4 Best Practices for Using Cloud-Native Infrastructure for AI Workloads
2024-9-13 00:17:17 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

Artificial intelligence (AI) is one of the hottest buzzwords these days, dominating headlines and rocking the stock market. Many companies have already added AI functionality to their software solutions, and many hope to add even more in the coming months. It’s important to remember, however, that the foundation these technologies are built on can significantly impact their effectiveness and scalability. The Cloud Native Computing Foundation (CNCF) recently released a whitepaper that highlights the importance of cloud-native technology and AI as critical technology trends.

Today, Kubernetes is more than a platform for managing containerized workloads and services. It has evolved to become the de facto cloud operating system, handling network, storage, and compute. As AI has become more accessible and common, it has become clear that cloud-native infrastructure supports AI applications far better than traditional architectures.

“Cloud Native Artificial Intelligence (CNAI) refers to approaches and patterns for building and deploying AI applications and workloads using the principles of cloud native. Enabling repeatable and scalable AI-focused workflows allows AI practitioners to focus on their domain.”
CNCF AI Working Group: Cloud Native Artificial Intelligence

Core Advantages of Cloud-Native Infrastructure for AI

Cloud-native infrastructure provides the scalability, resilience, and flexibility required to support rapidly evolving AI workloads better than other approaches:

  • Scalability: Kubernetes can automatically scale resources up or down based on demand, which is important for AI workloads because they often require sudden bursts of computing power followed by sharp drops in demand. Cloud-native infrastructure ensures the compute power is available when needed.
  • Resilience: Kubernetes includes built-in features, such as self-healing and load balancing, to ensure AI applications remain available and performant even during traffic spikes.
  • Flexibility: Containerization and microservices architecture allow AI teams to update and deploy new models or components without disrupting the entire system due to the portable and extensible nature of Kubernetes. This is particularly important for AI models because different models usually require distinct and even conflicting dependencies — isolating these dependencies in containers enables more flexibility in terms of deployment.
  • Resource Efficiency: Cloud-native infrastructure enables more efficient use of compute resources, which is especially important for resource-intensive AI workloads.

Together, AI and cloud-native technologies offer improved scalability, more efficient development cycles, and a greater ability to handle complex AI workloads.

Claroty

Kubernetes as a Foundation for AI Infrastructure

Kubernetes serves as the ideal platform for AI workloads because it offers:

  • Autoscaling: The Horizontal Pod Autoscaler (HPA) can automatically adjust resources based on CPU, memory, or custom metrics, which is crucial for fluctuating AI workloads. HPA, Vertical Pod Autoscaler (VPA), and Cluster Autoscaler are the three types of autoscaling available in K8s.
  • Resource Management: Kubernetes provides fine-grained control over CPU and memory allocation, ensuring AI models have the resources they need without overprovisioning.
  • GPU Support: Kubernetes can manage GPU resources, which is essential for most AI and machine learning workloads.
  • Portability: Kubernetes’ container orchestration allows AI workloads to run consistently across different environments, from on-premises to multiple cloud providers.

Implementing Kubernetes Best Practices

Adopting best practices in security, reliability, and cost optimization is crucial for deploying your workloads with Kubernetes, regardless of whether you’re deploying AI/ML workloads or something else. Make sure you’re following these essential K8s best practices:

Security:

  • Implement DoS protection through ingress policies. Use an ingress policy to limit the number of concurrent connections allowed or how much traffic a specific user can consume. You can also tune these limits for particular hostnames or paths.
  • Regularly update Kubernetes, add-ons, and base Docker images. Each time a new release comes out, you’ll need to test your updates and make sure there are no unintended impacts. Staying on top of updates makes monitoring for problems and making course corrections easier.
  • Use Role-Based Access Control (RBAC) to limit permissions. It’s easiest to deploy new apps or provision new users with admin permissions, but this gives the ability to make potentially catastrophic changes. RBAC enables you to grant fine-grained permissions to grant appropriate access to different resources and implement the principle of least privilege.
  • Implement network policies to restrict communication between applications. Network policies are an effective way to control what can communicate with what within a cluster, manage cluster ingress and egress, and limit the damage if attackers find a security hole.
  • Use workload identity to secure access to cloud resources. Workload identity ties RBAC to the cloud provider’s authentication mechanism, enabling you to use K8s’ authentication mechanisms to manage access to resources outside the cluster.
  • Encrypt and manage secrets securely. K8s enables organizations to use Infrastructure as Code (IaC) to simplify deployment and provisioning of infrastructure, but applications require access to secrets, such as database credentials, API keys, and admin passwords. Don’t store these in your IaC repository, as that exposes them to anyone with access to your repo. Instead, make sure you encrypt your secrets before checking them in and then unlock them with a single encryption key.

