Glossary

8.2 Containerization and Orchestration (Docker, Kubernetes)

5 min readjuly 30, 2024

revolutionizes ML development by packaging apps and dependencies into portable units. This ensures consistency across environments, enables version control, and supports microservices. It's a game-changer for collaboration and in ML teams.

and take center stage in containerized ML. Docker builds and manages images, while Kubernetes orchestrates complex workflows. Together, they provide the scalability, efficiency, and fault tolerance needed for robust ML systems in the cloud.

Benefits of containerization for ML

Consistency and Portability

Top images from around the web for Consistency and Portability

1 of 3

Top images from around the web for Consistency and Portability

1 of 3
  • Containerization encapsulates ML applications and dependencies into isolated, portable units ensuring consistency across environments (development, testing, production)
  • Enables version control and reproducibility of ML environments facilitating collaboration and deployment across teams
  • Supports allowing ML components to be developed, deployed, and scaled independently
  • Facilitates implementation of continuous integration and continuous deployment (CI/CD) pipelines for ML workflows
    • Automates testing, building, and deployment processes
    • Enables rapid iteration and experimentation in ML development

Efficiency and Scalability

  • Provides lightweight allowing for efficient resource utilization and rapid scaling of ML workloads
    • Containers share the host OS kernel, reducing overhead compared to traditional VMs
    • Enables quick start-up and shutdown of ML services
  • Container orchestration platforms (Kubernetes) enable automated deployment, scaling, and management of containerized ML applications
    • Horizontal scaling to handle varying workloads
    • across multiple instances
  • Supports efficient GPU utilization for ML tasks
    • runtime allows containerized applications to access GPU resources
    • Enables sharing of GPU resources among multiple containers

Security and Resource Control

  • Enhances security by isolating applications and providing granular control over resource access and network policies
    • Limits potential attack surface and contains security breaches
    • Enables implementation of least privilege principle
  • Allows fine-grained control over resource allocation (CPU, memory, GPU) for ML workloads
    • Prevents resource contention between different ML tasks
    • Enables efficient utilization of cluster resources
  • Facilitates implementation of role-based access control (RBAC) for ML workflows
    • Restricts access to sensitive data and model artifacts
    • Enables auditing and compliance with data protection regulations

Docker containers for ML applications

Building and Managing Docker Images

  • Docker images built using Dockerfiles specify base , dependencies, and configuration for ML applications
    • Example Dockerfile for a Python-based ML application: 
      FROM python:3.8
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . /app
WORKDIR /app
CMD ["python", "train_model.py"]
  • and private registries serve as repositories for storing and sharing Docker images including pre-built ML frameworks and tools (TensorFlow, PyTorch)
  • Docker commands used to build, run, stop, and manage containers with specific considerations for GPU support in ML workloads
    • Building an image: 
      docker build -t ml-app:v1 .
    • Running a container: 
      docker run --gpus all -it ml-app:v1
  • Best practices for optimizing Docker images for ML applications
    • Minimize image size using multi-stage builds
    • Efficiently manage dependencies using package managers (conda, pip)
    • Leverage caching mechanisms to speed up build process

Data Management and Networking

  • Docker volumes and bind mounts enable persistent storage and data sharing between host system and containers crucial for managing ML datasets and model artifacts
    • Creating a volume: 
      docker volume create ml-data
    • Mounting a volume: 
      docker run -v ml-data:/app/data ml-app:v1
  • Docker networking allows containers to communicate with each other and external services supporting distributed ML architectures
    • Creating a network: 
      docker network create ml-network
    • Connecting containers: 
      docker run --network ml-network ml-app:v1
  • facilitates definition and management of multi-container ML applications specifying service dependencies and configurations
    • Example Docker Compose file for an ML application with separate services for training and inference: 
      version: '3'
services:
  training:
    build: ./training
    volumes:
      - ./data:/app/data
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [gpu]
  inference:
    build: ./inference
    ports:
      - "8080:8080"
    depends_on:
      - training

