GPU benchmark - HackMD

# GPU benchmark ## gitclone ``` git clone https://github.com/NVIDIA/DeepLearningExamples ``` ## 修改Dockerfile 將Dockerfile內的Image的版本由20.06換成23.01(因20.xx(含以前) container images不支援DGX Station A100) ``` cd DeepLearningExamples/TensorFlow/Segmentation/UNet_Industrial vim Dockerfile ``` ## 建立 image ``` docker build . --rm -t unet_industrial:latest ``` ``` mkdir dataset mkdir results mkdir -p dataset/zip_files/private cp -r 壓縮檔目錄/*.zip dataset/zip_files/private docker run -it --rm --gpus all --shm-size=2g --ulimit memlock=-1 --ulimit stack=67108864 -v $PWD/dataset:/data/ -v $PWD/results:/results unet_industrial:latest ``` 下載資料 ``` ./download_and_preprocess_dagm2007.sh /data ``` Benchmark跑分 ``` cd scripts/benchmarking/ ./UNet_trainbench_1GPU.sh /data 1 ./UNet_trainbench_AMP_1GPU.sh /data 1 ``` ``` FROM nvcr.io/nvidia/rapidsai/rapidsai:23.02-cuda11.2-runtime-ubuntu20.04-py3.10 #MAINTAINER xxxxx RUN pip install --upgrade jupyterlab jupyterlab-git RUN useradd -ms /bin/bash jovyan RUN jupyter notebook --generate-config USER jovyan WORKDIR /home/jovyan RUN ln -s /rapids/notebooks /home/jovyan/notebooks CMD ["sh", "-c", "jupyter lab --notebook-dir=/home/jovyan --ip=0.0.0.0 --no-browser --allow-root --port=8888 --NotebookApp.token='' --NotebookApp.password='' --NotebookApp.allow_origin='*' --NotebookApp.base_url=${NB_PREFIX}"] ``` podman build -t transglobe:rapids . ## 安裝HTTPS憑證 vim create_self-signed-cert.sh ``` #!/bin/bash -e help () { echo ' ================================================================ ' echo ' --ssl-domain: 生成ssl证书需要的主域名，如不指定则默认为www.rancher.local，如果是ip访问服务，则可忽略；' echo ' --ssl-trusted-ip: 一般ssl证书只信任域名的访问请求，有时候需要使用ip去访问server，那么需要给ssl证书添加扩展IP，多个IP用逗号隔开；' echo ' --ssl-trusted-domain: 如果想多个域名访问，则添加扩展域名（SSL_TRUSTED_DOMAIN）,多个扩展域名用逗号隔开；' echo ' --ssl-size: ssl加密位数，默认2048；' echo ' --ssl-cn: 国家代码(2个字母的代号),默认CN;' echo ' 使用示例:' echo ' ./create_self-signed-cert.sh --ssl-domain=www.test.com --ssl-trusted-domain=www.test2.com \ ' echo ' --ssl-trusted-ip=1.1.1.1,2.2.2.2,3.3.3.3 --ssl-size=2048 --ssl-date=3650' echo ' ================================================================' } case "$1" in -h|--help) help; exit;; esac if [[ $1 == '' ]];then help; exit; fi CMDOPTS="$*" for OPTS in $CMDOPTS; do key=$(echo ${OPTS} | awk -F"=" '{print $1}' ) value=$(echo ${OPTS} | awk -F"=" '{print $2}' ) case "$key" in --ssl-domain) SSL_DOMAIN=$value ;; --ssl-trusted-ip) SSL_TRUSTED_IP=$value ;; --ssl-trusted-domain) SSL_TRUSTED_DOMAIN=$value ;; --ssl-size) SSL_SIZE=$value ;; --ssl-date) SSL_DATE=$value ;; --ca-date) CA_DATE=$value ;; --ssl-cn) CN=$value ;; esac done # CA相关配置 CA_DATE=${CA_DATE:-3650} CA_KEY=${CA_KEY:-cakey.pem} CA_CERT=${CA_CERT:-cacerts.pem} CA_DOMAIN=cattle-ca # ssl相关配置 SSL_CONFIG=${SSL_CONFIG:-$PWD/openssl.cnf} SSL_DOMAIN=${SSL_DOMAIN:-'www.rancher.local'} SSL_DATE=${SSL_DATE:-3650} SSL_SIZE=${SSL_SIZE:-2048} ## 国家代码(2个字母的代号),默认CN; CN=${CN:-CN} SSL_KEY=$SSL_DOMAIN.key SSL_CSR=$SSL_DOMAIN.csr SSL_CERT=$SSL_DOMAIN.crt echo -e "\033[32m ---------------------------- \033[0m" echo -e "\033[32m | 生成 SSL Cert | \033[0m" echo -e "\033[32m ---------------------------- \033[0m" if [[ -e ./${CA_KEY} ]]; then echo -e "\033[32m ====> 1. 发现已存在CA私钥，备份"${CA_KEY}"为"${CA_KEY}"-bak，然后重新创建 \033[0m" mv ${CA_KEY} "${CA_KEY}"-bak openssl genrsa -out ${CA_KEY} ${SSL_SIZE} else echo -e "\033[32m ====> 1. 生成新的CA私钥 ${CA_KEY} \033[0m" openssl genrsa -out ${CA_KEY} ${SSL_SIZE} fi if [[ -e ./${CA_CERT} ]]; then echo -e "\033[32m ====> 2. 发现已存在CA证书，先备份"${CA_CERT}"为"${CA_CERT}"-bak，然后重新创建 \033[0m" mv ${CA_CERT} "${CA_CERT}"-bak openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" else echo -e "\033[32m ====> 2. 生成新的CA证书 ${CA_CERT} \033[0m" openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" fi echo -e "\033[32m ====> 3. 生成Openssl配置文件 ${SSL_CONFIG} \033[0m" cat > ${SSL_CONFIG} <<EOM [req] req_extensions = v3_req distinguished_name = req_distinguished_name [req_distinguished_name] [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, serverAuth EOM if [[ -n ${SSL_TRUSTED_IP} || -n ${SSL_TRUSTED_DOMAIN} ]]; then cat >> ${SSL_CONFIG} <<EOM subjectAltName = @alt_names [alt_names] EOM IFS="," dns=(${SSL_TRUSTED_DOMAIN}) dns+=(${SSL_DOMAIN}) for i in "${!dns[@]}"; do echo DNS.