A Day in the Life of a Data Scientist Conquer Machine Learning Lifecycle on Kubernetes Brian Redmond • Cloud Architect @ Microsoft (18 years) • Azure Global Black Belt Team • Live in Pittsburgh, PA Repeatable/consistent • CI/CD • This has worked well for App Dev. Now time for AI/ML • But, must ensure data scientist are not hindered by structure Why Containers, Kubernetes & Helm? • Container • Contains Scalable • Easy to explore hyper-parameters space • Easy to do distributed training But really, Data Scientists shouldn’t have to care about containers, kubernetes and all that stuff • Pachyderm can

缺乏交互、复用、可移植能 力。不同重复造轮子只是适 配不同 API 如何基于 K8s ，构建出一个既用户友好，又高可扩展，还 统一、标准化的应用管理平台？ 简单的“客户端”抽象： DCL (Data Configuration Language) 对 K8s 资源进行抽象实际上就是在操纵 YAML 数据，通过 DCL 来完成相比于 CRD + controller 更简单 CUE • 功能强大：专注于操纵数据，而不是写 Manual Scaler K8s Operators Kubernetes + OAM K8s Plugin HPA Deployment scale-to-0 Function Unified Model Layer Platform Capability Pool 统一的模型层 平台统一“能力池” 模块化的交付系统 - GitOps “应用”配置 Git (as source of KubeVela = OAM Kubernetes Runtime + Capability Center + UI (Cli + Dashboard) KubeVela Ø User interface layer - CLI/Dashboard/Appfile Ø KubeVela core - OAM Kubernetes Runtime to provide application level

scale • Reduce the learning curve for customer and ourselves • Get consistent user experience and data, leverage with PaaS capability • Facilitate our PaaS and micro-service product Kubernetes Capabilities/Advantages agent to collecting log data ElasticSearch ElasticSearch Monitor/Alert Service CronJob Node Pod Node Pod Unified logging、monitoring、alert with PaaS Consistent data Node group of build nodes configuration and history in MySQL • Logging in central logging service - ElasticSearch • Metric data in monitoring system - prometheus • Alertmanager to invoke various alert and related actions docker

locations with the use of groundbreaking technologies, to enable decision-making at the point of data collection. Fast, insight-driven decision-making in highly dynamic and dangerous conditions is Allen’s innova- tive edge computing solution, SmartEdge, addresses the increasing need to gather data in real time and perform analysis at the point of collection, supplying imme- diate insight which battlefields. The an- alytics enabled and performed by Smart- Edge allow battalions to make real-time, data-driven decisions which dramatically improve operational outcomes and in- crease the probability

��1�DaemonSet or Sidecar • �����DaemonSet • ���PASS���Sidecar DaemonSet Sidecar ��2��������� /app/data/logs Sidecar ������� ������ ����� ����� ��� ���� • �����40����40GB SSD • 5W�����2PB SSD ������� structured Data SQL�NoSQL Log Service / LogShipper Mobile & Web IoT Mobile Logs Web Text & Logs Services & Languages IoT & Devices Camera �� Log Service / LogHub Real-time Data Stream �� Log Service / Dashboard ��� Stream Processing SparkStreaming Function Compute Hadoop HIVE Big Data Analytics Batch Processing Pig PAI MaxCompute EMR Interactive Analytics DLA Log Service /

Applications • Functions provided by host kernel are not satisfied • OpenStack is too complex • Unified infrastructure • Better isolation VM related Projects Virtlet KubeVirt RancherVM Kata Container

file system etcd Recommendation: Use two-layers of encryption, e.g., full-disk & application-layer … then tries to decrypt it https://xkcd.com/538/, https://xkcd.com/license.html Key rotation intensive cryptanalytic attacks ● A cryptoperiod is the time during which a key is used to encrypt data Key rotation: cryptoperiod There are lots of factors that influence the choice of cryptoperiod Strength of cryptographic algorithms used ○ Implementation ○ Operating environment ○ Volume of data ○ Re-keying method ○ Number of key copies ○ Personnel turnover ○ Threat model ○ New and disruptive

different CaaS and PaaS systems • NSX Infra layer: Implements the logic that creates topologies, attaches logical ports, etc. based on triggers from the Adapter layer • NSX API Client: Implements a standardized Developer Structured Data Metrics Alerts Events VMware vRealize Operations Capacity, Performance and Configuration Management Events Launch in Context Unstructured Data Logs Messages VMware

"key1" : "value1", "key2" : "value2" } 类似以下信息可记录到Annotation中： 由declarative configuration layer管理的字段。将这些字段附加为Annotation，可将它们与客户端或服务器设置的默 认值、⾃动⽣成的字段或以及auto-sizing或auto-scaling的系统所设置的字段区分开。 构建信 capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: "/mnt/data" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pv-claim spec: storageClassName: 发布了5个“example.com/foo”资源。 curl --header "Content-Type: application/json-patch+json" \ --request PATCH \ --data '[{"op": "add", "path": "/status/capacity/example.com~1foo", "value": "5"}]' \ http://k8s-master

check … • Service: LoadBalancer, Headless, Service Discovery(PrivateZone) • Ingress: Aliyun 7-Layer LoadBalancer • Volumes: emptyDir, NFS, SecretVolume, ConfigMapVolume • Secret, ConfigMap • ServiceAccount • HTTP REST APIs and web applicated • Mobile backends • Continuous Integration Pipeline • Data Analytics • … Asynchronous Event Driven Stateless High dynamic Short Duration 14 -