Orchestrating ML workflows with Kubernetes

Kubernetes Architecture and Objects

  • Kubernetes architecture consists of master and worker nodes with key components including API server, scheduler, and kubelet
  • Kubernetes objects used to define and manage containerized ML applications
    • Pods: Smallest deployable units containing one or more containers
    • Deployments: Manage ReplicaSets and provide declarative updates for Pods
    • Services: Enable network access to a set of Pods
  • ConfigMaps and Secrets allow for externalized configuration and secure management of sensitive information in ML workflows
    • Example for ML hyperparameters: 
      apiVersion: v1
kind: ConfigMap
metadata:
  name: ml-config
data:
  learning_rate: "0.01"
  batch_size: "32"

Scaling and Resource Management

  • Kubernetes enables automatic scaling of ML application replicas based on resource utilization or custom metrics
    • Example HPA configuration: 
      apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
  name: ml-app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: ml-app
  minReplicas: 1
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      targetAverageUtilization: 50
  • Persistent Volumes and Claims provide storage abstractions for managing ML data and model artifacts
  • Kubernetes Jobs and CronJobs used to schedule and manage batch processing tasks in ML pipelines
    • Example Job for model training: 
      apiVersion: batch/v1
kind: Job
metadata:
  name: model-training
spec:
  template:
    spec:
      containers:
      - name: training
        image: ml-training:v1
        resources:
          limits:
            nvidia.com/gpu: 1
      restartPolicy: Never

Deployment and Package Management

  • charts simplify packaging, versioning, and deployment of complex ML applications on Kubernetes clusters
    • Example Helm chart structure for an ML application: 
      ml-app/
├── Chart.yaml
├── values.yaml
├── templates/
│   ├── deployment.yaml
│   ├── service.yaml
│   └── configmap.yaml
└── charts/
  • Kubernetes operators extend platform's capabilities for automated management of complex, stateful ML applications and workflows
    • Kubeflow Operator for managing ML pipelines
    • Seldon Operator for model serving

Fault-tolerant ML architectures with containerization

High Availability and Self-Healing

  • Kubernetes ReplicaSets and Deployments ensure high availability by maintaining desired replica counts and managing rolling updates of ML applications
  • Liveness and readiness probes enable health checking and automatic recovery of ML containers
    • Example liveness probe configuration: 
      livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 30
  periodSeconds: 10
  • Kubernetes node affinity and anti-affinity rules allow for intelligent placement of ML workloads across cluster nodes for improved reliability
    • Spreading ML model replicas across different nodes
    • Co-locating data preprocessing and model training pods

Stateful Applications and Networking

  • Statefulsets provide ordered deployment and scaling for stateful ML applications ensuring data consistency
    • Example for distributed training: 
      apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: distributed-training
spec:
  serviceName: "training"
  replicas: 3
  selector:
    matchLabels:
      app: training
  template:
    metadata:
      labels:
        app: training
    spec:
      containers:
      - name: training
        image: distributed-training:v1
  • Network policies enable fine-grained control over communication between ML components enhancing security and fault isolation
    • Restricting access to sensitive data stores
    • Isolating model training environments from inference services

Advanced ML Orchestration

  • Distributed ML frameworks (Kubeflow) leverage Kubernetes for scalable and fault-tolerant ML pipelines and model serving
    • Kubeflow Pipelines for end-to-end ML workflows
    • KFServing for scalable model deployment
  • Kubernetes operators extend platform's capabilities for automated management of complex, stateful ML applications and workflows
    • TensorFlow Operator for distributed TensorFlow training
    • Spark Operator for large-scale data processing in ML pipelines

Key Terms to Review (28)

