A Day in the Life of a Data Scientist Conquer Machine Learning Lifecycle on Kubernetes Brian Redmond • Cloud Architect @ Microsoft (18 years) • Azure Global Black Belt Team • Live in Pittsburgh, PA Repeatable/consistent • CI/CD • This has worked well for App Dev. Now time for AI/ML • But, must ensure data scientist are not hindered by structure Why Containers, Kubernetes & Helm? • Container • Contains Scalable • Easy to explore hyper-parameters space • Easy to do distributed training But really, Data Scientists shouldn’t have to care about containers, kubernetes and all that stuff • Pachyderm can

docker # docker info ★配置docker服务使用systemd去管理（以及信任本地镜像仓库） # vi /etc/docker/daemon.json { "data-root": "/docker_data", "registry-mirrors": [ "h�ps://cof-lee.com:5443" ], "insecure-registries": [ "cof-lee /etc/docker/daemon.json <data-root": "/docker_data", "registry-mirrors": [ "h�ps://cof-lee.com:5443" ], "insecure-registries": [ "cof-lee init --config /etc/kubeadm-init.yaml #初始化集群 当出现Your Kubernetes control-plane has ini�alized successfully!这行时说明初始化 k8s成功了 记住最后2行命令，是用来让node结点加入集群的命令（含token） ★第2章、部署k8s版本>=1

Apache Beam TensorFlow Service Communication Management Container Orchestration Data Processing Pipelines Data Flow Graphs for Machine Intelligence Kubernetes Contributors opensource.google.com installation ● Private container registry support ● Latest 3 versions of k8s ● High-availability control plane ● Auto-repair Installation and Configuration $ gke-on-prem create cluster --dry-run Welcome! This .10.3... DONE Path to kubeconfig for the GKE On-Prem Admin Control Plane (leave empty to create it): A GKE On-Prem Control Plane will be created. Would you like to use existing CA? [1] I'll provide

Iptables is widely adopted in popular Linux distributions • Cons • O(N^2) in control plane / O(N) in data plane • Poor in scheduling algorithm • Iptables rules are difficult to debug IPVS mode • Services in hash table • IPVS DNAT • conntrack/iptables SNAT • Pros • O(1) time complexity in control/data plane • Stably runs for two decades • Support rich scheduling algorithm • Cons • Performance cost Post-route Iptables snat Conntrack Post-route Pre-route IPVS entry BPF SNAT IPVS mode data path IPVS-eBPF mode data path How eBPF does SNAT • Why does SNAT with eBPF • eBPF program is easy to deploy

Affiliates. All rights reserved. Amazon Confidential Amazon EKS 服务路线图摘要 已发布 - Amazon EKS control plane logs - Support for public IP space in VPC - Amazon EKS: Deep Learning Benchmarking Utility WORKER NODE 配置 升级 加固 监控 NETWORK 配置 VPC 网络策略 路由表 NACLs 数据 网络流量保护 客户端加密 服务端加密 EKS CONTROL PLANE CONTROL PLANE 配置 PRIVATE CONTROL RBAC 策略 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights password) { • business core data • Personal Identifiable Information (PII) • gotchas: leaks, GDPR (in Europe) { host container dependencies code config user data © 2019, Amazon Web Services

cluster Need an initial control plane to bootstrap a self-hosted cluster Bootkube: ● Acts as a temporary control plane long enough to be replaced by a self-hosted control plane. ● Run only on very first control plane components (Kubernetes) Power cycling the entire control plane (Kubernetes) Permanent loss of control plane (External tool) Disaster Recovery Permanent loss of control plane ● Similar

supports an underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. ​Currently no automatic takes place Kubernetes -> container runtime -> Linux -> hypervisor (optional) ​Kubernetes control plane manages desired policy. ​Enforcement passes Pod -> container runtime -> Linux OS ​Cgroups are used automated evacuation before host failure. 25 Configuring HA restart priority Ensure etcd, control plane starts first, and Prodsystems before others

supports an underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. Currently no automatic takes place Kubernetes -> container runtime -> Linux -> hypervisor (optional) Kubernetes control plane manages desired policy. Enforcement passes Pod -> container runtime -> Linux OS Cgroups are used automated evacuation before host failure. 26 Configuring HA restart priority Ensure etcd, control plane starts first, and Prodsystems before others 27 The VMware SIG Charter Link to join group: https://groups

clustered across Master Nodes • Contains all state known about cluster • Kubernetes Front-end Control Plane • Provides RESTful interface • Returns state objects as JSON • Provides core control loops for Developer Structured Data Metrics Alerts Events VMware vRealize Operations Capacity, Performance and Configuration Management Events Launch in Context Unstructured Data Logs Messages VMware

控制措施 如何查核 如何查核 參考資訊 預設配置 原因理由 如何查核 1. 控制平面元件 (Control Plane Components) 2. etcd 狀態資料庫 3. 控制平面設置 (Control Plane Configuration) 4. 工作節點 (Worker Node) 5. 政策 (Policies) ©2019 VMware