Docker and Kubernetes at the university
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 94 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45802 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FrOSCon 201868 / 94
3
7
9
10
13
14
16
19
21
23
25
28
29
30
31
32
33
36
37
39
40
41
43
44
46
48
49
50
53
54
57
67
75
76
77
80
81
85
90
91
92
93
00:00
Open sourceFreewareNeuroinformatikBuildingSlide ruleComputer scienceBitLevel (video gaming)Computer animationLecture/Conference
00:48
Open setAreaComputerStudent's t-testFocus (optics)Information securityComputer networkSoftwareOpen sourceUniverse (mathematics)Information securityFocus (optics)SoftwareStudent's t-testAreaComputer scienceMathematicsPerspective (visual)Computer animation
01:43
AreaComputerStudent's t-testFocus (optics)Computer networkInformation securitySoftwareOpen sourceFreewarePerspective (visual)Computer scienceMathematical physicsComputer programmingNeuroinformatikPhysicalismOpen sourceSoftwareMultiplication signAreaCASE <Informatik>Expert systemFeedbackUniverse (mathematics)Content (media)Computer animationLecture/ConferenceMeeting/Interview
03:13
Personal digital assistantImplementationOpen setContent (media)AreaCASE <Informatik>Universe (mathematics)Software testingSoftware developerMultiplication signArtificial neural networkRight angleComputer animation
05:26
Open setWeb pageComputer-generated imageryRight angleGoodness of fitMereologyCartesian coordinate systemConfiguration spaceLibrary (computing)Computer-generated imageryMedical imagingSoftwareLatent heatXMLComputer animation
06:44
Integrated development environmentRun time (program lifecycle phase)Computer networkVertex (graph theory)Chemical equationGroup actionError messageOpen sourceSystem programmingData managementConfiguration spaceElectric currentControl flowPlane (geometry)Integrated development environmentInformation securityCartesian coordinate systemSoftwareWeb applicationFront and back endsPerfect groupDatabaseCASE <Informatik>DebuggerMixed realityBitXMLComputer animation
07:30
Vertex (graph theory)Configuration spaceControl flowPlane (geometry)Electric currentOpen sourceFreewareChemical equationGroup actionError messageSystem programmingData managementSystem programmingData managementOpen sourceInformationScaling (geometry)State of matterPlanningError messageWeb serviceCrash (computing)Game controllerStructural loadMereologyGroup actionConfiguration spaceMultiplicationChemical equationRight angleComputer animation
08:44
Installation artCondition numberProcess (computing)SoftwareOpen sourceFreewareUniverse (mathematics)CASE <Informatik>BitProjective planeDifferent (Kate Ryan album)Multiplication signOrder (biology)XMLComputer animation
09:31
Installation artCondition numberProcess (computing)SoftwareOrder (biology)Latent heatSoftwareCASE <Informatik>Right angleEntire functionCodeLecture/ConferenceComputer animation
10:24
Installation artFreewareOpen sourceCondition numberProcess (computing)SoftwareSoftwareRevision controlResultantMathematicsMultiplication signProjective planeFrame problemBitComputer animation
11:39
ComputerInstallation artServer (computing)Software maintenanceInformation securitySystem programmingComputerBitCASE <Informatik>QuicksortSystem programmingMassReal numberServer (computing)Information securityDistribution (mathematics)Data storage deviceNeuroinformatikRight angleNormal (geometry)Software maintenanceComputer animation
13:08
Support vector machineData managementSystem programmingSoftware maintenanceInformation securityPatch (Unix)Open sourceFreewareVirtual machineVirtualizationPhysicalismData managementQuicksortSoftware maintenanceDistribution (mathematics)System programmingProjective planeSemiconductor memoryPatch (Unix)Information securityCompilation albumComputer animation
14:48
Computer-generated imageryComplex (psychology)Service (economics)Information security1 (number)Cartesian coordinate systemComputer fileMereologyMedical imagingSystem administratorComputing platformProcedural programmingComplex (psychology)Computer-generated imageryRight angleMetropolitan area networkComputer animation
15:56
FreewareOpen sourceComputer-generated imageryComplex (psychology)Service (economics)Information securityComputer fileRight angleComputer-generated imageryIntegrated development environmentRevision controlFraction (mathematics)CASE <Informatik>Computer animation
16:53
FreewareOpen sourceComputer-generated imageryComplex (psychology)Service (economics)Information securitySystem programmingMultiplication signInformation securityReal numberMedical imagingProper mapScheduling (computing)Lecture/ConferenceComputer animation
17:37
Computer-generated imageryComplex (psychology)Service (economics)Information securityCASE <Informatik>Different (Kate Ryan album)Student's t-testProgramming languageComputer programmingOrder (biology)Computer animation
18:51
FreewareOpen sourceCodeSystem programmingComputer programmingBitStudent's t-testProgramming languageConstraint (mathematics)Condition numberOrder (biology)Computer programmingIntegrated development environmentCuboidValidity (statistics)Computer animation
19:40
CodeSystem programmingFreewareOpen sourceComputer programmingComputer scienceStudent's t-testCodeDescriptive statisticsConstraint (mathematics)Computer animationLecture/Conference
20:26
System programmingStudent's t-testConfiguration spaceDisintegrationCodeExecution unitSoftware testingOpen setSoftware testingConfiguration spaceSystem programmingCodeContinuous integrationComputer-generated imageryProgramming languageDependent and independent variablesStudent's t-testOrder (biology)Generic programmingMedical imagingComputer animation
21:27
