ayo/ipex-llm
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

add support for acr (#6440)

Browse source
This commit is contained in:
Jiao Wang 2022-11-03 19:09:16 -07:00 committed by GitHub
parent 250ea019bd
commit 85445fdd39
2 changed files with 48 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docs/readthedocs/source/doc/PPML/Overview/azure_ppml.md
View file

@ -243,13 +243,21 @@ Login to your client VM and enter your BigDL PPML container:
docker exec -it spark-local bash docker exec -it spark-local bash
``` ```
Then run `az login` to login to Azure system. Then run `az login` to login to Azure system.
### 3.1 Save kubeconfig to secret
### 3.1 Generate enclave key to Azure Key Vault Login to AKS use such command:
```bash
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
```
Run such script to save kubeconfig to secret
```bash
/ppml/trusted-big-data-ml/azure/kubeconfig-secret.sh
```
### 3.2 Generate enclave key to Azure Key Vault
Run such script to generate enclave key Run such script to generate enclave key
``` ```
/ppml/trusted-big-data-ml/azure/generate-enclave-key-az.sh myKeyVault /ppml/trusted-big-data-ml/azure/generate-enclave-key-az.sh myKeyVault
``` ```
### 3.2 Generate keys ### 3.3 Generate keys
Run such scripts to generate keys: Run such scripts to generate keys:
```bash ```bash
/ppml/trusted-big-data-ml/azure/generate-keys.sh /ppml/trusted-big-data-ml/azure/generate-keys.sh
@ -260,29 +268,32 @@ After generate keys, run such command to save keys in Kubernetes.
``` ```
kubectl apply -f /ppml/trusted-big-data-ml/work/keys/keys.yaml kubectl apply -f /ppml/trusted-big-data-ml/work/keys/keys.yaml
``` ```
### 3.4 Generate password
### 3.3 Generate password
Run such script to save the password to Azure Key Vault Run such script to save the password to Azure Key Vault
```bash ```bash
/ppml/trusted-big-data-ml/azure/generate-password-az.sh myKeyVault used_password_when_generate_keys /ppml/trusted-big-data-ml/azure/generate-password-az.sh myKeyVault used_password_when_generate_keys
``` ```
### 3.4 Save kubeconfig to secret ### 3.5 Create image pull secret from your Azure container registry
Login to AKS use such command: * If you already logged in to your Azure container registry, find your docker config json file (i.e. ~/.docker/config.json), and create secret for your registry credential like below:
```bash ```bash
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
``` ```
Run such script to save kubeconfig to secret * If you haven't logged in to your Azure container registry, you can create secret for your registry credential using your username and password:
```bash ```bash
/ppml/trusted-big-data-ml/azure/kubeconfig-secret.sh kubectl create secret docker-registry regcred --docker-server=myContainerRegistry.azurecr.io --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
``` ```
### 3.5 Create the RBAC ### 3.6 Create the RBAC
```bash ```bash
kubectl create serviceaccount spark kubectl create serviceaccount spark
kubectl create clusterrolebinding spark-role --clusterrole=edit --serviceaccount=default:spark --namespace=default kubectl create clusterrolebinding spark-role --clusterrole=edit --serviceaccount=default:spark --namespace=default
``` ```
### 3.7 Add image pull secret to service account
### 3.6 Run PPML spark job ```bash
kubectl patch serviceaccount spark -p '{"imagePullSecrets": [{"name": "regcred"}]}'
```
### 3.8 Run PPML spark job
The example script to run PPML spark job on AKS is as below. You can also refer to `/ppml/trusted-big-data-ml/azure/submit-spark-sgx-az.sh` The example script to run PPML spark job on AKS is as below. You can also refer to `/ppml/trusted-big-data-ml/azure/submit-spark-sgx-az.sh`
```bash ```bash
RUNTIME_SPARK_MASTER= RUNTIME_SPARK_MASTER=

16
docs/readthedocs/source/doc/PPML/Overview/azure_ppml_occlum.md
View file

@ -38,11 +38,27 @@ Key points:
```bash ```bash
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
``` ```
* Create image pull secret from your Azure container registry
* If you already logged in to your Azure container registry, find your docker config json file (i.e. ~/.docker/config.json), and create secret for your registry credential like below:
```bash
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
```
* If you haven't logged in to your Azure container registry, you can create secret for your registry credential using your username and password:
```bash
kubectl create secret docker-registry regcred --docker-server=myContainerRegistry.azurecr.io --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
* Create the RBAC to AKS * Create the RBAC to AKS
```bash ```bash
kubectl create serviceaccount spark kubectl create serviceaccount spark
kubectl create clusterrolebinding spark-role --clusterrole=edit --serviceaccount=default:spark --namespace=default kubectl create clusterrolebinding spark-role --clusterrole=edit --serviceaccount=default:spark --namespace=default
``` ```
* Add image pull secret to service account
```bash
kubectl patch serviceaccount spark -p '{"imagePullSecrets": [{"name": "regcred"}]}'
```
## Single Node Spark Examples on Azure ## Single Node Spark Examples on Azure
### SparkPi example ### SparkPi example