Kubernetes

Introduction

Kubernetes ("k8s") is not part of official WLCG infrastructure, yet, but interest is growing and several people are working on it in different projects. There are similar efforts but there is no direction and no community effort yet. K8s is also a multifaceted tool that can be used in several different ways to solve different problems. This WG aims at working as an aggregating WG for people who want to work on specific themes. Not every solutions or k8s will be adopted but the aim is to facilitate adoption where needed.

Current Activities

• k8s as batch system for grid sites
  • As a batch system including federated clusters and schedulers
  • Submission from the experiments
  • Interact with CNCF research group.
  • People: Fernando (ATLAS), Danika (ATLAS, UniVic), Lukas (ATLAS), Alessandra (ATLAS, Manchester), Ryan (UniVic), Rolf (UniVic), Diego (CMS DODAS), Daniele (CMS DODAS), Cristina (CNAF)
• k8s deployment and operations
  • openstack
  • bare metal
  • People: Ryan (UniVic), Thomas H. (DESY), Vanessa (pic), Lincoln (SSL, IRIS-HEP), Alessandra (ATLAS/Manchester), Raul (Brunel), Stefano (CNAF), Cristina (CNAF)
• Common infrastructure
  • Registries
  • Helm charts repos
  • People: Ricardo (CERN), Lincoln (SSL, IRIS-HEP), Chris Weaver (SLATE, IRIS-HEP), Diego (CMS DODAS), Daniele (CMS DODAS), Cristina (CNAF)
• Service Deployment
  • Large scale deployment at CERN
  • Centralised deployment (SLATE, Dodas, simple)
• Image distribution (not strictly k8s, but still important)
  • Registries
  • Registries caches
  • cvmfs snapshotter
  • cvmfs unpacked
  • DUCC
  • People: WLCG image distribution WG (creation WIP) Gavin (CERN), Jakob (CVMFS), Simone (CVMFS), Alessandra (ATLAS, Manchester), Ricardo (CERN), Dave Dykstra (FNAL, CMS), Ryan (UniVic), Tadashi (ATLAS), Brian Lin (OSG), Cristina (CNAF)

Other Activities

• Security
  • k8s security in general
  • AAI (x509, tokens, VO SSO…, federated identity providers)
  • Images checks and sanitisation
  • Helm charts checks and sanitisation
• Analysis facilities
  • Jupiter hubs/binder hub/reana/kubeflow
  • Easier access to alternative architectures
• Storage integration
• k8s CRI and use of different runtimes
• CNCF landscape ( if we want to interact with the community we need to know the landscape https://landscape.cncf.io)
• Multi-tenancy, multi-site
• Systems built upon Kubernetes both Vendor provided and open Source.
  • One such example: RedHat OpenShift

Membership

WG is open to anyone who is interested in working on one of the themes.

Communication

We have a general egroup but for activities communication we want to give a try to discourse. To use the latter you need a CERN lightweight account

• General egroup wlcg-k8s: https://e-groups.cern.ch/e-groups/Egroup.do?egroupId=10360673.
• Discourse instance: https://wlcg-discourse.web.cern.ch

Documents

* Initial planning 07/01/2020

-- AlessandraForti - 2020-02-01