Skip to content

Commit

Permalink
Update create aks script on Graphene (intel-analytics#5566)
Browse files Browse the repository at this point in the history 
* update create aks

* update

* update

* fix create sp

* fix

* make executable for az scripts

* install command

Co-authored-by: root <root@jiao-test.rfprax1kp2xefkkygl2c02qm5g.cx.internal.cloudapp.net>
  • Loading branch information
@jenniew @ForJadeForest
2 people authored and ForJadeForest committed Sep 20, 2022
1 parent 57fd7ca commit eaafbb4
Show file tree
Hide file tree
Showing 2 changed files with 153 additions and 112 deletions.
8 changes: 8 additions & 0 deletions ppml/trusted-big-data-ml/python/docker-graphene/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,15 @@ RUN rm $SPARK_HOME/jars/okhttp-*.jar && \

# Azure support
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
RUN apt-get install bsdmainutils
ADD azure /ppml/trusted-big-data-ml/azure
RUN chmod a+x /ppml/trusted-big-data-ml/azure/create-aks.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/deploy-local-spark-sgx.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/generate-enclave-key-az.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/generate-keys.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/generate-password-az.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/kubeconfig-secret.sh && \
chmod a+x /ppml/trusted-big-data-ml/azure/submit-spark-sgx-az.sh

WORKDIR /ppml/trusted-big-data-ml

Expand Down
257 changes: 145 additions & 112 deletions ppml/trusted-big-data-ml/python/docker-graphene/azure/create-aks.sh
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,112 +1,145 @@
#!/bin/bash

usage(){
echo "\
`cmd` [OPTION...]
--resource-group; Set a resource group name for AKS cluster
--vnet-resource-group; vnet resource group to assign to AKS cluster
--vnet-name; vnet name to assign to AKS cluster
--subnet-name; subnet name to assign to AKS cluster
--cluster-name; AKS cluster name
--vm-size; AKS node vm size, should be DC-series, i.e. Standard_DC8ds_v3
--node-count; AKS cluster initial node count
--help; help
" | column -t -s ";"
}

while [ "$#" -gt 0 ]; do
case $1 in
--resource-group)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
BigDLResourceGroupName=$1
;;
--vnet-resource-group)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
VnetResourceGroupName=$1
;;
--vnet-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
VnetName=$1
;;
--subnet-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
SubnetName=$1
;;
--cluster-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
AKSClusterName=$1
;;
--vm-size)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
ConfVMSize=$1
;;
--node-count)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
NodeCount=$1
;;
--help|-h)
usage
exit 0
;;
*)
echo >&2 "$0: unrecognized option $1."
usage
break
;;
esac

shift
done
region="eastus2"

# Create Service Principle
APP_ID=$( az ad sp create-for-rbac --query id -o tsv)

# Assign your service princile to the VNet
VNET_ID=$(az network vnet show --resource-group $VnetResourceGroupName --name $VnetName --query id -o tsv)
SUBNET_ID=$(az network vnet subnet show --resource-group $VnetResourceGroupName --vnet-name $VnetName --name $SubnetName --query id -o tsv)
az role assignment create --assignee $APP_ID --scope "/subscriptions/xxx/resourceGroups/$VnetResourceGroupName/providers/Microsoft.Network/virtualNetworks/$SubnetName" --role "Network Contributor"

# Create aks cluster and enable confidential compute add-on
ConfVMSize="Standard_DC8ds_v3"

az aks create \
--resource-group $BigDLResourceGroupName \
--name $AKSClusterName \
--node-count $NodeCount \
--node-vm-size $ConfVMSize \
--vm-set-type AvailabilitySet \
--network-plugin azure \
--generate-ssh-keys \
--vnet-subnet-id $SUBNET_ID \
--service-principal $APP_ID \
--enable-managed-identity \
--enable-addons confcom
#!/bin/bash

usage()
{
echo "\
create-aks.sh [OPTION...]
--resource-group; Set a resource group name for AKS cluster
--vnet-resource-group; vnet resource group to assign to AKS cluster
--vnet-name; vnet name to assign to AKS cluster
--subnet-name; subnet name to assign to AKS cluster
--cluster-name; AKS cluster name
--vm-size; AKS node vm size, should be DC-series, i.e. Standard_DC8ds_v3
--node-count; AKS cluster initial node count
--location; AKS's region
--help; help
" | column -t -s ";"
}

if [ "$#" -eq 0 ]; then
usage
exit 1
fi

while [ "$#" -gt 0 ]; do
case $1 in
--resource-group)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
BigDLResourceGroupName=$1
;;
--vnet-resource-group)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
VnetResourceGroupName=$1
;;
--vnet-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
VnetName=$1
;;
--subnet-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
SubnetName=$1
;;
--cluster-name)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
AKSClusterName=$1
;;
--vm-size)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
ConfVMSize=$1
;;
--node-count)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
NodeCount=$1
;;
--location)
shift
if (( ! $# )); then
echo >&2 "$0: option $opt requires an argument."
exit 1
fi
region=$1
;;
--help|-h)
usage
exit 0
;;
*)
echo >&2 "$0: unrecognized option $1."
usage
break
;;
esac

shift
done
#region="eastus2"
echo "BigDLResourceGroupName: $BigDLResourceGroupName"
echo "AKSClusterName: $AKSClusterName"
echo "NodeCount: $NodeCount"
echo "ConfVMSize: $ConfVMSize"
echo "region: $region"

# Create Service Principle
appinfo=$(az ad sp create-for-rbac --query "[appId, password]" -o tsv)
readarray -d $'\n' -t app <<< $appinfo
APP_ID=${app[0]}
PASSWORD=${app[1]}
echo "APP_ID: $APP_ID"

# Assign your service princile to the VNet
VNET_ID=$(az network vnet show --resource-group $VnetResourceGroupName --name $VnetName --query id -o tsv)
echo "VNET_ID: $VNET_ID"
SUBNET_ID=$(az network vnet subnet show --resource-group $VnetResourceGroupName --vnet-name $VnetName --name $SubnetName --query id -o tsv)
echo "SUBNET_ID: $SUBNET_ID"

subscriptionId="$(az account list --query "[?isDefault].id" -o tsv)"
echo "subscriptionId: $subscriptionId"

az role assignment create --assignee $APP_ID --scope "/subscriptions/$subscriptionId/resourceGroups/$VnetResourceGroupName/providers/Microsoft.Network/virtualNetworks/$VnetName" --role "Network Contributor"

# Create aks cluster and enable confidential compute add-on
#ConfVMSize="Standard_DC8ds_v3"

az aks create \
--resource-group $BigDLResourceGroupName \
--name $AKSClusterName \
--node-count $NodeCount \
--node-vm-size $ConfVMSize \
--vm-set-type AvailabilitySet \
--network-plugin azure \
--generate-ssh-keys \
--vnet-subnet-id $SUBNET_ID \
--enable-managed-identity \
--enable-addons confcom \
--location $region \
--service-principal $APP_ID \
--client-secret $PASSWORD

0 comments on commit eaafbb4

Please sign in to comment.