[submarine] branch master updated: SUBMARINE-494. Design for Notebook

[li...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git


The following commit(s) were added to refs/heads/master by this push:
     new 2cabd9d  SUBMARINE-494. Design for Notebook
2cabd9d is described below

commit 2cabd9d9957993480dc9f1936344fd14a6b9b443
Author: Wangda Tan <wa...@apache.org>
AuthorDate: Sun May 10 16:18:13 2020 -0700

    SUBMARINE-494. Design for Notebook
    
    ### What is this PR for?
    SUBMARINE-494 Design for Notebook support
    
    ### What type of PR is it?
    Documentation
    
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    SUBMARINE-494
    
    ### How should this be tested?
    * First time? Setup Travis CI as described on https://submarine.apache.org/contribution/contributions.html#continuous-integration
    * Strongly recommended: add automated unit tests for any new or changed behavior
    * Outline any manual steps to test the PR here.
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? Yes/No
    * Is there breaking changes for older versions? Yes/No
    * Does this needs documentation? Yes/No
    
    Author: Wangda Tan <wa...@apache.org>
    
    Closes #281 from wangdatan/SUBMARINE-494 and squashes the following commits:
    
    f8dfd30 [Wangda Tan] SUBMARINE-494 draft
---
 docs/design/implementation-notes.md    |   1 +
 docs/design/notebook-implementation.md | 111 +++++++++++++++++++++++++++++++++
 docs/design/security-implementation.md |  24 +++++++
 docs/design/storage-implementation.md  |   8 +++
 4 files changed, 144 insertions(+)

diff --git a/docs/design/implementation-notes.md b/docs/design/implementation-notes.md
index 2bbad3e..8d48844 100644
--- a/docs/design/implementation-notes.md
+++ b/docs/design/implementation-notes.md
@@ -22,6 +22,7 @@ Here're sub topics of Submarine implementations:
 - [Submarine Storage](./storage-implementation.md): How to store metadata, logs, metrics, etc. of Submarine.
 - [Submarine Environment](./environments-implementation.md): How environments created, managed, stored in Submarine. 
 - [Submarine Experiment](./experiment-implementation.md): How experiments managed, stored, and how the predefined experiment template works.
+- [Submarine Notebook](./notebook-implementation.md): How experiments managed, stored, and how the predefined experiment template works.
 - [Submarine Server](./submarine-server/architecture.md): How Submarine server is designed, architectuer, implementation notes, etc.
 