System programmingStudent's t-testFreewareOpen setDisintegrationConfiguration spaceCodeSoftware testingExecution unitSoftware testingOrder (biology)INTEGRALStudent's t-testExecution unitError messageFunction (mathematics)Process (computing)Perfect groupBuildingSampling (statistics)Software development kitMultiplication signLecture/ConferenceComputer animation
22:26
Open sourceToken ringVertex (graph theory)Address spaceStandard deviationRepository (publishing)SpacetimeServer (computing)State transition systemMereologyFocus (optics)Point (geometry)Universe (mathematics)NeuroinformatikSystem programmingMultiplication signStandard deviationRepository (publishing)Computer-generated imageryVirtual machineArchaeological field surveyServer (computing)XMLComputer animation
23:42
Server (computing)State transition systemAddress spaceToken ringVertex (graph theory)Open setFreewareStandard deviationRepository (publishing)SpacetimeSpacetimePoint (geometry)Address spaceConstraint (mathematics)Scheduling (computing)Lattice (order)CASE <Informatik>CubeElectric dipole momentService (economics)Kernel (computing)Computer animation
24:52
GoogolPoint cloudOpen sourceData storage deviceMultiplicationPlug-in (computing)VolumeDemonSystem programmingMereologyAbstractionService (economics)Kernel (computing)Perspective (visual)Data managementScheduling (computing)Data storage devicePoint (geometry)DistanceDiagramProgram flowchartComputer animation
25:48
Open sourceFreewarePoint cloudGoogolData storage deviceMultiplicationVolumePlug-in (computing)File systemData storage deviceSingle-precision floating-point formatMathematical analysisMereologyVolume (thermodynamics)DatabaseMultiplicationRight angleCartesian coordinate systemQuicksortSoftwareNeuroinformatikQueue (abstract data type)Computer animation
26:31
Point cloudGoogolOpen sourceData storage deviceMultiplicationPlug-in (computing)VolumeFreewareData storage deviceMultiplicationCloud computingPlug-in (computing)Virtual machineOpen sourceWeb serviceComplete metric spaceLecture/ConferenceComputer animation
27:22
GoogolPoint cloudOpen sourceData storage deviceMultiplicationPlug-in (computing)VolumeData storage deviceVolume (thermodynamics)Replication (computing)Plug-in (computing)CASE <Informatik>Flow separationOcean currentComputer animation
28:18
Open sourceFreewarePoint cloudGoogolData storage deviceMultiplicationPlug-in (computing)VolumeStability theoryGroup actionFlow separationComputer-generated imageryInformation privacyBefehlsprozessorMiniDiscLimit (category theory)Control flowLocal GroupPersonal digital assistantCASE <Informatik>Different (Kate Ryan album)Web applicationSoftware developerImplementationStability theoryStudent's t-testGroup actionPoint (geometry)Personal digital assistantCausalityMereologyComputer animation
29:53
Stability theoryGroup actionOpen setLimit (category theory)Control flowBefehlsprozessorFlow separationInformation privacyLocal GroupPersonal digital assistantMultiplicationFreewareOpen sourceComputer-generated imageryMiniDiscMereologyGame controllerFlow separationStudent's t-testAreaProjective planeSystem administratorInformation privacyLimit (category theory)MiniDiscRight angleSemiconductor memorySet (mathematics)BefehlsprozessorComputer animation
31:06
Group actionStability theoryFreewareOpen setBefehlsprozessorLimit (category theory)Control flowFlow separationInformation privacyLocal GroupMultiplicationPersonal digital assistantMereologyCubeNamespaceConfiguration spaceFlow separationNeuroinformatikStudent's t-testProjective planeRight angleLogicDifferent (Kate Ryan album)Open sourceEnterprise architectureOpen setData storage deviceComputer animationDiagramProgram flowchartLecture/Conference
32:17
Game controllerNamespaceSoftware testingStudent's t-testConfiguration spaceRow (database)Projective planeMereologyDifferent (Kate Ryan album)Computer virusSpacetimeRollenbasierte ZugriffskontrolleDiagramProgram flowchart
33:39
Personal digital assistantNamespaceData storage deviceBefehlsprozessorRead-only memoryMiniDiscLimit (category theory)BefehlsprozessorMultiplication signQueue (abstract data type)QuicksortBitMetric systemGraph (mathematics)Slide ruleCartesian coordinate systemNamespaceDatabaseCASE <Informatik>Limit (category theory)Moore's lawResultantInformation overloadDifferent (Kate Ryan album)Computer animation
35:36
Hill differential equationPersonal digital assistantNamespaceData storage deviceMiniDiscRead-only memoryBefehlsprozessorLimit (category theory)Student's t-testNamespaceQuicksortDifferent (Kate Ryan album)Digital photographyProjective planeShared memoryWeb servicePoint (geometry)Social classRootGroup actionService (economics)Right angleDiagramProgram flowchartComputer animation
36:24
World Wide Web ConsortiumComputer wormAbstractionSimulationNormed vector spaceWeb pageSoftwareCartesian coordinate systemProcess (computing)AbstractionXMLComputer animation
37:10
SimulationAbstractionFreewareOpen sourceComputer wormIntegrated development environmentService (economics)WebsiteCartesian coordinate systemAbstractionScheduling (computing)CASE <Informatik>Computer-generated imageryComputer animationLecture/Conference
38:09
SimulationAbstractionOpen sourceFreewareAbstractionRight angleData loggerLevel (video gaming)Computer-generated imageryService (economics)Medical imagingLecture/ConferenceComputer animation
39:06
SimulationAbstractionOpen sourceFreewareUniverse (mathematics)Web serviceLevel (video gaming)Product (business)Multiplication signCubeComputer animationLecture/Conference
39:59
AbstractionSimulationScripting languageSystem programmingConfiguration spaceSoftware repositoryUniverse (mathematics)Configuration spaceComputer fileRepository (publishing)Different (Kate Ryan album)LaptopMultiplication signProper mapScripting languageHard disk driveComputer animation
