►
From YouTube: Real-Time Data Anonymization the Serverless Way Demo
Description
Presented at KubeCon North America 2021 by Yuval Lifshitz & Huamin Chen
A
This
is
a
demo
for
the
real-time
data
itemization
talk
given
in
cubecon
2021.,
so
I'm
going
to
show
here
how
faces
and
license
plate
have
been
automatically
blurred
for
images
being
uploaded
to
the
cef
storage
system.
A
Stuff
is
going
to
be
configured
and
deployed
using
the
rook
operator.
The
serverless
function.
That's
going
to
actually
do
the
blurring
is
going
to
be
based
on
the
kda
serverless
framework,
and
the
notifications
from
saf
to
the
serverless
framework
is
going
to
go
over
a
rabbitmq
message,
bus
also
being
deployed
by
the
private
mq
operator.
A
You
can
see
here
the
parts
and
all
the
all
the
code
for
the
demo
is
in
github,
so
you
can
get
it
from
there.
So
the
first
thing
I'm
going
to
do,
I'm
just
going
to
clone
the
repo.
A
So
the
rook
operator
has
couple
of
components.
The
base
rook
operators
operator
has
clds
the
common
and
the
operator
itself.
You
can
see
here
that
we're
taking
our
developer
build
yamls
because
we
have
like
the
this
is
still
working
progress.
It's
not
really
in
mainline
rook.
This
is
why
we
need
our
special
images.
A
After
we're
gonna
install
the
basic
rook
stuff,
then
we're
gonna
bring
up
the
steph
cluster
and
after
we
have
the
staff
cluster,
which
is
the
the
osds
and
all
the
back
end
for
storage.
We're
gonna
have
our
redis
gateway
our
object
front
and
be
installed.
We
also
need
a
toolbox
to
do
a
couple
of
operations.
A
A
And
after
we
have
the
osd's
and
everything
we
should
have,
the
redis
gateway,
the
red
square.
Three
is
the
object,
store
front
end,
and
this
is
what's
going
to
send
us
the
notifications
that
we
need
to
for
the
whole
thing
to
work
yeah.
So
now
we
have
the
redis
gate
we're
running
and
I
think
we
can
start
the
thing
failing
here
are
the
cfs
and
rbd.
A
Okay,
so
we
have
rook
up
and
running,
we
have
the
osd.
Is
the
ready
skate
for
everything
working
there?
Now
we
need
to
create
a
bucket.
So
let's
see
how
we
do
that,
so
we
create
a
bucket.
The
bucket
needs,
first,
a
storage
class,
and
after
we
have
the
storage
class,
we
have
the
object
bucket
claim
it's
pretty
straightforward.
It
points
to
the
storage
class.
It
tells
which
source
that
we're
using
the
storage
class
points
to
the
object
store
we're
talking
about.
A
A
A
Now
we
also
need
to
set
up
the
environment
parameters,
so
the
environment
parameters
are
the
the
name
of
the
redux
gateway
service
and
the
access
and
secret
keys
needed
for
it.
Let's
source
this
file.
A
So
the
next
step
was,
we
have
rook
and
we
have
ceph
and
we
have
reddish
gateway.
We
also
need
the
rabbit
enqueue,
so
rabbit
mq
is
being
installed
also
by
an
operator
provided
by
rabbit
and
q
and
we're
just
going
to
run
this
operator.
A
A
A
The
cadet
consumer
also
needs
to
know
the
queue
that
it's
being
following.
The
notifications
from
and
the
queue
is,
then
we
do
the
binding
between
the
queue
and
the
routing
key
and
the
routing
key
name
demo
has
to
match
the
name
of
the
topic
that
we're
configuring
on
the
redis
gateway.
So
let's
run
that.
A
A
The
last
step
that
we're
taking
is
to
define
a
notification
notification.
It
was,
it
is
what
ties
together
the
topic
which
is
where
to
send
the
information
to
together
with
the
bucket
now
the
bucket
definition
doesn't
exist
here,
but
the
bucket
definition
or
what
ties
the
notification
to
the
bucket
is
in
the
label
that
we
described
before
in
the
object-backed
claim.
So
when
we're
going
to
create
identification,
we're
going
to
search
for
all
the
object
bucket
claims
that
has
a
label
that
match
the
notification
name
and
define
this
notification
on
these
buckets.
A
So
the
spec
notification
tells
us
what
is
the
topic
where
to
send
the
information
to
and
when
to
send
the
information.
So
what
kind
of
events
in
our
case
we're
interested
in
object,
creation
events?
We
just
want
to
run
our
our
cada
serverless
function
when
an
object
is
being
created
when
an
image
is
being
uploaded.
So
this
is
why
we
only
interested
in
object
creation
events.
A
We
can
also
see
the
topic
with
the
same
spec.
We
see
that
the
endpoint
is
configured
with
the
username
and
password
that
we
fetched
from
the
rabbitmq
instance,
and
we
can
also
see
that
the
redis
gateway
have
allocated
this
topic
with
an
aran,
which
means
that
the
topic
was
successfully
provisioned
on
the
rgw.
A
A
This
is
the
yamo
that
tells
us
what
is
this,
this
serverless
function?
It
needs
to
know
which
queue
it's
going
to
pull
the
data
from,
and
this
is
the
rapidmq
consumer
and
it
has
to
know
what
it's
going
to
do
with
this,
and
what
he's
going
to
do
with
this
is
execute
the
blurring
functionality.
A
Now
the
last
thing
that
we
need
to
do
is
we
need
to
create
the
secrets
that
are
needed
because,
for
example,
this
blurring
function
need
to
go
and
fetch
information
from
the
redis
gateway.
When
it
gets
notification
it
needs
to
fetch
the
the
image
blur
it
and
then
write
it
back.
A
So,
in
order
to
fetch
that
and
write
back
back,
it
needs
to
know
all
the
credentials
now
the
credentials
we
source
them
here
from
the
outside
of
the
of
the
cluster,
so
we
can
interact
from
the
outside,
but
this
has
to
be
accessible
to
things
running
inside
the
cluster,
for
example
the
serverless
function.
So
we
have
to
add
that
as
a
as
a
secrets
file.
So
this
is
the
definition
of
the
file.
A
A
Now
we
need
to
make
sure
that
we
source
the
environment
script.
So
we
have
the
credentials
and
all
the
information
about
the
cluster
when
we
are
interacting
with
with
it
from
the
outside,
and
now
we
can
start
uploading
images.
A
So
once
the
images
are
being
uploaded,
the
they're
going
to
be
bug,
notifications
sent
to
the
rabbit
and
queue
and
then
cada
is
going
to
spin
the
rabbit
mpq
consumer.
A
A
Now,
if
you're,
if
you
want
to
see
what
the
application
actually
does
so
here's
an
example
of
one
of
the
images
that
we're
uploading.
This
is
me
next
to
my
car,
and
this
is
the
image.
After
being
blurred
and
being
written
back
to
sash,
where
my
face
and
my
license
place
plate
are
erased.