The scientific and research community has benefited greatly from containerized distributed High Throughput Computing (dHTC), both by enabling elastic scaling of user compute workloads to thousands of compute nodes, and by allowing for distributed ownership of compute resources. To effectively and efficiently deal with the dynamic nature of the setup, the most successful implementations use an overlay batch scheduling infrastructure fed by a pilot provisioning system. One fundamental property of these setups is the use of late binding of containerized user workloads. From a resource provider point of view, a compute resource is thus claimed before the user container image is selected. This paper provides a mechanism to implement this late-binding of container images on Kubernetes-managed resources, without requiring any elevated privileges.

翻译：科学和研究界已从容器化分布式高吞吐计算（dHTC）中获益匪浅，既实现了用户计算工作负载向数千个计算节点的弹性扩展，又允许计算资源的分布式所有权。为有效应对系统配置的动态特性，最成功的实施方案采用由试点供应系统驱动的覆盖式批量调度基础设施。此类配置的一个基本特性在于对容器化用户工作负载采用延迟绑定机制。从资源提供方的视角看，计算资源在用户容器镜像选定前即被占用。本文提出一种在Kubernetes管理资源上实现容器镜像延迟绑定的机制，该机制无需任何特权权限即可运行。