Radio Cloud Native - Week of June 8, 2022

Nick Chase & Eric Gregory - June 09, 2022
image

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news.

This week they discussed:

You can download the podcast from Apple Podcasts, Spotify, or wherever you get your podcasts. If you'd like to tune into the next show live, follow Mirantis on LinkedIn to receive our announcement of next week’s broadcast.

The OpenInfra Foundation's new "directed funding" model

Eric Gregory: OpenInfrastructure Summit is happening right now in Berlin. Mirantis is there with quite a few talks diving into infra issues, as well as the Mirantis Biergarten, so if you’re in Berlin you should definitely say hi to our colleagues.

There’s some news happening at the summit as well. The OpenInfra Foundation announced a new model for funding open source projects within the foundation. This “directed funding” model lets member companies choose to focus their funding on particular projects. This is in contrast to the more traditional foundation structure in which organizations pay for membership and the foundation itself distributes funds to projects. So now, if a company finds a particular project especially important or relevant, they can address that directly.

OpenCost and the challenges of assessing Kubernetes cost

Nick Chase: And while we're on the subject of cost, let's talk about the cost of running Kubernetes. A new study from Cast.AI shows that in general, companies are wasting as much as 65% of their Kubernetes spend, whether that's on public or private cloud. (Though of course on private cloud you do have a certain amount of fixed cost.)

A report on Financial Operations for Kubernetes from CNCF and the FinOps Foundation from last year found that 68% of respondents reported Kubernetes costs on the uptick, and most blamed it on a lack of tools to understand what was going on within their clusters. Only 27% of respondents had accurate showback or chargeback tools, with 68% relying on estimates or just giving up entirely.

Not that there aren't tools out there.  There are a ton of them, but none of them has really taken the lead. That may be changing, however. Even in that study, the most popular open source tool, and the second most popular overall behind AWS Cost Explorer which obviously has limited utility, was Kubecost, an open source tool for monitoring what is going on in your cluster.

Now the company behind Kubecost has joined other companies, such as Amazon Web Services (AWS), Armory, D2iQ, Google, Adobe, SUSE, Mindcurv, and New Relic to release the core of Kubecost as the brand new OpenCost project, which it has submitted to the CNCF for governance.

The premise behind OpenCost is to standardize reporting and analysis to enable companies to get a better understanding of what's going on in their clusters so they can make changes and save money.

According to the OpenCost Github repo it includes common sense features such as:

  • Real-time cost allocation by Kubernetes service, deployment, namespace, label, statefulset, daemonset, pod, and container

  • Dynamic asset pricing enabled by integrations with AWS, Azure, and GCP billing APIs

  • Supports on-prem k8s clusters with custom pricing sheets

  • Allocation for in-cluster resources like CPU, GPU, memory, and persistent volumes.

  • Allocation for AWS & GCP out-of-cluster resources like RDS instances and S3 buckets with a key, and

  • The ability to easily export pricing data to Prometheus with /metrics endpoint

OpenCost is being distributed under the Apache2 license and it's available right now.  You can easily install it into any Kubernetes cluster.

Sources: Container Journal, Protocol, CNCF FinOps Report

Atlassian's Confluence vulnerability

Eric Gregory: On June 2nd, Atlassian issued a security advisory that there was a critical security flaw in its Confluence Server and Data Center. The CVE, designated 2022-26134, allows for remote code execution, and Atlassian advises that it’s being actively exploited. All supported versions of the software are affected, and happily there is now a patch: release versions...

  • 7.4.17

  • 7.13.7

  • 7.14.3

  • 7.15.2

  • 7.16.4

  • 7.17.4

  • 7.18.1

...contain fixes for this issue.

PyWhy and understanding causality with machine learning

We weren't here last week so we didn't cover the Microsoft Build conference, but if we had, we'd have been talking about how many of the announcements were around artificial intelligence and machine learning tools.  And it's no wonder, really. It's not just all of the big data jobs, but also the ability for developers and operators to use it, and even the need to control infrastructure with it, a field we refer to as AIOps.

This week, we're reporting on the fact that Microsoft has created a new Github organization for the new release of its DoWhy causal inference library. The organization is called PyWhy.

So before we even think about why this is important, we need to understand why DoWhy even is, and what it does.  And that all comes down to causal inference, so let's start there.

Most machine learning algorithms are intended to predict whether or not something is going to happen based on the rest of the data we have. So for example, if we were to plot out how much chicken feed I have to buy based on how many chickens I have, that would be easy because it's a linear distribution, so the graph would be a straight line.

But in most cases it's not that easy. For example, maybe the amount of feed my chickens eat is based on how many chickens plus the square of how hot it gets during the day.

Now we've got a much more complicated graph, which will go up and down based on the temperature.

Machine learning routines are based on figuring out the mathematical equation (or in the case of neural networks, the group of mathematical equations and their relative weights) that best fits the training data and then using that to predict a result with new data.

Now, that's all great, but it doesn't tell us one single thing about WHY something happens.  

And this notion of causality is something that's not as obvious as it seems.  I mean, we can look at correlations and think we understand. You run a red light, you get into an accident. The sun comes up, the rooster starts crowing. It seems to be logical.  But really, those things are just correlated.  In fact, one of my favorite sites is Spurious Correlations, which shows data that's correlated, in that it behaves similarly over time, but that's obviously not related...

Check out the podcast for the rest of our conversation about machine learning and causality, and much more.