$((i+1)) = ${dns[$i]} >> ${SSL_CONFIG} done if [[ -n ${SSL_TRUSTED_IP} ]]; then ip=(${SSL_TRUSTED_IP}) for i in "${!ip[@]}"; do echo IP.$((i+1)) = ${ip[$i]} >> ${SSL_CONFIG} done fi fi echo -e "\033[32m ====> 4. 生成服务SSL KEY ${SSL_KEY} \033[0m" openssl genrsa -out ${SSL_KEY} ${SSL_SIZE} echo -e "\033[32m ====> 5. 生成服务SSL CSR ${SSL_CSR} \033[0m" openssl req -sha256 -new -key ${SSL_KEY} -out ${SSL_CSR} -subj "/C=${CN}/CN=${SSL_DOMAIN}" -config ${SSL_CONFIG} echo -e "\033[32m ====> 6. 生成服务SSL CERT ${SSL_CERT} \033[0m" openssl x509 -sha256 -req -in ${SSL_CSR} -CA ${CA_CERT} \ -CAkey ${CA_KEY} -CAcreateserial -out ${SSL_CERT} \ -days ${SSL_DATE} -extensions v3_req \ -extfile ${SSL_CONFIG} echo -e "\033[32m ====> 7. 证书制作完成 \033[0m" echo echo -e "\033[32m ====> 8. 以YAML格式输出结果 \033[0m" echo "----------------------------------------------------------" echo "ca_key: |" cat $CA_KEY | sed 's/^/ /' echo echo "ca_cert: |" cat $CA_CERT | sed 's/^/ /' echo echo "ssl_key: |" cat $SSL_KEY | sed 's/^/ /' echo echo "ssl_csr: |" cat $SSL_CSR | sed 's/^/ /' echo echo "ssl_cert: |" cat $SSL_CERT | sed 's/^/ /' echo echo -e "\033[32m ====> 9. 附加CA证书到Cert文件 \033[0m" cat ${CA_CERT} >> ${SSL_CERT} echo "ssl_cert: |" cat $SSL_CERT | sed 's/^/ /' echo echo -e "\033[32m ====> 10. 重命名服务证书 \033[0m" echo "cp ${SSL_DOMAIN}.key tls.key" cp ${SSL_DOMAIN}.key tls.key echo "cp ${SSL_DOMAIN}.crt tls.crt" cp ${SSL_DOMAIN}.crt tls.crt ``` 修改成可執行 ``` chmod +x create_self-signed-cert.sh ``` 執行以生成 ``` ./create_self-signed-cert.sh --ssl-domain=rancher.transglobe.com.tw --ssl-cn=TW ``` tsti@gpu-ubuntu2004-1:~/tsti-install/kubeflow/cert$ ``` ./create_self-signed-cert.sh --ssl-domain=rancher.transglobe.com.tw --ssl-cn=TW ``` ``` ---------------------------- | 生成 SSL Cert | ---------------------------- ====> 1. 生成新的CA私钥 cakey.pem Generating RSA private key, 2048 bit long modulus (2 primes) ..+++++ ............................................................+++++ e is 65537 (0x010001) ====> 2. 生成新的CA证书 cacerts.pem ====> 3. 生成Openssl配置文件 /home/tsti/tsti-install/kubeflow/cert/openssl.cnf ====> 4. 