Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Adnan Hodzic

2023-04-19

This talk covers ING’s MLP (Machine Learning Platform) 2+ year migration journey to Kubernetes. ING being the biggest bank in the Netherlands and one of the biggest world banks entails we work in a highly regulated environment and are subjected to rigorous policies in terms of control with IT process lifecycle. Being a data scientist in one such environment, who would like to deploy pre-trained machine learning models to Production, without much or any underlying SRE/deployment knowledge complicates things. That’s where MLP (Machine Learning Platform) steps in, as it takes care of all the above mentioned problems by serving as a model hosting platform. As an SRE Adnan will cover problems and limitations of the existing platform setup in the VM (Virtual Machine) world and the inception of an idea to migrate to Kubernetes. Which steps it took to start the realization of one such idea and its migration plan. Followed by resistance, inability to choose the ideal target destination, platform’s growth and challenge in supporting the current setup in its growing capacity and ultimately leading to scalability issues. All these factors lead to a perfect storm, which led to the inevitable. Migration to Kubernetes and how that process came to be.

Conference:  Linux Security Summit Europe 2022

Authors: Jiewen Yao, Jun Nakajima

2022-09-15

Device attestation is necessary for maintaining confidentiality of workload in a hardware-based Trusted Execution Environment (TEE) virtual machine (VM) when transferring workload to a device for acceleration.

• Physical devices in TEE environment
• Device attestation model
• Verification of device identity and evidence information
• Device initialization flow

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Alexander Jung

2021-10-14

KubeKraft is a novel runtime that allows for running VMs with Kubernetes natively, without any container overhead. It aims to achieve higher cluster utilization while maintaining performance and security.

• Virtualization strategies such as containers have gained immense popularity thanks to orchestration frameworks such as Kubernetes.
• Typical deployments with Kubernetes involve four degrees of virtualization and indirection, which can be difficult to debug and add performance penalties.
• KubeKraft introduces unikernels into the ecosystem and allows for running VMs with Kubernetes natively, without any container overhead.
• KubeKraft's architecture is presented, along with its integration with Kubernetes and performance results.
• Using a Unikraft NGINX unikernel, KubeKraft results in 2x the throughput of an official Docker NGINX image.