 Working-in-progress designs, Below are designs which are working-in-progress, we will move them to the upper section once design & review is finished: 
diff --git a/docs/design/notebook-implementation.md b/docs/design/notebook-implementation.md
new file mode 100644
index 0000000..f5e6a22
--- /dev/null
+++ b/docs/design/notebook-implementation.md
@@ -0,0 +1,111 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+
+# Submarine Notebook Implementation
+
+## Overview
+
+### User's interaction
+
+Users can start N (N >= 0) number of Notebook sessions, a notebook session is a running notebook instance.
+
+- Notebook session can be launched by Submarine UI (P0), and Submarine CLI (P2). 
+- When launch notebook session, users can choose T-shirt size of notebook session (how much mem/cpu/gpu resources, or resource profile such as small, medium, large, etc.). (P0)
+- And user can choose an environment for notebook. More details please refer to [environment implmentation](./environments-implementation.md) (P0)
+- When start a notebook, user can choose what code to be initialized, similar to experiment. (P1)
+- Optionally, users can choose to attach a persistent volume to a notebook session. (P2)
+
+Users can get a list of notebook sessions belongs to themselves, and connect to notebook session. 
+
+User can choose to terminate a running notebook session.
+
+### Admin's interaction 
+
+- How many concurrent notebook sessions can be launched by each user is determined by resource quota limits of each user, and maximum concurrent notebook sessions can be launched by each user. (P2)
+
+## Relationship with other components
+
+### Metadata store
+
+Running notebook sessions' metadata need persistented in Submarine's metadata store (Database).
+
+### Submarine Server
+
+```
+
+  +--------------+  +--------Submarine Server--------------------+
+  |Submarine UI  |  | +-------------------+                      |
+  |              |+--->  Submarine        |                      |
+  |  Notebook    |  | |  Notebook REST API|                      |
+  +--------------+  | |                   |                      |
+                    | +--------+----------+     +--------------+ |
+                    |          |             +->|Metastore     | |
+                    | +--------v----------+  |  |DB            | |
+                    | | Submarine         +--+  +--------------+ |
+                    | | Notebook Mgr      |                      |
+                    | |                   |                      |
+                    | |                   |                      |
+                    | +--------+----------+                      |
+                    |          |                                 |
+                    +----------|---------------------------------+
+                               |
+                +--------------+
+       +--------v---------+
+       | Notebook Session |
+       |                  |
+       |   instance       |
+       |                  |
+       +------------------+
+```
+
+Once user use Submarine UI to launch a notebook session, Submarine notebook manager inside Submarine Server will persistent notebook session's metadata, and launch a new notebook session instance. 
+
+### Resource manager
+
+When using K8s as resource manager, Submarine notebook session will run as a new POD.
+
+### Storage
+
+There're several different types of storage requirements for Submarine notebook. 
+
+For code, environment, etc, storage, please refer to [storage implementation](./storage-implementation.md), check "Localization of experiment/notebook/model-serving code".
+
+When there're needs to attach volume (such as user's home folder) to Submarine notebook session, please check [storage implementation](./storage-implementation.md), check "Attachable volume".
+
+### Environment
+
+Submarine notebook's environment should be used to run experiment, model serving, etc. Please check [environment implmentation](./environments-implementation.md). (More specific to notebook, please check "How to implement to make user can easily use Submarine environments")
+
+Please note that notebook's Environment should include right version of notebook libraries, and admin should follow the guidance to build correct Docker image, Conda libraris to correctly run Notebook.
+
+### Submarine SDK (For Experiment, etc.)
+
+Users can run new experiment, access metrics information, or do model operations using Submarine SDK. 
+
+Submarine SDK is a Python library which can talk to Submarine Server which need Submarine Server's endpoint as well as user credentials.
+
+To ensure better experience, we recommend always install proper version of Submarine SDK from environment which users can use Submarine SDK directly from commandline. (We as Submarine community can provide sample Dockerfile or Conda environment which have correct base libraries installed for Submarine SDK).
+
+Submarine Server IP will be configured automatically by Submarine Server, and added as an envar when Submarine notebook session got launched.
+
+### Security 
+
+Please refer to [Security Implementation](./security-implementation.md)
+
+Once user accessed to a running notebook session, the user can also access resources of the notebook, capability of submit new experiment, and access data. This is also very dangerous so we have to protect it. 
+
+A simple solution is to use token-based authentication https://jupyter-notebook.readthedocs.io/en/stable/security.html. A more common way is to use solutions like KNOX to support SSO. 
+
+We need expand this section to more details. (TODO).
\ No newline at end of file
diff --git a/docs/design/security-implementation.md b/docs/design/security-implementation.md
new file mode 100644
index 0000000..0770d01
--- /dev/null
+++ b/docs/design/security-implementation.md
@@ -0,0 +1,24 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+
+# Submarine Security Implementation 
+
+## Handle User's Credential
+
+Users credential includes Kerberoes Keytabs, Docker registry crendentials, Github ssh-keys, etc.
+
+User's credential must be stored securitely, for example, via KeyCloak or K8s Secrets.
+
+(More details TODO)
\ No newline at end of file
diff --git a/docs/design/storage-implementation.md b/docs/design/storage-implementation.md
index 36d41a6..7968c4a 100644
--- a/docs/design/storage-implementation.md
+++ b/docs/design/storage-implementation.md
@@ -151,6 +151,14 @@ Other than ML-related objects, we have system-related objects, including:
 
 All these information should be handled by 3rd party system, such as Grafana, Prometheus, etc. And system admins are responsible to setup these infrastructures, dashboard. Users of submarine should NOT interact with system related metrics/logs. It is system admin's responsibility.
 
+## Attachable Volumes 
+
+It is possible user has needs to have an attachable volume for their experiment / notebook, this is especially useful for notebook storage, since contents of notebook can be automatically saved, and it can be used as user's home folder. 
+
+Downside of attachable volume is, it is not versioned, even notebook is mainly used for adhoc exploring tasks, an unversioned notebook file can lead to maintenance issues in the future. 
+
+Since this is a common requirement, we can consider to support attachable volumes in Submarine in a long run, but with relatively lower priority.
+
 ## In-scope / Out-of-scope 
 
  Describe what Submarine project should own and what Submarine project should NOT own.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org