Auto-scaling: Auto-scaling is a cloud computing feature that automatically adjusts the number of active servers or resources in response to varying workloads. This capability ensures optimal performance and cost efficiency by scaling up resources during peak demand and scaling down when demand decreases, allowing applications to maintain performance without overspending on infrastructure.
Ci/cd pipeline: A CI/CD pipeline is a set of automated processes that enable continuous integration (CI) and continuous deployment (CD) of software applications. This methodology streamlines the software development lifecycle by allowing developers to integrate code changes frequently and deploy updates rapidly, reducing the time between writing code and getting it into production. By utilizing containerization and orchestration technologies, teams can ensure that applications are tested and deployed in consistent environments, promoting stability and reliability.
ConfigMap: A ConfigMap is a Kubernetes API object that allows you to store non-confidential data in key-value pairs. This enables developers to separate configuration settings from the container images, making it easier to manage application configurations without modifying the application code itself. By decoupling configuration from the application, ConfigMaps enhance flexibility and facilitate application updates, allowing for easy changes without the need to rebuild images.
Container Registry: A container registry is a centralized repository where container images are stored, managed, and distributed. This service allows developers to upload their container images and retrieve them when needed, facilitating the deployment and sharing of applications packaged in containers. It plays a critical role in the containerization and orchestration landscape, especially with tools that streamline the development and deployment process.
Containerization: Containerization is a technology that allows developers to package applications and their dependencies into isolated environments called containers. This approach ensures that software runs consistently across different computing environments, simplifying deployment and scaling. It’s closely linked to orchestration tools for managing containers, enabling seamless integration with serverless architectures, and streamlining continuous integration and delivery processes.
Deployment: Deployment refers to the process of making a machine learning model available for use in a production environment, allowing it to serve predictions or insights based on new data. This process includes various tasks such as preparing the environment, ensuring scalability, and integrating with other systems. Effective deployment is crucial for transforming a trained model into an operational tool that delivers real-world value.
Docker: Docker is an open-source platform that automates the deployment, scaling, and management of applications in lightweight, portable containers. By encapsulating an application and its dependencies into a single container, Docker simplifies the development process and enhances collaboration among team members, making it easier to ensure that applications run consistently across different environments.
Docker Compose: Docker Compose is a tool used to define and manage multi-container Docker applications. It simplifies the process of deploying complex applications by allowing developers to configure services, networks, and volumes in a single YAML file, making it easier to manage dependencies and interactions between containers. This functionality is crucial in containerization and orchestration, as it streamlines the setup and execution of applications that consist of multiple interdependent components.
Docker Hub: Docker Hub is a cloud-based repository that allows developers to store, share, and manage Docker images. It acts as a central hub for containerized applications, enabling easy access to pre-built images and facilitating collaboration among teams. Docker Hub integrates seamlessly with Docker, making it a crucial component in the workflow of containerization and orchestration, especially when working with tools like Kubernetes.
Helm: Helm is a package manager for Kubernetes, designed to simplify the deployment and management of applications in Kubernetes clusters. By using charts, which are packages of pre-configured Kubernetes resources, Helm enables users to automate the installation and upgrading of applications while managing their configurations effectively. This makes it easier to maintain consistency across different environments and speeds up the development process.
Horizontal Pod Autoscaler: The Horizontal Pod Autoscaler (HPA) is a Kubernetes feature that automatically adjusts the number of pod replicas in a deployment based on observed CPU utilization or other select metrics. This allows applications to scale dynamically in response to varying workloads, ensuring efficient resource use and maintaining performance during traffic spikes or drops.
Image: In the context of containerization and orchestration, an image is a lightweight, stand-alone, executable software package that includes everything needed to run a piece of software, including the code, runtime, libraries, environment variables, and configuration files. Images serve as the blueprint for creating containers, which encapsulate an application and its dependencies in a consistent environment across different systems.
Ingress controller: An ingress controller is a specialized component in Kubernetes that manages external access to services within a cluster, acting as a reverse proxy and enabling the routing of external HTTP/S traffic. It handles incoming requests, providing features such as load balancing, SSL termination, and path-based routing, which help streamline how applications are accessed from outside the cluster.
Kubernetes: Kubernetes is an open-source container orchestration platform designed to automate the deployment, scaling, and management of containerized applications. It allows developers to manage complex microservices architectures efficiently and ensures that the applications run reliably across a cluster of machines.
