|
| 1 | +# Keynote |
| 2 | + |
| 3 | +The theme of the day is digital soveriegnty, so looking forward to no AI today. |
| 4 | + |
| 5 | +## Digital Sovereignty |
| 6 | + |
| 7 | +We must separate the code itself and the deployment of it. Code can be sovereign, but can remain |
| 8 | +global commons. Keep global commans, but do sovereign deployments of it. |
| 9 | + |
| 10 | +Teams are looking more into suply chains, understading dependencies, as the date of the |
| 11 | +Cyber Resilience Act is approaching. |
| 12 | + |
| 13 | +We need to be careful not to fragment the open source landscape that powers so many companies. |
| 14 | +Sovereignty should not mean fragmented code, but shared code commnons in a sovereign deployment. |
| 15 | + |
| 16 | +## CRA Expert Group |
| 17 | + |
| 18 | +The CRA will affect us all, especially in the EU. How will it impact us as developers? |
| 19 | + |
| 20 | +The CRA is a list of ingredients, devices need to list all the software that's on it. They provider |
| 21 | +of devices have to report on this and on vulnerabilities of the components. As software developers, |
| 22 | +we will learn more on where our software is being used. |
| 23 | + |
| 24 | +_When your hobby project gets added to a product, you have to report for CRA lol._ |
| 25 | + |
| 26 | +As a steward, a foundation not a person, you have to do 2 things: |
| 27 | + |
| 28 | +- provide a contact to report security problems |
| 29 | +- report security fixes to _something_ |
| 30 | +- report infrastructure security failures |
| 31 | + |
| 32 | +Use <https://www.bestpractices.dev/en>, if you follow this, you are covered for CRA. Use [reuse](https://reuse.software/) |
| 33 | +for all the legal stuff for your tooling. Use automation for making SBOMs. |
| 34 | + |
| 35 | +## Digital Sovereignty by Design |
| 36 | + |
| 37 | +Kubernetes automated containers, not the world around them. Everything from databases, networking, events and identity, |
| 38 | +are not managed by Kubernetes. Saxo Bank automated the cluster, not the boundaries. For things outside the cluster, |
| 39 | +they introduced blueprints. The developer defines "I speak to this Kafka topic", no specific brokers, no identitief. A single |
| 40 | +PR abstracts away all the hard parts. |
| 41 | + |
| 42 | +Sovereignty in practice: you can change your mind about infrastructure without changing your application. It's not where you run, |
| 43 | +it's the freedom to change where you run, what you run and how it's connected. |
| 44 | + |
| 45 | +## Keeping Sovereignty on Track |
| 46 | + |
| 47 | +SNCF, the railway provider in France, built their onprem clusters on top of Talos Linux, OpenStack and a bunch of other tools. |
| 48 | +For them, sovereignty is the ability to build autonomous solutions. |
| 49 | + |
| 50 | +## Inference and Sovereign AI |
| 51 | + |
| 52 | +How do we scale up AI without surrendering control of the data? The majority of companies sees sovereign AI as a top strategic |
| 53 | +priority. How do we bring the scale of Kubernetes to run our AI models? |
| 54 | + |
| 55 | +Scaling AI is not like scaling web applications. Web is small and fast, AI is not. The traditional way of traffic routing |
| 56 | +and load balancing is broken for AI. To run gen AI at scale, we cannot rely on yesterday's plumbing, we need a platform |
| 57 | +that is fully AI aware. |
| 58 | + |
| 59 | +True sovereignty avoids vendor lock-in. To make the AI factory on Kubernetes a reality, Red Hat has been contributing to vLLM, |
| 60 | +llm-d and [KServe](https://kserve.github.io/website/). For AI aware load balancing, they contributed to the Gateway API extension for inference. |
| 61 | + |
| 62 | +_I should read more on [KV Cache](https://huggingface.co/blog/not-lain/kv-caching) to understand how the routing works._ We're moving far beyond |
| 63 | +round robin to context aware routing. Sovereignty is about: your AI, your infrastructure, your rules. |
| 64 | + |
| 65 | +[More on AI by Red Hat](https://www.redhat.com/en/blog/sovereign-ai-architecture-scaling-distributed-training-kubeflow-trainer-and-feast-red-hat-openshift-ai) |
| 66 | + |
| 67 | +## European Space Agency |
| 68 | + |
| 69 | +By 2023, [esa](https://www.esa.int/) wants to scale up the number of space missions. They partnered with Canonical to make their deployment |
| 70 | +to space hardware flexible. For runtime, their systems rely on Kubernetes, for storage they use Ceph. Onto the clusters, ESA is running Postgres, |
| 71 | +Spark, Kubeflow and Kafka to provide insides on the running mission. For ESA, running mature software was critical. |
| 72 | + |
| 73 | +## Links |
| 74 | + |
| 75 | +- <https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act> |
| 76 | +- <https://openssf.org/cra/> |
| 77 | +- <https://neonephos.org/> |
| 78 | +- <https://aregistry.ai/> |
| 79 | +- <https://github.com/langchain-ai/agentevals> |
0 commit comments