KubeCon Copenhagen 2018 - Day 3

NOTE All credit for the slides in the pictures goes to their creators!

NOTE If you are in one of these pictures and want it removed, please contact me by email (see about/imprint page).

WIP This post is still work in progress! The content of this post can rapidly change. This note will be removed when the post has been completed. TODO

1. Proof read.

Welcome!

A warm "Welcome" if you are new to the three day post series from KubeCon Copenhagen, I recommend you to checkout the first day blog post too, here KubeCon Copenhagen 2018 Day 1 and the second day blog post, here KubeCon Copenhagen 2018 Day 2.

Morning Keynotes

Keynote: Kubeflow ML on Kubernetes - David Aronchick, Product Manager, Cloud AI and Co-Founder of Kubeflow, Google & Vishnu Kannan, Sr. Software Engineer, Google

Doing machine learning allowed Google to save up to 40% on their power bill.

Machine learning for cloud native, needs to be a) composable, b) Portability and c) Scalability.

If you want to run ML on Kubernetes, you are gonna have a bad time, but not anymore thanks to KubeFlow.

It takes an expert for just ML, running it in Kubernetes is hard too, but KubeFlow can help. They have released Kubeflow 0.1. It is built so that you can customize it as you want.

Their demo showed an example of ML usage for finding the likeliness of reviews.

The "normal" way without ML just used predefined words to see how likely the review is to be either a recommendation, neutral or bad.

TensorBoard can be used to see some metrics about the metrics.

It is able to run on "any" K8S cloud.

A Swedish city had used data science to reduce injuries through new snowfall by optimizing the snowplow paths.

Awesome, I will definitely try this out to get me started in ML. The end goal is to make Kubernetes to number one platform for ML.

Keynote: Running with Scissors - Liz Rice, Technology Evangelist, Aqua Security

"You might carry the scissors for miles before you cut yourself" - Liz Rice

Linux container isolation is mostly done through capabilities. A container run through Kubernetes (mostly likely also Docker) drops most "bad" capabilities/isn't even granted the capabilities on start.

securityContext:

• privileged: true gives all privileges.
• runAsNonRoot option sets the container to run the image as non root. Though the image needs to have USER 1000 (where 1000 isn't 0 aka root) to be able to run otherwise Kubernetes will not be able to run.
• runAsUser force container process to be started as user ID (same exists for supplemental groups).

For more information see the securityContext documentation: Kubernetes.io Documentation - Pod SecurityContext.

One can potentially use a volume mount of the pod to access files from hosts and because the UID is 0 aka root, everything can be done.

"We need to prevent us from running with scissors" - Liz Rice

1. Change applications Dockerfiles and add USER __YOUR_ID__ line.
2. Use tools like from Aqua Security.
3. Use PodSecurityPolicies.

Keynote: Scaling Deep Learning Models in Production Using Kubernetes - Sahil Dua, Software Developer, Booking.com

They run Deep Learning at huge scale.

They use it for:

• Image Tagging
• Translations
• Advertisement bidding
• And more..

Once they have the tags on the images the user is able to better search for certain factors of a hotel/room.

The workload for deep learning is immmensive. From 10 to 100s of GBs to sometimes even terrabytes of data to go through.

They choose Kubernetes because of the:

• Isolation
• Elasticity
• Flexibility

They don't put training data into the images. This removes the need to always repull the image. They simply use Hadoop or PVs to access/mount the training data.

I recommend to checkout the recording as he made a nice graphical visualization on their setup.

They use common code (possibly a library) which contains access instructions to the model(s). To that they containerize the application, but without the model in it. The model is loaded in memory "on demand" from Hadoop storage and then it begins to serve the predictions.

Keynote: Crossing the River by Feeling the Stones - Simon Wardley, Researcher, Leading Edge Forum

(blah, blah, blah)

Automatic Strategy Generator Online

'The End of cloud is neigh ...'

This was the funniest keynote, you have to checkout the recording of it if you weren't there.

Keynote: Closing Remarks – Kelsey Hightower, Kubernetes Community Member, Google & Liz Rice, Technology Evangelist, Aqua Security

"You feel the AC?" - Kelsey Hightower

The upcoming CloudNativeCon and KubeCon will be at:

• Shanghai, China: November 14-15. 2018
• Seattle, North America: December 11-13. 2018
• Barcelona, Europe: May 21-23. 2019

Talks

Rook Deep Dive – Bassam Tabbara, Tony Allen & Jared Watts, Upbound (Intermediate Skill Level)

full room for the @rook_io deep dive. actually 2 deep dives, one for developers and one for administrators. great job @tonya11en and @galexrt! pic.twitter.com/LqszC4Qzdl

— Jared Watts (@jbw976) May 4, 2018

First of all thanks for coming to the talk! A big thanks also goes out to Jared and Tony that I could talk about the administrative side of Rook. I really enjoyed helping with the slides.

I hope everyone liked the talk. If you have feedback about the talk, get in touch with Jared, Tony or me.

Be sure to follow Jared's Twitter @jbw976.

Kubernetes Runs Anywhere, but Does your Data? - Jared Watts, Upbound (Beginner Skill Level)

@jbw976 fills the auditorium talking about portability of stateful workloads across clouds? #kubecon @rook_io pic.twitter.com/bmqkmVaBbS

— bassam (@bassamtabbara) May 4, 2018

Kubernetes runs anywhere (even on a robot vacuum cleaner). The power of Kubernetes is also Portability.

There are abstractions for running applications in Kubernetse but also already for Storage in general. Storage abstraction is available through PersistentVolumes, PersistentVolumeClaims and more.

The provisioning is still more in the background than consuming storage. This will change with ContainerStorageInterface (CSI).

To be able to run stateful applications anywhere you need a portable storage solutions. CRDs can be used to create abstractions.

On the first day you deploy, on the second you support it (Day 2 operations).

The new WIP CockroachDB and Minio operator were show cased next to the Ceph one.

Summary

As always KubeCon was awesome. I met amazing people, had very interesting talks and found new contacts.

Have Fun!