生成服务SSL KEY rancher.transglobe.com.tw.key Generating RSA private key, 2048 bit long modulus (2 primes) ....................................+++++ ............................................+++++ e is 65537 (0x010001) ====> 5. 生成服务SSL CSR rancher.transglobe.com.tw.csr ====> 6. 生成服务SSL CERT rancher.transglobe.com.tw.crt Signature ok subject=C = TW, CN = rancher.transglobe.com.tw Getting CA Private Key ====> 7. 证书制作完成 ====> 8. 以YAML格式输出结果 ---------------------------------------------------------- ca_key: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA1dWZtNV298isICMP4RX/W7YBCsBJ7SAbo38Pn11bGKJeNR33 H0/R6mLI6GL3jIALLdeeOSEMDTZ6jaCzWiualwfJ7dJNdVPAUu1M6odHgiAakGEs XMoYO90sjaHfBOGQT2qC4wan9OsCuWDe3x2f+T/xMtgBiYLGgowbBJ0GJjYSkNAZ DlEnDBr7RpKW9prwUWp20iltH1CRCt6bhi78ujRKCuoelDgoZG/zZNCVWFf01+rl Pbl5g/4FZ0cv1hgxSN/dQmeFVS452ukl6r1mp/LqNJ2FYRX0fS0qEG2vkHKWMyCF sMSVXMwhuZwAs5rpz/Y3oOX0OKVn8PhDvUyvHQIDAQABAoIBACBHZzWCB7xtwXX0 dQAwVuTcO5oI3t/5udJbattOt2Knl/sCs/w5C2ILWXKjBeViqs1XwB21nGEeOS/J 82kILgTgex34YhL0+pJKGhNJKoU9HWVwFcdIBpJ616/loInXFva2CF4G8jGpjDa5 pcseaLiya1GWg9zjLd4lEisHHReFST2b2p/jfvmewQT/AWrrMCmA7IWkk2tDVQH8 r42Klql8vExlpZDbK9WZcX46aOzMUnTsn8KrDfl+4A/RVG+7uGAdWRPkd6LtN5wb dXNfiYrS9dqfeTsz+o14MemVVw7NNU+XP245kTQM2R2ads6m0blEmspUVkgCveah qWuDEMECgYEA/KMAy+X6Fp+1zLz9naBD7doWz44PEY8fNwSfEPsZ/H35U+kSRCfi 4f3WqencUS9uVEh4kdTBotBQFXARcrRClbgQhZvuRx/QuLUG17kQgA4FC+rzwkbA Hw3FPehvE17jcQ9v6C8oR+LWu6ZffZSuWxWJ0YbSH8YxOBIeBZLMYNECgYEA2K5b cc5PsVlHfATvtqeNPthJBG8bmSDnGpeHacb7vWSxBHBNpU+Ql8N9Vm1fDmHceaKX 6D8NZ0MD8A0eFKwJ7YxDRA4l7n9Z3iq/QPMNu/kDgnzC8bCLj3p2P5bK+BrH1qJX wOTFVRF3Zl+9Q9KsrwUy+f1trzolKUnC3+r8nI0CgYAvz92PuSd6bqFmbQIGedVB R3v3ref2J8L9k5dTDGKfoWu1UK/PTEkpAfRFVegHSVW1B74hw0UePhRZ6kqzDaBo W1xtHNSci03iFwiDfRe9VGnqFn4pb2BewClrDPkwjk23EPfZ1krmR+zhuJvr1V6m CE574+sSblzUQsGBxoV9cQKBgQDSJQd68GRJ1BSIKyFxPD64XHs0Wa2ibU61c5BY /irYG/eyHlivouLQzT+ZuqkeAbsaHJ7HF5+gLlZ7Ub2CvvdB826pai9PhyNZXIvw KcmALJlCzE0kqdwwYsycD1r6FL8LYpdI9JaNUktCdkfQp1nixGAUI71k3Dd+O5NM J1KnYQKBgEzmw9BdbTMQsRUgDjrsRojBYnJMzyhE8uO1oZSvYRWwtZg1ZmcfAkIe HUhuPrBvgOOqVTMoLhGftk7wBxsIfvNBXjkeT7AfVY/7WvRA9dAboLX0YyOVEdVW vy4nrBC97jhEhx6cvSm8bbbVjM2sFwsiNUrvTbu3VXQKv5w2YLBz -----END RSA