41:01
Configuration spaceScripting languageSystem programmingSoftware repositoryFreewareOpen sourceConfiguration spaceUniverse (mathematics)Student's t-testMultiplication signObservational studyComputer animation
41:46
Scripting languageSystem programmingConfiguration spaceSoftware repositoryOpen sourceFreewareRepository (publishing)Configuration spaceCASE <Informatik>Computer fileMultiplication signScripting languageInsertion lossPoint (geometry)Universe (mathematics)Computer animation
42:44
Scripting languageSystem programmingConfiguration spaceSoftware repositoryMultiplicationPersonal digital assistantPlanningUniverse (mathematics)CASE <Informatik>Student's t-testDecision theoryAreaData storage deviceComputer animation
43:58
PlanningPersonal digital assistantMultiplicationOpen sourceFreewareScripting languageRight angleLevel (video gaming)Computer animation
44:42
MultiplicationPersonal digital assistantPlanningMultiplication signMathematical analysisSingle-precision floating-point formatCASE <Informatik>Different (Kate Ryan album)AreaComputer animation
45:35
PlanningPersonal digital assistantMultiplicationOpen sourceFreewareOpen setComputer iconEmailExecution unitTwitterUniverse (mathematics)Arithmetic progressionInformationComputer animationXMLUML
46:22
Open setComputer iconEmailExecution unitTwitterMusical ensembleQuicksortDifferent (Kate Ryan album)Computer hardwareScaling (geometry)BuildingStudent's t-testPersonal digital assistantNamespaceSystem administratorProcess (computing)Workstation <Musikinstrument>AreaGroup actionNeuroinformatikData storage deviceProjective planeXMLUMLLecture/Conference
48:14
Computer iconExecution unitEmailTwitterConfluence (abstract rewriting)FreewareOpen setPressureBitType theoryTask (computing)CASE <Informatik>Repository (publishing)LoginShift operatorRight angleNeuroinformatikPasswordPersonal digital assistantCubeNumberWindows RegistryStudent's t-testOpen setSemiconductor memoryPlanningUniverse (mathematics)Power (physics)TheoryMathematical analysisVirtual machineSoftware bugMereologySystem programmingProcess (computing)Data storage deviceData managementCentralizer and normalizerConfiguration spaceRevision controlKerberos <Kryptologie>DatabasePoint (geometry)Graphics processing unitComputing platformSoftwareKey (cryptography)BefehlsprozessorResultantComputer configurationSelf-organizationState of matterMultiplication signMusical ensembleLogic gateCartesian coordinate systemAreaXMLUMLLecture/Conference
56:37
Computer iconExecution unitEmailTwitterRight angleConfiguration spaceNeuroinformatikCubeMetric systemFluxXMLLecture/Conference
57:50
Computer iconEmailExecution unitTwitterFreewareOpen sourceComputer animation
Transcript: English(auto-generated)
00:07
Hello welcome to the next talk Next talk will be in English from Fabian Marquardt. He is working at the University of Bonn as you can see at this slide here the small corner of the building
00:21
But not from computer science, I think I'm from computer science. No, but this building is building. Yeah, I think so Okay. Yeah, the talk is about using container technology for science And teaching and I'm very curious to come to know how we can use these tools
00:42
Okay, it's your stage. Yeah. Thank you for the kind introduction If we are talking about this one maybe an anecdote So this is actually the explanation for the new logo of the university which was introduced last year So if you think about what should that mean? Nobody does understand
01:00
you can see this and Yeah Well, no further comment so Before I begin a few facts about me. I studied computer science at the University of Bonn from 2008 finished 2015 and since then I am active within the
01:21
Department of Computer Science as a researcher and PhD student and my focus area is networks and IT security So today my talk is mainly from perspective of a computer scientist and I guess that at least some people in the room are maybe familiar with this perspective, but
01:40
maybe it's also relevant for other areas at least of Mathematics physics or something like that. That's also Areas where you use a lot of computers you do a lot of programming and stuff So that might also be interesting but my perspective of course is the perspective of a computer scientist
02:01
I love to use open source software both at work and in my free time It helps me a lot to to do a lot of things at work that wouldn't be possible Otherwise, so that's also why I'm here today to to talk about why how we use this software at the university and how it helps us and
02:21
I have been using Docker for some years now, so I'm quite familiar with Docker but only recently started using Kubernetes and So I want to emphasize that I am by no means an expert in this area. So I'm standing here today rather as a User who is learning by doing who is trying to to find something that can help us in certain use cases
02:45
There might be some people in the room who have far more knowledge about the technical details of Docker of Kubernetes That's That's totally fine. And maybe we can get into some discussion later on if you if you have some ideas. I'm very happy to receive
03:01
Feedback, but I want to talk mainly today about what are our use cases? How can us how can tools like Docker and Kubernetes help us in this use cases? And how do we do that? All right, so a quick overview of the contents of my talk So Docker and Kubernetes in a nutshell only very short
03:22
Some exemplary details what what What is the the idea of this tools? Then I want to talk about what use cases we have in the science and research area what use cases we have in the teaching Area, so how can we make use of those tools at the university?
