types
of
users
inside
the
same
cluster.
Hopefully,
a
larger
cluster
and
get
a
lot
more
resource
efficiency
from
that
cluster,
and
then
the
storage
storage
sig
has
done
a
lot
of
maturation.
A
There's
a
lot
of
expanding
work
in
kubernetes,
on
supporting
big
data
through
spark
and
and
also
through
supporting
GPUs
nml,
so
I
think
that's
gonna
be
a
huge
theme
in
the
coming
year.
These
are
some
of
the
overview.
That's
that's
actually
just
an
overview.
I
have
a
little
bit
more
detail,
but
I
won't
go
through
all
of
it.
I
think
everyone
is
aware
of
what
role
based
access
controls
are,
and
it's
a
it's
a
GA
feature.
It
allows
admins
to
really
dynamically
define
roles
and
enforce
them
at
a
very
granular
level.
A
On
resources
on
pods,
on
specific
name
spaces
within
kubernetes,
it's
a
very
rich
security
security
feature
and
then
network
policy.
The
I
talked
about
network
policy
already,
the
the
the
combination
of
network
policy
and
Sto
really
provides
that
end-to-end
security
and
a
lot
of
these
Network
policy
implementations
like
calico
can
be
used
not
only
for
kubernetes,
but
also
for
the
rest
of
your
infrastructure.
So
again
talking
about
hybrid,
you
want
to
set
network
policy
on
services
that
may
be
running
on
bare
metal
sto
as
well.
A
It
can
be
used
beyond
kubernetes
so
to
set
east-west
communication
for
services
that
are
not
running
in
kubernetes
and
the
same
thing
with
open
service
broker.
Again
that
allows
you
to
bring
in
services
that
are
potentially
legacy,
services
or
services
that
are
running
in
VMs,
and
so
that
you,
you
can
see
how
kubernetes
is
adopting
these
open
source
pieces
that
allow
you
to
have
that
hybrid
environment.
A
This
is
the
workloads.
Api
I
talked
about
this,
so
this
is
kind
of
in
the
road
to
GA
and
in
1:8
everything
moved
to
we
v1
beta
2
and
then
in
1:9.
We're
moving
to
stable
and
and
the
the
I
think
that
the
key
piece
here
is
kubernetes
is
an
open
source
project.
It
really
moves
at
a
frenetic
pace
and
a
lot
of
times.
Users
don't
have
visibility
into
what's
coming
coming
in
the
future.
A
We're
trying
to
provide
a
sort
of
formats
for
how
we
graduate
a
pis
and
the
workloads
API
is
an
example
of
that.
So
we
sort
of
you
know,
move
it
into
a
group.
We
go
from
two
beta
1
and
then
we
go
to
beta
2
and
then
we
go
to
kind
of
stable
and
that's
the
first
version,
and
then
it
has
a
deprecated,
long
term
deprecation
policy,
so
we're
trying
again
to
provide
a
framework
that
we
intend
to
use
for
other
api's
as
well.
A
A
If
you
could
extend
that
with
you
know
your
own
custom,
API
or
bringing
in
things
like
the
the
service
catalog,
which
is
a
Cygnet
of
itself-
and
it
provides
you
the
ability
to
essentially
bring
in
a
whole
other
API
in
this
case,
to
create
services
to
bind
the
services
and
clayton
talked
about
this
as
well.
This
is
very
powerful.
You
know
you
can
bring
in
any
kind
of
third
party
API
or
your
own
api's,
and
they
look
just
like
kubernetes.
A
Api
is
and
they're
accessible
from
cube
cuttle,
which
is
really
fantastic,
so
I
think
when
we
think
about
all
of
the
the
roadmap,
the
stability,
the
security
and
the
extensibility
pieces,
you
kind
of
start
to
see
the
blueprints
of
how
you
would
run
in
this
hybrid
enterprise
environment
with
kubernetes,
so
you
have
kubernetes
for
the
cloud
native
portion
where
developers
can
really
develop
fast
and
they
can
develop
new
applications
410
and
and
deploy
them
400
plus
times
a
day.
But
ultimately
you
know
that
hopefully
becomes
something:
that's
invisible.
You
can
use
SDO
to
connect.
A
So
it's
essentially
kind
of
becomes
like
a
SAS
like
infrastructure
inside
an
IT
environment,
and
this
is
very
similar
to
how
Google
operates,
and
so
you
know
we're
very
excited
about
seeing
this
happen
in
the
rest
of
the
world.
I
think
it's
quite
differentiated
from
you
know
the
way
people
have
been
thinking
about
hybrid
cloud
and
Enterprise
IT
in
the
past,
because
it's
very
much
developer
focused
its
services
led,
are
not
infrastructure,
led
it
incorporates
legacy
and
modern
at
the
same
infrastructure
and
then,
ultimately,
it's
open.
So
it
can
run
anywhere
in
its
multi
cloud.
A
So
that's
pretty
much
it
I.
Think
beyond.
As
I
look
at
2018,
we
are
going
to
continue
the
focus
on
stability,
graduating
more
of
the
api's
to
stable,
we're
going
to
focus
heavily
conformance,
the
conformance
program
land
launched
actually
between
1/8
and
1/9.
An
open
shift
was
part
of
that.
There
were
30-plus
vendors
that
that
announced
conformance.
What
this
really
means
is
that
you
can
now
run
your
applications
on
kubernetes
and
whether
you
go
to
Google
or
you
go
to
some
other
cloud
or
you
go
to
an
another
vendor.
A
I
think
there's
huge
amount
of
work
on
continuing
security
and
enhancing
security
in
kubernetes
building
multi-tenancy
into
that
into
kubernetes
at
the
pod
level,
at
the
node
level,
at
the
namespace
level
and
and
of
course
augmenting
that
with
is
geo,
so
I
think
2018
will
be
a
huge
year
for
that
you'll
see
really
enterprise
readiness
on
the
security
set
aside
and
then
extensibility,
so
that
you
can
build
on
top.
You
can
add
customization
I,
think
also.
A
What
you'll
start
to
see
is
a
focus
on
applications
so
that
the
the
underlying
infrastructure
can
start
to
disappear
a
bit
and
there
could
be
a
much
greater
focus
even
in
the
upstream
code
on
applications,
clayton
talked
a
little
bit
about
the
definition
of
what
is
an
application.
That's
a
huge
piece
of
what
the
community
is
gonna
be
working
on
in
2018.
So
that's
what
I
see
beyond
looking
forward.
I
hope
that
you
know
in
the
future.
Once
we've
you
know,
once
we've
progressed
further,
everyone
will
be
able
to
start
writing
code
immediately.
A
There's
no
need
to
file
a
ticket,
and
you
know
they'll
be
able
to
reuse
services
out
of
the
box
and
secure
them
easily.
If
there's
a
fault,
you
know
they'll
recover
quickly
and
they'll
only
pay
for
the
resources
they
consumed
and
the
and
the
infrastructure
will
essentially
take
care
of
all
of
that,
so
very
much
in
line
with
the
vision
that
the
Telus
folks
that
the
applications
will
hopefully
write
themselves.