PRIVATE KEY----- ca_cert: | -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgIUN1k6GI+DkcmNI5IKMlx03VLHJaQwDQYJKoZIhvcNAQEL BQAwITELMAkGA1UEBhMCVFcxEjAQBgNVBAMMCWNhdHRsZS1jYTAeFw0yMjA4MTgw NTU3MTRaFw0zMjA4MTUwNTU3MTRaMCExCzAJBgNVBAYTAlRXMRIwEAYDVQQDDAlj YXR0bGUtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV1Zm01Xb3 yKwgIw/hFf9btgEKwEntIBujfw+fXVsYol41HfcfT9HqYsjoYveMgAst1545IQwN NnqNoLNaK5qXB8nt0k11U8BS7Uzqh0eCIBqQYSxcyhg73SyNod8E4ZBPaoLjBqf0 6wK5YN7fHZ/5P/Ey2AGJgsaCjBsEnQYmNhKQ0BkOUScMGvtGkpb2mvBRanbSKW0f UJEK3puGLvy6NEoK6h6UOChkb/Nk0JVYV/TX6uU9uXmD/gVnRy/WGDFI391CZ4VV Ljna6SXqvWan8uo0nYVhFfR9LSoQba+QcpYzIIWwxJVczCG5nACzmunP9jeg5fQ4 pWfw+EO9TK8dAgMBAAGjUzBRMB0GA1UdDgQWBBTR1yurdFb3CgR7nUcKJGs4e5vJ bDAfBgNVHSMEGDAWgBTR1yurdFb3CgR7nUcKJGs4e5vJbDAPBgNVHRMBAf8EBTAD AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCM3F3huG6X+ebuvaSjLuaoGavBe3jUjAF6 b7nqqu++fG0+ZVYRcCt7fGlkhqDsdTNFUlPU+GNMurE3RYaMeQ1KGvyCJbjHwJTy hf0ENCZMxncF3RmlIdwAIMOWknOtlhwLk1kQ1xzUcLZV6rqQMsSWjbhtTF3Hmbss johxT7AxHs6yX+D4nLMDovZPhMQaOVPTNbPnfjHmDvMQyDTL4lgq6mcs5XiWrKLR tVC92o/SB+pCeLVJjw1+cCU6ExgFBAxVQRsDhjMTHoQwoe3loFQKDomk3RFb8d4S OJvVeVO+67pewHo0cAmKpFp1DKVqGfTR8SBIK78JHsbN/zQNqMQC -----END CERTIFICATE----- ssl_key: | -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAsjsBvHr7J1BJpf2a6nDGnSTde5zr86OwUVw8CkqZ2pVWRfQX E8546P/MzKc6YFaWrxZ0mLTvhp+HNuYYCWwajJUY/y04m+KsTxtIOMGL56SQkLyw nIthlb0M4DxX8M/N86BpSlDFr7Hj+R3WftQmk+i4NzNjsopDYWgPn4he2oXlKLAK sK59xCkDYprDFORduuGemkgKcA2PZAyE/sS1UsEw187LfGL3boK9p+Vf/GhHR0fW lpYAnDFIzg/+zMSggGe8xz3XoaG5cKGXiahSYLUjRNsCl/eeNOqaI5gJnqfdffAO 7BztqtdQdymFXrtBmwx/jhP/Mbx5/miG/ftaUwIDAQABAoIBAC7HX/hJSvwRjZL8 khlwSiDamSslj6Rd1Rw1miiVVfZR9dfcbeYr7f4xjV41khPRBjGkMiwWaTurSUD2 eV6Xugwl4e6vvsjjYJhOr9D9s6uzvKHQdIZR6uXzPZrpG6e/0u1br+bqdkhb51ru Iusc4Zc2oIsUeNlWgsLhHiCgGU0/INVv8UAzQV9eK7NYqBSpbWQlYvMkj0NFl2KI Bz25jaIAvUcEXTub7oYxOiesT/ynF3Z0+EybGdRhXOJjiFLxi/qXwZUDbDSDGrNV B9PVjGZtFBeJWTuav8+1grlatlm4bm3iPL/1bJBGTVXcTFOE0ocg5H+In7+qK2i/ R/2xDRECgYEA6E3Dq5P8aVa5M1KSCoJE8cm821IcSMzJhJwE1v3w46+nEeZJDe1/ dljNgeBBWg6ICknvGl174vXC8hANXCiclvLUIzKkHGUsCgETBN1K7ooLsn2dRIVZ Dnq7K6RzVoiMsS3TvX4PlgHkLyahy1ivN9PVb+SUxK59MEh/79eETRsCgYEAxGk0 7hq9Cjk0agw/nhOXCrQoLzgqDcBN7e/C1cJOvvc6sf1cEJM7ZoCOQAmvEkCypnxs xW1OHCtoDejDNXfpXeRgmAGeC06RSjIy7ARgXPK5TEbAPSDcz2tJVhNt/LSVAH48 0BR/1+UnIvqhvTYWMAchdPLO4J2uLdJD11NWEykCgYBWgabs/PXQ8FeVMhlqSmqM M5jdf21C+ufMNyFiQjxzPVUUyFHKGvgNRTJ6O916QNEOK8wbYFajBOvsomenOwRc /d5boR8V5+MHcrD3bcTaoZOLi1WGT7YDO1b6AIpm3gCudidUeF4reVbU7CjyBXty abMgsNlpiKTb1xO1Z+c/owKBgBqpLUYk2wRIP5UllH0gq6AIVGwUc6DqOanSod/i QE4rwQvoGFcnpSiEyspmhh00KwvuV9V0wOWR/s3kipr3a/YSygnYLlvajl5D8iWX cn0rdXulHvMtQsvlBE9q08M5wAARIrAcGD52HJni65GDhf9++Eunqe1TehE+OXdB GK4BAoGAEdO3BbvWxYIOWIZGrW3BEqlcRvb9TZTPmVEP+ddvZgAN/m4+AGp/wNZS USUcQQMKGolOOFZUV8WzTJXzw/jT+WtOSGDfH85NPPd4sDxIuOPve80lHpjyLqwA mwvFHnLSGq5+w+FMa2I0c+HMH69t9TsGuJt2QEwbROkLLcepYg8= -----END RSA PRIVATE KEY----- ssl_csr: | -----BEGIN CERTIFICATE REQUEST----- MIICujCCAaICAQAwLTELMAkGA1UEBhMCVFcxHjAcBgNVBAMMFXEta3ViZWZsb3cu dnRzdGkuY29ycDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI7Abx6 +ydQSaX9mupwxp0k3Xuc6/OjsFFcPApKmdqVVkX0FxPOeOj/zMynOmBWlq8WdJi0 74afhzbmGAlsGoyVGP8tOJvirE8bSDjBi+ekkJC8sJyLYZW9DOA8V/DPzfOgaUpQ xa+x4/kd1n7UJpPouDczY7KKQ2FoD5+IXtqF5SiwCrCufcQpA2KawxTkXbrhnppI CnANj2QMhP7EtVLBMNfOy3xi926CvaflX/xoR0dH1paWAJwxSM4P/szEoIBnvMc9 16GhuXChl4moUmC1I0TbApf3njTqmiOYCZ6n3X3wDuwc7arXUHcphV67QZsMf44T /zG8ef5ohv37WlMCAwEAAaBIMEYGCSqGSIb3DQEJDjE5MDcwCQYDVR0TBAIwADAL BgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqG SIb3DQEBCwUAA4IBAQAwfXOXMSaQn5BeXu0mix+ZCAfEAUtZ0D6pKKg90PtLbjRJ ZbJAE6hKMWiuUUWebv+sBIlI6hCd3PhLhb2KOAJjxfxWjxlOO7lNkXV6e58QYULB KNNOcLoMv3MsnGW6iJDMNPwRJcHmvb5QRXwfmZTYoJJLAjxN2Sck7/bDJzirwlQK x/xZ4034Ux0oZnDaaWBJMNY5M1QTFAEV564DiS7hjVQu6VjfsxlZgFoKBPLWFw7l HwD7iNRhL7S3YVq/n/FtmJy04W8EkNeMCFPcDNHrMUHhh2J3UrYbUsUzOikHosLO /xJojPgloKQ/6qoO5epH0tALy8AcxIcOV8N5G2IM -----END CERTIFICATE REQUEST----- ssl_cert: | -----BEGIN CERTIFICATE----- MIIDFTCCAf2gAwIBAgIUYrUayaPwub/v4rHYPtITOXFDXBgwDQYJKoZIhvcNAQEL BQAwITELMAkGA1UEBhMCVFcxEjAQBgNVBAMMCWNhdHRsZS1jYTAeFw0yMjA4MTgw NTU3MTVaFw0zMjA4MTUwNTU3MTVaMC0xCzAJBgNVBAYTAlRXMR4wHAYDVQQDDBVx LWt1YmVmbG93LnZ0c3RpLmNvcnAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCyOwG8evsnUEml/ZrqcMadJN17nOvzo7BRXDwKSpnalVZF9BcTznjo/8zM