03:42
Then I will talk about some Aspects at least of how we implement such a cluster with respect to the use cases and Obviously you could talk for that talk about that for hours that Time I do not have today so I will focus on some things that I think are especially important and
04:04
Somewhat different to a cluster for example, that would be used by a software development company for example And obviously there are some problems
04:27
Okay test test. All right, so we will continue with this microphone
05:12
Yeah, where was I I was talking about problems and lessons learned that I want to talk to you about Later on and then obviously there's a conclusion and outlook. All right
05:23
so Docker and Kubernetes, what is it all about? So I was looking into the talks of last year here at FrostCon and there were at least five talks Which had Kubernetes and Docker in the name maybe even more and I missed them So it has been a popular topic obviously So maybe we can get a quick raise of hands who has at least some basic knowledge about Docker already. Oh
05:46
A lot of people. All right, that's good. And who has at least some basic knowledge about Kubernetes? A few less. Okay, but also quite a lot of people. All right So I keep the part related to Docker very short because it was almost all the people
06:04
So one very basic idea that I find is very important to understand how you you do things as Docker Is that you ship applications as container images, right? So for most of you people it is not a new thing that you Just with Docker you don't only give out a binary or something like that
06:21
but instead you build an image which contains all the application called the libraries the tools the Configuration which may later obviously be be overridden by your user specific configuration Basically everything you need to run this To run some specific software is inside an image and you can hand out this image and just tell somebody yet
06:42
If you have Docker you can run it Each container obviously runs in an isolated environment which provides some security obviously and also isolation the so that for example of Mistake that you made in one application cannot influence the other one. Well theoretically
07:02
Obviously, we don't always want perfect isolation But in many cases we want our containers to communicate and so we have inter-container networking we could for example build a situation where we have a HTTP front-end which is then connected to a container with a web application This web application may talk to some database container and so on and so on
07:25
Okay. Now on top of that we get Kubernetes I copied a bit of the Wikipedia definition Kubernetes is a open source container orchestration system for automating deployment scaling and management of containerized applications
07:41
so that only that already carries a lot of information about what the the basic idea of Kubernetes is and basically, you build a cluster of at least one master node and multiple worker nodes and the the very Central idea is that the user declares the desired state of the cluster via some configuration syntax and
08:06
then Kubernetes the the control plane takes actions to ensure that the current state of the cluster matches these desired state and That include includes for example Ensuring that containers are running and working correctly. So for example that some service is reachable and responding in the right way
08:25
Balancing balancing the load between the cluster nodes and Yeah, basically taking action whenever an error occurs So when a pot crashes then restart a new pot for example, right? So that's what what kubernetes can give you Obviously a lot more but but I think that's the the most important part
08:45
Okay, let's talk about some use cases how we can use how we can make use of these technologies at the university and let's Talk a bit about history Okay, I try to do this in a more or less generic way because we could talk about different
09:01
Examples for hours and I try to bring this down to to some generic things that occur multiple times So looking at science and research a frequent use case could be some colleague of me coming to the technician and saying I have a research project and I have written some tool which analyzes data and
09:23
Now I need to run it for a month maybe or longer in order to process some data and Well, this happens a lot. It's basically what we do. We try to find out new things and in order to do so we often require
09:40
custom-made software to to to do this and So this software by design is typically a specialized software. It is written exactly for this Specific use case and This software tends to have strange and uncommon dependencies obviously you sometimes have very specific tools and and
10:02
SDKs that some other researchers for example have written and that are not easy to to install so You won't just up get install something and it works I Have had situations where you sit in Entire day in front of your computer and in the end of the day you are happy that you can compile some code
10:22
right, so that's quite typical and This software also Has very frequent changes at least at the beginning because when you've finished the first version of your tool and you run it With let's say a bunch of data Then in the end you look at the results and you maybe see well the results look none like I expected
10:42
Then you find some buck and you fix the buck and then you run it all again and so on and so On so you have frequent changes and especially if it is difficult to compile it and to run it then obviously you have Lot of lot of time is spent on on doing just this changes The time frame is often unclear in the beginning you might just say okay
11:02
I have some data, and I will need it for some weeks, and then you find out well it's it's more problematic than we think we need months or years to do it that can can totally happen and And Also very typical for such software is that it is not used anymore once the project is completed because as scientists
11:21
We want to write papers or we should write papers at least and So in the end if the software can prove that it works then we write a paper and yeah It's it's somewhat sad that this happens a lot, but it happens a lot Okay, let's Look a bit into the past
11:41
The solution to to this use case not so long ago was that the technician would go To a storage room and just come back with a computer like a normal desktop computer And just give the person the computer and say okay. Here's your computer install all your stuff run your stuff We put it in our server room. Which was actually a well you have
12:02
Some shelves and either cables and power cables And then you have a lot of computers standing in there doing all sorts of magic stuff you don't know what they are doing because nobody has an overview what is even happening and Yeah, obviously this is a massive waste of resources you Cannot have a real monitoring or maintenance that this is very difficult because everybody would choose their own Linux distribution their own
12:28
Packet manager and whatnot, right and This also leads to situations where you encounter a computer which has a 10 year old Linux system with no security Updates and stuff like that and I don't need to tell you why this is a problem, I guess
12:44
And also computers tend to get lost So I was talking to colleagues and say hey you have this computer in our server room Oh this computer that stopped using it four years ago or something like that Yeah, and it was still running and obviously it was not updated or something like that. So again the security updates knows
13:03
It's not done So this is obviously not good So solution until now Is we move away from physical machines and use VMs because everything is better when you have virtualization, right?
13:22
So the technician would just set up a VM And give an SSH log into to the users to the researchers who want to use it and say I have fun install All your stuff and go ahead So the improvements is that you have somewhat easier management You can easily see how
13:40
Things are going which machines are running and so on and you have some sort of common base system So you might just install all VMs with a one Linux distribution and then you can enable automated updates and stuff like that to have at least some sort of Well, at least a basic system which is
14:03
Managed in a proper way But still we are wasting a lot of resources because a lot of the VMs tend to just idle and block the RAM and Stuff right? So obviously there are methods to improve this but well if you just allocate all the memory and
14:20
Not care about if it is used or not, then you you're wasting resources still you don't have any comprehensive maintenance and monitoring so that's obviously a problem and Also VMs are not deleted when project is finished it's the same problem as before and again no updates and security patches
14:45
So what would be a better solution? The technician could just say to the people that just build a docker image and we deploy it to our container platform The proofment obviously is that we can use resources very efficiently
15:02
Because if we just containerize our applications Then we can Use the the RAM. Well, if the application is just using one gigabyte of RAM Then you don't need to reserve Well, let's say four gigabytes of RAM and the part of that is never used for example
15:22
So you use the resources more efficiently The admin at least has no problems with complex dependencies and installation procedures because that one only receives the ready-made docker images Right like a build ones run everywhere. That's the slogan I once encountered Obviously for for the researchers they need to build this image, right? So they need to to do this
15:43
if you know docker, you know docker file specify how the images get built and So the researchers need to do this but also for the researchers it's a one-time work they need to do and then maybe they need to update parts of their docker files, but The rebuild of the image to build a new version to build in new dependencies is much easier if you have once
16:08
Defined a docker file, right? I think most of you if you use docker Think that is a very cool thing that you have with a docker file You have a standard build environment and you can do it again and again
16:22
Okay, the problems obviously is is researchers still need to know how to use it So if you have a department with let's say 10 people and only two people are using docker and you enforce them to to use Docker and and the eight people are unhappy and don't want to to work anymore
16:43
Then obviously you you gain nothing. So you need to make sure that at least a Significant fraction of your colleagues is interested in using such stuff which is heavily the case in our department But it might not be all the time. So Before you implement something like this you you need to talk to the people that say what do you want?
