Machine Learning Pipelines, Kubernetes Workflows, and Security: Off-the-beaten-path Tech Tidbits from Google Next’19
By Alfie Tham
There are a lot of learnings and takeaways from Google Next’19, as well as exciting new product launches to discuss. In this post, I’ll move away from the hot topics, like Anthos, the new AutoML features, and the various open source integrations that have been abundantly covered online.
Instead, I’ll be cherry-picking 3 topics that stood out to me for anyone who is:
- productionizing Machine Learning models,
- developing with Kubernetes, or
- interested in cloud security
Productionizing Machine Learning Models with Kubeflow Pipelines
Productionizing machine learning capabilities has been on my mind for a while — specifically around setting up product teams with machine learning capabilities, and shipping these products at scale.
When launching a product that uses tailored machine learning (ML) models, it is important to have the capability to build these production-ready ML models in a deployable and scalable way. We’d want to be geared for streamlined updates, ready for new feature releases, and structure your ML / Data Science team for success. And we’d want to do this with the operational efficiency and all the enablers that your ML / Data Science team would need to unleash their creativity and intellect on improving their ML models.
In a breakout session by Willem Pienaar (GOJEK), and Anand Iyer (Google Cloud), Kubeflow on Google Cloud was discussed as a powerful platform for this. First of all, it allows for a neat way to structure teams with ML Engineers building the pipelines for Data Scientists who can then focus on improving ML models. This enables easier and more rapid experimentation, with high traceability and reproducibility while minimizing the time spent replicating boilerplate code and manual engineering.
Besides, pipeline components can be authored as modular reusable components that are shareable. As part of AI Hub (launched at Next’19), engineers and scientists can share their modular pipeline components which can be easily imported using the Python SDK. E.g. with the following method: fkp.components.load_component_from_url(‘…’).
The ecosystem for AI communities to share code and components would be a huge plus for the industry.
Cloud Code for VSCode
Cloud Code for VSCode seemed to have a lot of attention at Google Next this year. From 30,000 feet, Cloud Code is moving in the direction of delighting developers by making it much easier to develop with Kubernetes.
Cloud Code is a neat VSCode extension that abstracts Kubernetes management CLIs like kubectl or gcloud container into a user interface or the VSCode command palette, and uses Skaffold to manage deployments. It also comes with a set of code snippets for YAML configs. No more copying and pasting boilerplate YAML configs!
With Cloud Code you can easily set up a workflow for local Kubernetes development on Docker Desktop or Minikube. Beyond that, you could also easily create and deploy to clusters on Google Kubernetes Engine, Amazon EKS, and Azure Kubernetes — a nod to Google Cloud being open to supporting multi-cloud.
For developers new to Kubernetes or who don’t deploy to it often, they would spend less time memorizing Command Line Interface (CLI) options, navigating CLI manuals, managing custom deployment shell scripts, or referring to YAML configuration documentation.
This frees up time to focus more on creating. As Cloud Code matures, the added delight and lower barrier to experiment with Kubernetes could help make Kubernetes more widely adopted.
Security
Cloud security is one area where I’ve noticed an increased interest both from clients and peers in the industry. While there are a lot of good products and work being done out there, I’ll only be highlighting a few things that I saw from Google Next.
Cloud Security Command Center
Cloud Security Command Center, made generally available at Next’19, brings together all security management and data risk features on Google Cloud Platform.
With Cloud Security Command Center, organizations can have a centralized way to detect and respond to security threats. Features like threat detection, real-time notifications, and audit logs help with triaging and addressing incidents.
The increased visibility on your organization’s cloud assets also helps you take proactive and preventative security measures. By automatically integrating tools like Cloud Data Loss Prevention API, and Cloud Security Scanner, vulnerabilities can quickly be surfaced to your security or product teams.
Shielded VMs
Launched at the previous Google Next, Shielded VMs are a Google Cloud Platform-specific feature that gives you verifiable integrity of Compute Engine VM instances. Specifically, from any compromise at the boot or kernel-level by bootkits or rootkits.
One piece of feedback that I discussed on the Expo floor was that this feature wasn’t very prominent on the Compute Engine web interface. I also had a discussion on how this could perhaps be a default feature for Compute VMs, at least for the popular images.
Asylo
Although announced at last year’s Google Next, this open source framework for developing enclave applications was demoed at Next’19 and I think is worth mentioning.
Asylo makes it easier for developers to build applications on enclaves — special execution contexts for code to run securely. There is likely going to be an increasing need for private and secure computing moving forward. I am looking forward to seeing where enclaves are going and the use cases adopting it.
In Closing
I hope this post has given you some brain fodder to chew on whether you’re interested in productionizing Machine Learning models, developing cloud-native applications with Kubernetes, or interested in cloud security.
Alfie Tham is excited about the space where technology, business and design intersect, and bringing these elements together to create great products, teams, and businesses. In his day job, he works to build digital products, and grow highly effective teams. His roles in technology and product organizations are typically in the areas of conceptual design, system architecture, and full-stack engineering.
TribalScale is a global innovation firm that helps enterprises adapt and thrive in the digital era. We transform teams and processes, build best-in-class digital products, and create disruptive startups. Learn more about us on our website. Connect with us on Twitter, LinkedIn & Facebook!
