Kubernetes AI 推理服务最佳实践
1. AI 推理服务核心概念
1.1 什么是 AI 推理服务
AI 推理服务是指将训练好的 AI 模型部署为可访问的服务,用于实时或批量处理推理请求。在 Kubernetes 环境中,AI 推理服务需要考虑资源管理、性能优化和高可用性。
1.2 常见的 AI 推理框架
- TensorFlow Serving:Google 开源的机器学习模型服务框架
- TorchServe:PyTorch 官方的模型服务框架
- ONNX Runtime:微软开源的跨平台推理引擎
- Triton Inference Server:NVIDIA 开源的高性能推理服务器
2. GPU 资源管理
2.1 安装 GPU 驱动和 NVIDIA Device Plugin
# 安装 NVIDIA 驱动(在节点上执行)
apt-get install -y nvidia-driver-535
# 安装 NVIDIA Device Plugin
kubectl apply -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v0.14.0/nvidia-device-plugin.yml
# 验证 GPU 资源
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.capacity.nvidia\.com/gpu}{"\n"}{end}'
2.2 GPU 资源分配
部署使用 GPU 的推理服务
apiVersion: apps/v1
kind: Deployment
metadata:
name: tensorflow-serving
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tensorflow-serving
template:
metadata:
labels:
app: tensorflow-serving
spec:
containers:
- name: tensorflow-serving
image: tensorflow/serving:latest
ports:
- containerPort: 8501
resources:
limits:
nvidia.com/gpu: 1
requests:
nvidia.com/gpu: 1
volumeMounts:
- name: model-volume
mountPath: /models
volumes:
- name: model-volume
persistentVolumeClaim:
claimName: model-pvc
3. TensorFlow Serving 部署
3.1 准备模型
# 下载示例模型
mkdir -p models/mnist/1
wget -O models/mnist/1/saved_model.pb https://storage.googleapis.com/download.tensorflow.org/models/official/20181001_resnet/savedmodels/resnet_v2_fp32_savedmodel_NHWC_jpg.tar.gz
# 创建模型存储
kubectl create -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: model-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
EOF
3.2 部署 TensorFlow Serving
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tf-serving
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tf-serving
template:
metadata:
labels:
app: tf-serving
spec:
containers:
- name: tf-serving
image: tensorflow/serving:latest
ports:
- containerPort: 8500
- containerPort: 8501
env:
- name: MODEL_NAME
value: mnist
volumeMounts:
- name: model-volume
mountPath: /models
volumes:
- name: model-volume
persistentVolumeClaim:
claimName: model-pvc
service.yaml
apiVersion: v1
kind: Service
metadata:
name: tf-serving
namespace: default
spec:
selector:
app: tf-serving
ports:
- port: 8501
targetPort: 8501
type: LoadBalancer
# 部署服务
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
# 测试推理服务
MODEL_SERVICE=$(kubectl get svc tf-serving -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
curl -d '{"instances": [[[0.0 for _ in range(28)] for _ in range(28)]]}' -X POST http://$MODEL_SERVICE:8501/v1/models/mnist:predict
4. Triton Inference Server 部署
4.1 安装 Triton Inference Server
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: triton-server
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: triton-server
template:
metadata:
labels:
app: triton-server
spec:
containers:
- name: triton-server
image: nvcr.io/nvidia/tritonserver:23.08-py3
ports:
- containerPort: 8000
- containerPort: 8001
- containerPort: 8002
resources:
limits:
nvidia.com/gpu: 1
requests:
nvidia.com/gpu: 1
volumeMounts:
- name: model-volume
mountPath: /models
volumes:
- name: model-volume
persistentVolumeClaim:
claimName: model-pvc
service.yaml
apiVersion: v1
kind: Service
metadata:
name: triton-server
namespace: default
spec:
selector:
app: triton-server
ports:
- port: 8000
targetPort: 8000
- port: 8001
targetPort: 8001
- port: 8002
targetPort: 8002
type: LoadBalancer
# 部署服务
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
# 检查服务状态
kubectl get pods -l app=triton-server
5. 性能优化
5.1 模型优化
- 模型量化:将模型从 FP32 量化为 INT8 或 FP16
- 模型剪枝:移除冗余的神经元和连接
- 模型蒸馏:使用大模型训练小模型
5.2 推理服务优化
配置批处理
apiVersion: apps/v1
kind: Deployment
metadata:
name: tf-serving-batched
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tf-serving-batched
template:
metadata:
labels:
app: tf-serving-batched
spec:
containers:
- name: tf-serving
image: tensorflow/serving:latest
ports:
- containerPort: 8501
env:
- name: MODEL_NAME
value: mnist
- name: TF_FORCE_GPU_ALLOW_GROWTH
value: "true"
- name: BATCH_SIZE
value: "32"
resources:
limits:
nvidia.com/gpu: 1
requests:
nvidia.com/gpu: 1
5.3 自动缩放
HPA 配置
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: tf-serving-hpa
namespace: default
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: tf-serving
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
6. 监控与可观测性
6.1 监控配置
Prometheus 配置
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: tf-serving-monitor
namespace: monitoring
spec:
selector:
matchLabels:
app: tf-serving
endpoints:
- port: 8501
path: /v1/monitoring/prometheus
interval: 15s
6.2 日志管理
日志配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: tf-serving
namespace: default
spec:
# ...
template:
spec:
containers:
- name: tf-serving
image: tensorflow/serving:latest
# ...
env:
- name: TF_CPP_MIN_LOG_LEVEL
value: "0"
- name: TF_ENABLE_GPU_GARBAGE_COLLECTION
value: "true"
args:
- --model_name=mnist
- --model_base_path=/models/mnist
- --enable_batching=true
- --batching_parameters_file=/models/batching_parameters.txt
7. 安全最佳实践
7.1 模型安全
- 模型加密:使用加密技术保护模型文件
- 访问控制:使用 RBAC 限制模型访问
- 模型版本管理:追踪模型版本和变更
7.2 网络安全
网络策略
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ai-inference-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: tf-serving
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: api-gateway
ports:
- protocol: TCP
port: 8501
egress:
- to:
- podSelector:
matchLabels:
app: monitoring
ports:
- protocol: TCP
port: 9090
8. 实际应用场景
8.1 多模型部署
多模型配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: triton-multi-model
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: triton-multi-model
template:
metadata:
labels:
app: triton-multi-model
spec:
containers:
- name: triton-server
image: nvcr.io/nvidia/tritonserver:23.08-py3
ports:
- containerPort: 8000
- containerPort: 8001
- containerPort: 8002
resources:
limits:
nvidia.com/gpu: 1
requests:
nvidia.com/gpu: 1
volumeMounts:
- name: model-volume
mountPath: /models
volumes:
- name: model-volume
persistentVolumeClaim:
claimName: models-pvc
8.2 A/B 测试
A/B 测试配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ai-inference-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "20"
spec:
rules:
- host: inference.example.com
http:
paths:
- path: /v1/models
pathType: Prefix
backend:
service:
name: tf-serving-v2
port:
number: 8501
9. 故障排查
9.1 常见问题解决
# 查看 GPU 使用情况
kubectl exec -it <pod-name> -- nvidia-smi
# 查看推理服务日志
kubectl logs -l app=tf-serving
# 检查模型状态
curl http://<service-ip>:8501/v1/models/mnist
# 测试推理服务
curl -d '{"instances": [[[0.0 for _ in range(28)] for _ in range(28)]]}' -X POST http://<service-ip>:8501/v1/models/mnist:predict
9.2 调试技巧
- 启用详细日志:设置 TF_CPP_MIN_LOG_LEVEL=0
- 使用 GPU 分析工具:nvidia-smi、nvprof
- 检查网络连接:确保服务可以正常访问
- 验证模型格式:确保模型格式正确
10. 总结
Kubernetes 为 AI 推理服务提供了强大的部署和管理能力。通过合理配置 GPU 资源、优化模型和服务参数,可以构建高性能、可靠的 AI 推理服务。
关键要点:
- 正确配置 GPU 资源管理
- 选择适合的推理框架
- 优化模型和服务性能
- 实施安全最佳实践
- 建立完善的监控和可观测性
通过以上最佳实践,可以充分发挥 Kubernetes 的优势,构建更加高效、可靠的 AI 推理服务。