17:03
What do you want to achieve? what do you want to use which tools which systems and you cannot simply assume that people will be happy with it and Also for for docker we can not say that it is inherently secure because docker has a real big problem with outdated images Which contain dependencies which are like years old and so security issues are not
17:23
Solved by design you need to make sure that images for example get rebuilt in in proper time schedules and Yeah, I think this is a problem for docker as a whole and it applies here as well All right, so let's look at the different use case
17:42
We might also use this in our labs and also in lectures or so in teaching in general So use case might be we giving an assignment to students write a program that solves Some problem and show us that it works. So you get for some of the exam admission or whatever
18:05
So the requirements or needs that we have in this case are basically two things the students should be given enough freedom in order to Realize their own ideas to try some new stuff because that's what we really want to run people to to make use of new technologies like new programming languages or stuff like that and
18:25
Yeah, if we constrain people too much then they will not learn anything But for us on the other side and this might feel so in some way contradicting It must be easy to check whether a solution Is working and complete so we have to make sure that
18:42
The students really did this and the students delivered a correct solution And so we need to check this and so that might seem that we do not Want to to have so much diversity in the solutions and in fact the Typical solution so far again a bit of history lesson here was that we write on the on the assignment sheet
19:04
you have to use programming language X and Some IDE maybe Eclipse or whatnot To write your program the solution must adhere to this in that constraint. So we basically were specifying a lot Conditions that students had to adhere to in order to to deliver a valid solution
19:25
Obviously, this is very much limiting the freedom of students on trying out new programming languages using their own tools and In general thinking outside the box I think for for me my motivation as a researcher and also in teaching is that I want to enable people to really
19:42
Learn to try out new stuff learn themselves, especially in computer science I think it's very important to to go ahead and just try stuff and to learn new stuff And if people come there and say you need to use this and that and you cannot use all the other variants I think it's a bad idea and
20:01
Often well the students will Still if you if you give a lot of constraints students will still deliver solutions that require a lot of manual work So for example, the code does not compile you need some more dependencies which were not listed and yeah, whatever So even if you give give a very specific
20:20
description of what you want to have Students will maybe not deliver this So, how do we solve this? What we do right now, so this is what we already do is That we tell people you need to provide with the solution a configuration for some continuous integration tool specifically we use GitLab CI but you can use any system and
20:44
This CI configuration should compile your code run your code run certain tests maybe and this obviously depends on the exercise, but this is a generic idea So students can choose their own programming languages and tools
21:00
In GitLab CI for example, you can make use of docker images and your build runs completely in the docker image So you can use Ubuntu image you can use Image which has already Python or whatever program language support in there. So yeah, that's that's totally possible and It is the responsibility of the students to make sure that the code compiles and runs within the CI system
21:23
So no more manual work and saying oh I have to install this and that on my computer in order to to validate if the code is running completely The students have to make sure they will get the CI output. They will see there is an error. They need to correct it and We might even that's not something we do right now we might even supply unit and integration tests to do automated checks
21:45
To check for example, if the solution calculates the correct values That's something we might do in the future So you can do a lot of things with that and this is a perfect example GitLab CI will run the build jobs in docker containers and
22:01
You basically can deploy it It runs great You don't need to to invest much time into getting it to work and you get very very much Improvement the students are very happy doing this So I had a talk to some of the students who did this practical exercises in this semester And they were they were very happy with the new style of how we did this
22:25
all right, so Let's look at some parts at least of how to implement this like I said in the beginning We could talk about how to implement a Kubernetes cluster for ours And this is not the focus here today The focus is that I want to tell you how this is useful for us as researchers in the university
22:44
But I want to highlight some points at least where I think Things are getting interesting and you need to consider what you do how you do it and We will look at some of these examples So let's start very basic the the initial installation of such a cluster is actually very easy
23:04
so you can deploy directly to a physical machine you can also use a VM if you want, but you don't need to and Personally we use a Or at university. We use a Ubuntu LTS survey image because that's mainly what we use all the time it's a de facto standard and
23:24
This Has already there are up repositories available from Docker from Kubernetes Which you can link to the installation and just install the packages to your system. So the installation of of of one computer with the standard Ubuntu system and then installing Docker and Kubernetes is
23:42
done basically in under one hour and One one very interesting point here that I included is you need to disable the swap space Because Kubernetes for some reason is very angry when you enable swap So maybe the people in the room who have more in-depth technical knowledge about Kubernetes can can tell you afterwards why this is the case
24:04
We just disable the swap space. I think it has something to do with the scheduling and resource constraints But yeah, maybe afterwards we can talk about details I just included this because that was a problem where we run into it wasn't working We were saying why why isn't it working? And then the the simple answer was you need to disable swap
24:23
and Really bootstrapping the cluster the communities cluster is as simple as on the master node you run kubeadm in it And then on the worker nodes you run the kubeadm join with the address and the token of the master And then your cluster is basically up and running within some minutes. You need to do nothing more
24:40
That's everything you need to do to get a basic cluster So that's interesting so the start is very easy later on we will see this it doesn't stay that easy So what you get basically then just to give you an impression you have the kernel you have some OS services that should Ideally not be taking much resources away from the system. And then basically what you get is a kubelet which is
25:07
What yeah, you could describe it as the management demon of the kubernetes node and this kubelet schedules and controls the parts and the part is basically if you know docker but not kubernetes is basically an abstraction of a running container and
25:24
So so basically your your system so from from the perspective of the host system. It's very easy So the beginning was easy, but now we're getting to the interesting points very quickly We realized that we would need some persistent storage
25:44
we would Save some data for example Which was produced by some analysis tool or we need a database or something like that. All of that needs persistent storage In a multi node cluster This is obviously not as trivial as for a single node docker host if you used to
26:02
Docker then, you know, you can just map some part of the file system to your container You can create volumes and stuff and it's really it's a piece of cake, right? You can can do it right away You don't need to configure anything. It just works for a multi node cluster obviously, it can't be this easy because if your application runs on the one computer and
26:22
Storage is maybe on a different computer. You need some sort of network of distributed storage and What kubernetes does here just to give you an impression what you can do is you have? Multiple storage plugins basically So they support the typical cloud providers like Google and Amazon and Microsoft
26:42
So if you want to store your data with the NSA you can do so We don't want to do that We want to store our data on our machines and there are some notable open-source solutions This is obviously not complete GlusterFS you may have heard about this or Ceph is a very prominent and and very mature
27:04
