menu

News

06.04.2020

Karvdash: A Kubernetes dashboard for data-science workflows

Antony Chazapis and Angelos Bilas
FORTH-ICS

To facilitate high-level user interaction with the Kubernetes execution environment used in EVOLVE, we present Karvdash: a service management software for Kubernetes, which runs in Kubernetes as a service itself.

Karvdash implements:

  • A web-based graphical frontend - a dashboard to manage services that are launched from templates, organize container images, and interact with collections of data that are automatically attached to application containers when launched.
  • User management with an associated mechanism to isolate user services in different Kubernetes namespaces.
  • An integrated solution to securely provision multiple services under one externally-accessible HTTPS endpoint.

 

Kubernetes provides all the tools to do data sharing, create namespaces, etc., but the exact implementation and structure of the overall environment is left to the developer. By making respective choices and following a particular workflow, Karvdash practically imposes a Kubernetes usage methodology, which by design has been tailored to a specific environment (HPC cluster) and type of users (data scientists) - matching the unique context of EVOLVE.

Karvdash also implements a "traditional" user scheme (and all associated mechanisms) which is then mapped to Kubernetes namespaces and service accounts. Kubernetes does not have "users" and no place to "login into", as expected by most high-level platform users.

Karvdash runs as a service in Kubernetes and coordinates the execution of other services in particular namespaces. All provisioned containers share common mountpoints that correspond to specific paths in the hosts.


In the following paragraphs, we outline the services provided by Karvdash, along with a brief technical description for each service.

 

Data management

In a cluster environment, it is common for each user to have a "home folder", usually mounted over NFS. Karvdash tries to apply this notion in a containerized environment: All cluster nodes share a common NFS folder, but this folder is also mounted inside containers as well. Thus, when running a notebook server (like Zeppelin or Jupyter), user data is available in the corresponding container at a well-known path - as it would be in a bare-metal cluster node. Karvdash attaches user-specific "home folders", as well as a shared data folder, inside all containers in the user's namespace. This, in addition to the web-based file browser provided, facilitates easy data management for applications, both for providing inputs and collecting outputs.

Karvdash data management screen


Service templates
Karvdash provides a way for users to easily configure and start services, by integrating a simple service templating mechanism - practically YAML files with variables. The user can specify execution parameters through the dashboard before deployment, and Karvdash will set other "internal" platform configuration values, such as private Docker registry location, external DNS name, etc. Moreover, Karvdash automatically manages service names when starting multiple services from the same template, while it also allows "singleton" services that can only be deployed once per user. Example of service templates included are Zeppelin, Argo, Kafka, and a virtualized MPI cluster.

Registry gateway
Additionally, Karvdash provides a graphical frontend to a private Docker registry, so users can easily manage available private container images and upload new ones from files (exported images).

User namespaces
Internally, at the Kubernetes level, each Karvdash user is matched to a unique namespace, which also hosts all of the user's services. Containers launched within the namespace are given Kubernetes service accounts which are only allowed to operate within their own namespace. This practice organizes resources per user and isolates users from each other.

Service exposure
To expose services to the user, Karvdash makes use of a Kubernetes ingress - a proxy server. Service templates that provide a user-facing service include an ingress directive. Thus, Karvdash effectively exposes all services on subdomains of the main dashboard domain, protects all services with a basic HTTP authentication mechanism (using the dashboard usernames and passwords), and incorporates all services under a common SSL environment, so all data sent back-and-forth through the ingress is encrypted.

Karvdash has been developed by FORTH-ICS and will be available online under a permissive free software license.

17.02.2020

Evolve contributes to IBM's new opensource framework

Cookies Definitions

EVOLVE Project may use cookies to memorise the data you use when logging to EVOLVE website, gather statistics to optimise the functionality of the website and to carry out marketing campaigns based on your interests.

The cookies allow to customize the commercial offers that are presented to you, considering your interests. They can be our own or third party cookies. Please, be advised that, even if you do not accept these cookies, you will receive commercial offers, but do not match your preferences.
These cookies are necessary to allow the main functionality of the website and they are activated automatically when you enter this website. They store user preferences for site usage so that you do not need to reconfigure the site each time you visit it.
These cookies direct advertising according to the interests of each user so as to direct advertising campaigns, taking into account the tastes of users, and they also limit the number of times you see the ad, helping to measure the effectiveness of advertising and the success of the website organisation.
Privacy Policy