pzpgVpavFnSYtO+Gn4c25hgJbBqMlRj/LTib4qxPG0g4wYvnpJCQvLCci2GVvQzg PFfwz83zoGlKUMWvseP5HdZ+1CaT6Lg3M2OyikNhaA+fiF7aheUosAqwrn3EKQNi msMU5F264Z6aSApwDY9kDIT+xLVSwTDXzst8Yvdugr2n5V/8aEdHR9aWlgCcMUjO D/7MxKCAZ7zHPdehoblwoZeJqFJgtSNE2wKX95406pojmAmep9198A7sHO2q11B3 KYVeu0GbDH+OE/8xvHn+aIb9+1pTAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0P BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B AQsFAAOCAQEAbVh/5N2h9KX3bmHxysdrBa4Pv8sVrEpfVQH7o6Gw/P0OQqPeUvaT hLxr2/4JrJWs+5ZaYi+uoJ62dvzqw4ia1lb8FjUJmQWKAjPxsBXUPK4lt9ENHCI6 8QepYxdt9Ofjo9vQwn9wxfFtwXGxPyTWa7tOanhWPjPB48c5gL8ETKZcscNJ4Mqo IqvsaFDCQGEa8GmBOWwSb9SrTD04hiKYp0/qUCiOgAe/QiIDQTl+8av3Cg4ts1CV opTeMi207gvR70fHkUW4OYufGnYvvXZGw0GmEqWaipL61O5zUok565RjjiHh0z6t oTBHTTSBHYf9Vq3o4jL+8fnQLaYXMiOPRQ== -----END CERTIFICATE----- ====> 9. 附加CA证书到Cert文件 ssl_cert: | -----BEGIN CERTIFICATE----- MIIDFTCCAf2gAwIBAgIUYrUayaPwub/v4rHYPtITOXFDXBgwDQYJKoZIhvcNAQEL BQAwITELMAkGA1UEBhMCVFcxEjAQBgNVBAMMCWNhdHRsZS1jYTAeFw0yMjA4MTgw NTU3MTVaFw0zMjA4MTUwNTU3MTVaMC0xCzAJBgNVBAYTAlRXMR4wHAYDVQQDDBVx LWt1YmVmbG93LnZ0c3RpLmNvcnAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCyOwG8evsnUEml/ZrqcMadJN17nOvzo7BRXDwKSpnalVZF9BcTznjo/8zM pzpgVpavFnSYtO+Gn4c25hgJbBqMlRj/LTib4qxPG0g4wYvnpJCQvLCci2GVvQzg PFfwz83zoGlKUMWvseP5HdZ+1CaT6Lg3M2OyikNhaA+fiF7aheUosAqwrn3EKQNi msMU5F264Z6aSApwDY9kDIT+xLVSwTDXzst8Yvdugr2n5V/8aEdHR9aWlgCcMUjO D/7MxKCAZ7zHPdehoblwoZeJqFJgtSNE2wKX95406pojmAmep9198A7sHO2q11B3 KYVeu0GbDH+OE/8xvHn+aIb9+1pTAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0P BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B AQsFAAOCAQEAbVh/5N2h9KX3bmHxysdrBa4Pv8sVrEpfVQH7o6Gw/P0OQqPeUvaT hLxr2/4JrJWs+5ZaYi+uoJ62dvzqw4ia1lb8FjUJmQWKAjPxsBXUPK4lt9ENHCI6 8QepYxdt9Ofjo9vQwn9wxfFtwXGxPyTWa7tOanhWPjPB48c5gL8ETKZcscNJ4Mqo IqvsaFDCQGEa8GmBOWwSb9SrTD04hiKYp0/qUCiOgAe/QiIDQTl+8av3Cg4ts1CV opTeMi207gvR70fHkUW4OYufGnYvvXZGw0GmEqWaipL61O5zUok565RjjiHh0z6t oTBHTTSBHYf9Vq3o4jL+8fnQLaYXMiOPRQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgIUN1k6GI+DkcmNI5IKMlx03VLHJaQwDQYJKoZIhvcNAQEL