Solution to doing distributed storage. Also, there's Flocker and for the people who basically say I don't want any fancy service I just want network accessible storage, you know, you have to go to NFS and it also just works We're not using NFS right now, but I think it will be not so difficult to to integrate NFS
27:26
So what we quickly learned is if you want to do this properly if you want to do proper distributed storage Which also is somewhat fail-safe. So for example, if one node fails, it's just should run and not break
27:42
You need to Think a lot what you want to achieve and how you want to achieve before you actually get going, right? If you just say, okay, it's just like Docker. I map some volumes. No, it's not the case you need to think about what you want, you need to plan ahead and basically, we are
28:00
Currently using Ceph and as I said Ceph is a very mature solution for for distributed storage You can do a replication and stuff But this talk is not about Ceph so it can as you see work with several plugins So you can just pick your own solution, but this is not any more trivial you need to
28:22
Look what you are doing before you run into problems and One very central point regarding the implementation of such a cluster that I want to talk about is multi-tenancy What does it mean? So typically a cluster would be used by only one group of users and
28:41
Serves only one specific purpose. So for example one Development company Software development company has a cluster where they run the web applications of their customers, for example and For for us it's clearly not the case. We have different users of different user groups We have different researchers which are part of different projects. We have
29:03
students from different courses and We have student assistants and so on and so on so we have a multitude of different users and we also have very different use cases, which we have already seen and So we need a multi-tenant cluster which is basically saying that we need a cluster that can adhere to
29:24
different users and different use cases and for such a cluster There is some things that might seem trivial in the beginning, but that are not so trivial to achieve For once we want to ensure that the stability of the cluster cannot be compromised by just one user
29:42
for example one user could Could work on their own stuff and maybe their own stuff would break and crash But it should not lead to the complete cluster crashing and not being available for example that is obviously a requirement that we have and also we want to have a Very strict privilege separation. So for example, the admin can maybe do everything
30:05
the researchers have control of some area of the cluster and the students only have Access to a very specific project within the cluster and they should not be able to see or influence any of the other parts The same holds true for data privacy, it's basically is somewhat related to privilege separation
30:23
so users should not be able to access any data that they don't that they Don't belong to it. So for example, if you have a project which Analyzes some data and maybe this data is somewhat confidential then another user should not be able to see this data
30:43
Right, so that's easy said but not so easy implemented Then quotas obviously you want for example to say it for for some user To not exceed a certain CPU or memory or a disk limit and And
31:00
Yeah, this is this is obviously required as well for for having a cluster that is not overloaded because one user just decided to run 100 replicas of something So multi-tenancy, how do we get there? So one concept that is already part of Kubernetes is
31:21
Very important here and this is namespaces So in Kubernetes you can Assign the parts and all the other configuration to different namespaces that does not mean that these parts Are running on different computers. That is a logical separation right and so
31:41
These namespaces could for example be the namespace of a research project and two namespaces of some different student projects For example, and this is in my eyes One of the biggest advantages that kubernetes provides over just using plain docker Right. This is what I always missed in docker that I could just say
32:01
Okay, this user I want to create a user and this user can only control this and that container for example I always miss that I know it is somewhat in docker enterprise edition But at least in the open storage community edition you cannot do something like that or at least you couldn't do it some months ago if there is something new I'm happy to hear about it and
32:22
So we have this namespaces. How do we actually assign which users can access the name? spaces we have role-based access control or RBAC in short and For example, we could say we have some users from a research project which can control the whole namespace and then maybe
32:41
One student and a different student who can respectively access their namespace and we have the Microphone is gone so Not working anymore Hello. Hello tests. Hello
33:03
Yeah, okay And for example, the supervisor of those students could access both namespaces Yeah You can basically have a very fine-grained control over which resources are available to which user Using the kubernetes role-based access control and you can also assign
33:20
The the role is not only for a complete namespace but also for different parts of Namespace and for for within the namespace you can tell the user for example can read how the configuration is But not overwrite the configuration so you can do a lot of stuff with the robust access control. So resource quotas
33:43
First of all before before we talk about extra quotas There exists a lot of tools for kubernetes to monitor the results you should use it because this is a very Prominent thing you want to know what is going on in your cluster? kubernetes can be Can put out some metrics which can then be read by
34:05
Prometheus influx DB and all the other solutions that Provide some sort of time value database and then you can create for example some fancy Grafana dashboards if you are used to that and So you it's really easy to do a proper monitoring of such a cluster and also monitor for example how much CPU does the
34:25
does each namespace use and so on you can do it very easily and That helps us to realize some sort of fair use research sharing which is Typically for us what we want in like 90% of the cases
34:41
Because we don't want to enforce any certain limit on the users as long as the cluster as a whole is not overloaded So if some people need the computation power for some time they can use it and then maybe they don't need it anymore And some other people need it That's totally fine But if we have a proper monitoring we would for example see well now the user is clearly using too much and the cluster is
35:06
Overloaded and then we could basically just go to the colleague and talk to him hey, your your Application is using too much resources. Can you reduce it a bit? Can you delete some replicas for example, and then we just resolve it
35:21
So that would typically just be what we want But in some cases you want strict limits and then you can have the resource quotas Which are supported by Kubernetes and you can define them per namespace. So if we go back to the To the previous slide you can set for each namespace different quotas
35:40
So for example, the student namespace is maybe quite restricted and the research project might just have not any specific quota, but instead use some sort of fair use resource resource sharing and What is also quite nice you can define priorities so you can say if the cluster resources at one point are
36:02
Overloaded then this Service should have priority of other services for example So this is a very important point regarding also the multi-tenancy which we talked about that we can Differentiate which user groups can access how much of the resources of the cluster
36:24
All right Let's go to some problems and lessons learned so obviously there are the Famous layers of abstraction some people may know this comic So basically in to summarize it it's about some person who wants to
36:48
Implement an application which just shows by side-by-side to two web pages and Instead of using the SDK and doing all the complicated stuff the person realizes you can just glue together two
37:03
Smaller phones, right? So so it does the same job And then but the other person responds you never learn to write software No, I just learned to how to glue together stuff that I don't understand Yeah that's basically what Docker and Kubernetes sometimes at least is about and
37:23
That can be a problem and especially it can be a problem when you depend on services running properly in a production environment So Docker already hides a lot of the details so in there is a lot of applications where you go to the website and Look for documentation of the installation that nowadays just say yeah start the docker container
37:44
You'll be fine and in most cases it does work, right? so you're happy and you don't even look what's inside the container image or whatever right and So you already have a lot of abstraction with with Docker and then Kubernetes comes and that's some abstraction on top of