Load Balancing: Load balancing is the process of distributing network or application traffic across multiple servers to ensure no single server becomes overwhelmed, enhancing performance and reliability. This technique is vital in managing resources effectively, preventing server overloads, and ensuring smooth user experiences, particularly in environments utilizing containerization and distributed computing.
Log Aggregation: Log aggregation is the process of collecting, storing, and managing logs from multiple sources in a centralized system for easier analysis and troubleshooting. This is especially important in environments using containerization and orchestration, where numerous microservices and applications generate large volumes of log data that need to be monitored efficiently. By aggregating logs, teams can quickly identify issues, track performance metrics, and ensure that applications run smoothly across distributed systems.
Microservices architecture: Microservices architecture is a software development technique that structures an application as a collection of loosely coupled services, each responsible for a specific business function. This approach allows for greater flexibility, easier scaling, and improved fault isolation, as each service can be developed, deployed, and maintained independently. It connects closely with containerization and orchestration technologies, which streamline the deployment and management of these individual services across various environments.
Network Policy: Network policy refers to a set of rules and configurations that govern the communication and access control between different components in a containerized environment. It plays a crucial role in managing how pods in orchestration tools like Kubernetes can interact with each other and the outside world, ensuring security and efficient resource usage. By defining these policies, administrators can control which services can communicate, enforce security measures, and manage traffic flow effectively.
NVIDIA Docker: NVIDIA Docker is a tool that allows users to create and run containers leveraging NVIDIA GPUs, enabling high-performance GPU computing for applications like deep learning and machine learning. It integrates seamlessly with Docker, providing a way to package GPU-accelerated applications in a portable format, which can be easily deployed across different systems while maintaining consistent performance.
Observability: Observability refers to the ability to measure and analyze the internal states of a system based on its external outputs. In the context of technology, it plays a crucial role in monitoring the performance and health of applications running in environments like containers and orchestrators, allowing teams to gain insights into how systems behave, identify issues, and improve reliability.
Overlay network: An overlay network is a virtual network built on top of an existing physical network infrastructure, allowing for the creation of additional network services and structures. It enables communication between nodes through virtual connections, independent of the underlying hardware, making it essential for managing containerized applications and microservices.
Persistent Volume: A persistent volume is a storage resource in a container orchestration environment that provides a way to manage and maintain data independent of the lifecycle of individual containers. It allows for data to persist beyond the life of a pod, ensuring that applications can access and store their data reliably even if they are restarted or rescheduled. This capability is crucial in maintaining stateful applications, enabling seamless storage management across different environments.
Replicaset: A replicaset is a component in Kubernetes that ensures a specified number of pod replicas are running at any given time. It provides high availability and fault tolerance by maintaining the desired state of the application, automatically creating or deleting pods as necessary to meet that target number. This makes it essential for managing containerized applications and ensuring they are resilient and scalable.
Rolling Update: A rolling update is a deployment strategy that allows for updating applications or services without downtime by gradually replacing instances of the previous version with instances of the new version. This approach ensures that some instances remain operational while others are being updated, minimizing service disruption and maintaining availability. Rolling updates are essential in modern application management as they help maintain user experience and system stability during updates.
Secret: In the context of containerization and orchestration, a secret refers to sensitive data such as passwords, API keys, and certificates that must be securely managed and accessed by applications. Secrets are crucial for maintaining the security and integrity of applications running in containerized environments, preventing unauthorized access and data breaches. The management of secrets involves storing, retrieving, and using these sensitive pieces of information without exposing them in code or configuration files.
Service Discovery: Service discovery is a mechanism that allows applications to automatically locate and connect to services within a network. It plays a critical role in distributed systems by enabling dynamic communication between various components, which is particularly important in containerized and orchestrated environments where services can frequently change in terms of location, scale, and availability.
StatefulSet: A StatefulSet is a Kubernetes resource used to manage stateful applications. It provides unique, persistent identities to its pods, ensuring that each pod maintains its own state and data across restarts. This feature is crucial for applications that require stable storage and network identities, like databases and distributed systems.
Virtualization: Virtualization is the process of creating a virtual version of something, such as hardware platforms, storage devices, or network resources. It allows multiple simulated environments or dedicated resources to be created from a single physical hardware system. This technology is crucial for efficient resource management, providing isolation and scalability, and is a foundational aspect of containerization and orchestration systems like Docker and Kubernetes.
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Back
Practice QuizGlossary
Practice QuizGlossary
Next guide