Cost Optimization:

  • Right-size your resources based on actual usage. Fairwinds created Goldilocks, an open source project, to help teams discover usage patterns and allocate resources to their Kubernetes deployments. Right-sizing can help you ensure you’re only spending when and where you want.
  • Understand your workloads. Goldilocks can also help you understand whether your workloads are CPU-intensive, memory-intensive, or a balance of the two. That can help you determine whether you’ve selected the most efficient workload for your Kubernetes worker nodes.
  • Use an intelligent cluster autoscaler, such as Karpenter. Karpenter will intelligently choose node sizes based on your total resource requests and limits. Additionally, it allows you to utilize spot instances at rates that are discounted up to 90% compared to on-demand prices.

Reliability:

  • Avoid incorrect configurations. IaC allows you to manage your IT infrastructure using configuration files, which reduces human error and increases repeatability and consistency.
  • Simplicity vs. complexity. It’s easy to introduce too much complexity into Kubernetes environments. Avoid using the latest, shiniest tools, and think carefully about each add-on that you introduce to your stack. Only use the tools necessary to solve the problems that you currently have.
  • High availability architecture/fault tolerance. It’s possible to schedule containers across multiple nodes and availability zones in the clouds with Kubernetes, which improves reliability. K8s also helps you ensure there’s no single point of failure by making it easy to deploy multiple redundant instances based on a given component.
  • Resource limits and autoscaling. Setting requests and limits for CPU and memory enable the Kubernetes scheduler to function well and enable autoscaling, which can increase cluster reliability.
  • Configure readiness and liveness probes. These probes are how Kubernetes can be “self-healing.” Setting these probes enables you to automatically detect and fix issues in the cluster, making it more reliable.

Policy Enforcement:

  • Avoid inconsistency. Managing cluster configurations consistently becomes increasingly difficult as Kubernetes adoption grows. In multi-user, multi-cluster, and multi-tenant environments, it’s important to have a way to automate policy enforcement to prevent misconfigurations.
  • Standard policies. Use policy to enforce best practices, such as preventing workloads from running as root, requiring resource limits to be set, and disallowing resources in the default namespace.
  • Organization-specific policies. Enforce best practices that are unique to your organization. For example, require team or cost tracking labels on each workload, enforce a list of allowed image registries, and set policies that enable you to more easily meet compliance and auditing requirements.
  • Environment-specific policies. Adjust policies for specific clusters or namespaces, such as enforcing stricter security requirements in production clusters or allowing looser enforcement in namespaces that run low-level infrastructure.

Choose Cloud-native Infrastructure for AI

Cloud-native infrastructure offers numerous advantages for AI projects, including the potential for faster time-to-market and improved resource allocation. Cloud-native practices can also facilitate better collaboration between data scientists, developers, and operations teams, while cloud-native tools can help manage the entire AI lifecycle, from data preparation to model deployment and monitoring.

“While several challenges remain, including managing resource demands for complex AI workloads, ensuring reproducibility and interpretability of AI models, and simplifying user experience for non-technical practitioners, the Cloud Native ecosystem is continually evolving to address these concerns.”
CNCF AI Working Group: Cloud Native Artificial Intelligence

Embracing cloud-native infrastructure and following Kubernetes best practices is key to unlocking the full potential of AI applications. By leveraging the scalability, flexibility, and efficiency of cloud-native technologies, organizations can create more powerful, resilient, and cost-effective AI solutions.

Organizations ready to deploy new AI/ML applications and services must learn a lot. ​​GPU access in the cloud is more complex than spinning up a new node type. If your core business isn’t infrastructure, consider  Managed Kubernetes-as-a-Service, a people-led service from Fairwinds that accelerates your AI deployment goals by building the secure, reliable, and efficient infrastructure you need with the necessary compute resources for AI/ML.

Explore Managed Kubernetes-as-a-Service

*** This is a Security Bloggers Network syndicated blog from Fairwinds | Blog authored by Andy Suderman. Read the original post at: https://www.fairwinds.com/blog/4-best-practices-cloud-native-infrastructure-ai-workloads


文章来源: https://securityboulevard.com/2024/09/4-best-practices-for-using-cloud-native-infrastructure-for-ai-workloads/
如有侵权请联系:admin#unsafe.sh