38:01
About how our containers started and stopped and where are they scheduled? You don't know you usually you don't want to know and Then there's helm I don't talk I didn't talk about helm before Basically, it's a tool which automatically deploys stuff to Kubernetes without you needing to configure stuff
38:21
Which is one more layer of abstraction, right? it's it's very nice tool if you just want to get something going but it's Comes down to this it's great as long as it works But it's really difficult to resolve problems because you just don't understand what's really going on inside of this stack of
38:41
technologies so my goal always is to try to understand at least on a basic level how things work and To to see what what images are they using? How are they doing their services inside the image? How can I access the log files for example? So that I'm at least prepared if something goes wrong to to know how on where to look
39:06
for for an idea how to resolve the problem and this can be quite difficult at times and I would really recommend if you plan to to use Docker and Kubernetes on a on a production
39:21
Level and is this is really not limited to using it at the university You can also say that for any other production use that you always should simulate typical problems No failure downtime of a service and so on before they happen in production Because when they happen in production, there's people standing behind you. It's not working make that it works again, and you really don't have
39:45
Any time to find out what the problem is so you should really try to simulate such problems You can just shut down a node and see what happens and then Look what what what how you can resolve this problem. Basically, that's that's always a good advice
40:01
The second thing and this is Somewhat specific to university. I think it's also applying to to other areas as well. So you should always document stuff. I Think it's in general a good idea, but I will tell you why it's especially interesting for University So let's let's start at the beginning Obviously your configuration your scripts, etc
40:22
They should be organized in a proper way because otherwise if they just sit on some hard disk of some laptop of a researcher Then you can't even access it if something goes wrong So first thing is to organize this in a proper way git repositories might be useful, but you can use different technologies
40:40
That's what we do. We just put every yaml file and scripts in in a git repository or in different git repositories It works quite well The configuration alone is worthless if you Require a lot of time to understand it if it is difficult to understand what's going on. So
41:03
Configuration alone is Helping you to set up the same thing again But for example, if there are some problem you need to change something you want to understand Why is it configured this way and you need some proper documentation? so and what's what's Problem at university is that students and researchers typically stay at the university for some years, but not longer
41:24
I there are some people who would stay at the university for a very long time But typically people study for some years and then maybe they do a PhD and stay for the some years But then they are gone and they take away the knowledge and the knowledge is lost basically if it is not documented in a proper way
41:42
so the goal here is To document everything properly so that is easy to understand for other people what you did and So it is in the best case even understandable if you're not even there anymore that should be the goal and
42:00
One example how to do this and how we do it in particular is we put inside our git repositories We're also our configuration lives. We put a readme markdown file or even several files Which explains for example, why is the configuration value set to this and that or How do you execute the script which script does what?
42:22
And so for example if you need to to set up a new note You have a script which does essentially some some points that you need to do all the time and you can just Look in the documentation and see what other steps which this script does and so this is very important Especially in the situation where you have this loss of knowledge if you don't preserve it in a proper way
42:43
But I think it applies also to other areas as well, but in universities is especially important All right, it already brings us to the conclusion and somewhat outlook So I have shown to you that many use cases in science and teaching may profit from using container technology
43:05
Use cases in research may profit because it helps to to reduce some of the problems I talked about Use cases in teaching can greatly profit. We already did this and the students are very very happy again with what we did To try out new stuff and and yeah, I talked about that
43:25
and Setting up such a cluster to do cool stuff In science and teaching is easy in the beginning, but we have seen At least in some in some examples where?
43:40
Where you after the installation need to draw decisions and these decisions are not easy and you need to think a lot about How you do this stuff because otherwise you may run into problems the whole area for example of how to do properly the storage Which I just quickly talked about we could fill maybe a complete talk with just talking about how do you do that, right?
44:00
and so this is questions that obviously any user who wants to implement something like this must answer on their own and Yeah, it's it's really things where where You don't say anymore. You just execute this command and it works So our first
44:20
Sorry, it is important to understand how this works to not only rely on some script that is given to you or some magical kubernetes command which Does things in a certain way? you should be able to understand at least at a basic level how things work and document what you have done our first experiences show that we are on a good path, but
44:45
We need more time to evaluate our setup, so maybe in the future I can give you Even more in depth in in depth analysis of what things worked out good with things I would change so especially the question about how to build this multi-tenant cluster is
45:04
Different to a lot of other use cases of kubernetes And so there is a lot of tutorials how to do this if you just want a single tenant cluster and this area is Where you need to real really make a difference to this tutorials it's usually not so good covered in in the documentation of the
45:23
of the different tools that you might use and So yeah, we hope to provide an even more in-depth analysis of our own setup in the future and Maybe we can even do a talk or workshop next year to to report on the progress, but right now
45:41
I hope I have given you at least an impression of why it is an interesting topic to look how this tools can work in in the at the university and I hope you have understood. What are the motivations behind this and Yeah for for more we can have maybe a workshop or something like that in the future
46:02
So thank you very much. Here's some contact information, and I'm happy to receive your questions Hello It works so yeah
46:27
Thank you for your talk I found quite interesting and just want to ask you if you can give some some Things about the size of the cluster so how many nodes are there how many namespaces do you have and how many people are
46:45
Administrating the cluster Yeah, right now. We are still as I said in the process of building this of getting experience so right now We have we are running this on Some workstations so we have five workstations so basically five nodes of which one is the master node and
47:03
Some of these nodes contain the storage array So we have replicated storage already, but we are working on that as I said and so right now we don't have such a Big hardware setup, but we're right now talking about to to get a real cluster for this with like
47:22
Nodes with I don't know a 64 cores, and and you know the totally different area of computer and so that that is the plan to really do it on a big scale and so this will make a difference and Obviously it is not okay if you have only one person
47:41
Administrating this I think your question of how many people do this is related to that so Right now it is mainly me and some student assistants who are working on that but We are totally clear that once we say on our own that we have found our setup Which is reliable which is working that we bring in other people, and we have a lot of other people in our department
48:04
Which are quite interested, and then we already have an agreement that from each Project group for example. There's one person who will be sort of an administrator at least for this area And so that is the idea of how we want to do this. I would like to understand a bit better
48:25
What type of? Tasks run on your cluster is it mostly CPU wise challenging is it I always challenging do you have tasks which need?