BQAwITELMAkGA1UEBhMCVFcxEjAQBgNVBAMMCWNhdHRsZS1jYTAeFw0yMjA4MTgw NTU3MTRaFw0zMjA4MTUwNTU3MTRaMCExCzAJBgNVBAYTAlRXMRIwEAYDVQQDDAlj YXR0bGUtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV1Zm01Xb3 yKwgIw/hFf9btgEKwEntIBujfw+fXVsYol41HfcfT9HqYsjoYveMgAst1545IQwN NnqNoLNaK5qXB8nt0k11U8BS7Uzqh0eCIBqQYSxcyhg73SyNod8E4ZBPaoLjBqf0 6wK5YN7fHZ/5P/Ey2AGJgsaCjBsEnQYmNhKQ0BkOUScMGvtGkpb2mvBRanbSKW0f UJEK3puGLvy6NEoK6h6UOChkb/Nk0JVYV/TX6uU9uXmD/gVnRy/WGDFI391CZ4VV Ljna6SXqvWan8uo0nYVhFfR9LSoQba+QcpYzIIWwxJVczCG5nACzmunP9jeg5fQ4 pWfw+EO9TK8dAgMBAAGjUzBRMB0GA1UdDgQWBBTR1yurdFb3CgR7nUcKJGs4e5vJ bDAfBgNVHSMEGDAWgBTR1yurdFb3CgR7nUcKJGs4e5vJbDAPBgNVHRMBAf8EBTAD AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCM3F3huG6X+ebuvaSjLuaoGavBe3jUjAF6 b7nqqu++fG0+ZVYRcCt7fGlkhqDsdTNFUlPU+GNMurE3RYaMeQ1KGvyCJbjHwJTy hf0ENCZMxncF3RmlIdwAIMOWknOtlhwLk1kQ1xzUcLZV6rqQMsSWjbhtTF3Hmbss johxT7AxHs6yX+D4nLMDovZPhMQaOVPTNbPnfjHmDvMQyDTL4lgq6mcs5XiWrKLR tVC92o/SB+pCeLVJjw1+cCU6ExgFBAxVQRsDhjMTHoQwoe3loFQKDomk3RFb8d4S OJvVeVO+67pewHo0cAmKpFp1DKVqGfTR8SBIK78JHsbN/zQNqMQC -----END CERTIFICATE----- ``` ====> 10. 重命名服务证书 cp rancher.transglobe.com.tw.key tls.key cp rancher.transglobe.com.tw.crt tls.crt 加入K8S ``` kubectl create --namespace istio-system secret tls kf-tls-cert --key /home/tsti/tsti-install/kubeflow/cert/rancher.transglobe.com.tw.key --cert /home/tsti/tsti-install/kubeflow/cert/rancher.transglobe.com.tw.crt ``` ``` kubectl create --namespace istio-system secret tls kf-tls-cert --key /raid/env-deployment/kubeflow/manifests/rancher.transglobe.com.tw.key --cert /raid/env-deployment/kubeflow/manifests/rancher.transglobe.com.tw.crt ``` ``` kubectl edit cm config-domain --namespace knative-serving ``` #在 data 下面添加：rancher.transglobe.com.tw: "" 编辑kubeflow-https.yaml vim kubeflow-https.yaml ``` apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: kubeflow-gateway namespace: kubeflow spec: selector: istio: ingressgateway servers: - hosts: - '*' port: name: http number: 80 protocol: HTTP - hosts: - '*' port: name: https number: 443 protocol: HTTPS tls: mode: SIMPLE credentialName: kf-tls-cert ``` 建立 kubectl apply -f kubeflow-https.yaml