48:42
For example GPUs instead of CPUs is it possible to do that from inside containers? Do you have? applications Which would like to do MPI and stuff would you call it an HPC cluster in the end and What is the average usage is it is it full all the time or not?
49:06
So so basically everything of what you said could be the case so our different projects are Very different when it comes to the computing requirements that they carry so typically we have stuff that Requires a lot of CPU power so really number crunching stuff and
49:25
Typically also a lot of memory because you need to do some machine learning whatever and you want to do it in the memory Whenever you can right so that is I would say a typical use case But also we have applications which have really huge databases which obviously not fit in the memory
49:45
So we want to have a proper storage, which is attached to the cluster and If you were asking about GPUs, we're not doing Much with GPUs in our department, but for other people this might be the case I cannot
50:01
Talk in detail about this because I don't know about it But I read that recently Google started to offer also kubernetes Nodes which have GPU assistance, and they also are integrating this in this quota management So they are supporting this But how you do it exactly I cannot tell because for us. It's not relevant so for us mainly. It's number crunching
50:24
It's lots of memory for for you know in memory analysis jobs and and sometimes we have larger databases But we're not very in the in the area of of big data as such Thank you
50:41
Yes, I want I would like to know if you have a documentation how you deployed this kind of infrastructure yeah, so as I already said we have Accepted the fact that without the proper documentation. This is worthless, so we are documenting stuff right now We do is in our internal git repository, but we absolutely thinking about
51:04
Doing this in a public way on github or wherever So this is Absolutely so so if we have a chance to give something back to other people who want to to do the same stuff or something Very similar we always try to do this because for me as a person who is basically paid on tax money
51:23
This is always the motivation to do whenever I can to provide the results of my work in an open way So I want to do this and right now. I will be honest We were not in the state where we can clearly say okay. This is how we want to do this
51:40
We are still experimenting we have good initial results But we're still experimenting and later on maybe next year or some time we may put this on on github or wherever Thanks for the talk. Did you ever consider using open chef open shift instead of Kubernetes?
52:00
I read a lot about open shift but Well, I had some initial experience with Kubernetes that was basically the the motivation why I said to my student assistants Let's do it with Kubernetes So it's always I think it's always a benefit if you already have some prior knowledge But I think in in theory you could do it with open shift totally
52:27
Did you experience any problems with Docker itself like any bugs in Docker is mature enough? Not any bugs with Docker itself But we quickly discovered that Kubernetes is quite picky when it comes to using the wrong Docker version
52:45
Some people are nodding Yeah, and so at some point we had a bit over motivated Automatic update on one of our nodes which put the Docker to the new version and then Kubernetes basically said what's that?
53:02
I cannot work with that Docker version I don't know what the reasons for that are but that is basically something that we experience but any short that Docker itself had a Problem I cannot remember Any further questions?
53:24
So, how do you propose to manage? credentials If you set up systems Especially if you put it in some git repository, which is pretty much public inside your organization or even totally public Yeah, we will not put any passwords or something like that in the git repository
53:44
There are many other ways to do this properly We we make use of password stores for that but I already encountered So the password stores then on some computer where you SSH to and then you have you know To enter a passphrase to open it and and stuff like that. That's maybe not the best way to do it
54:04
So there are more elegant ways to do it in a distributed way But we haven't really put much Thought into it yet But clearly it is it is clear that we do not You know save passwords and clear text in the git or whatever and
54:21
Within Kubernetes you can have these Secrets so you can save confidential data in Kubernetes. Obviously, then you need to trust the system, right? But if you don't trust the system, you better not use it So so for example the the the passwords for That kubernetes itself uses for example to access a private private
54:46
Docker registry are saved as a secret in in the kubernetes management plane Alright, so and they are encrypted in some way I cannot tell you how it is done in practice But that's also a part of the system obviously that the people who write the software think about
55:04
these use cases And what about the the user credentials? I think at the university you have a central user management added up Kerberos things and Is will this be integrated to your platform? Yeah, this question is right now
55:23
I cannot give you an answer to this obviously this would be Beneficial to to use the account that's already there but for talking to the kubernetes RP you need to have some some secret key and so basically you would you Provide to the users the the configuration with the secret key inside
55:43
And so I do not know how this works if you use LDAP with a user and password login But if there is any way to do this and it is probably secured then yeah This is of course an option. So when people already have the account and can authenticate to some system. Why not use it?
56:06
Any further questions? Yeah, so To this question can do you use a dashboard for login for this for students or have some SSH login?
56:21
So so you don't need to log in to the actual cluster nodes you only talk to the kubernetes RP You have the API And you have the kubectl command line thing and everything talks to this API Right, so so whenever you want to change the configuration or something like that you use kubectl and
56:44
You can do it on your local computer. And then obviously you need to have access to the API and Right now the access to the API is restricted for the people who are inside our subnet But yeah, that's also something we need to work on How do you get access in which ways but that's basically the the idea?
57:05
Yeah, but these dashboards it has a lot of features also for creating well, you mean the official kubernetes dashboard Yeah, we don't use that at all. So so we have a For for monitoring for example, we have influx DB and Grafana stack
57:21
And we and use these node exporter and stuff that Google has built to to export the metrics And the other features I don't even know Until yet they were not relevant for us All questions answered
57:41
Then let's thank you again for your talk very inspiring and thank you