Release FL on SGX V1.0

.github/workflows/ci.yaml

@@ -10,7 +10,12 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # As long as we need Python 3.6 here in the test, we can only use up to Ubuntu 20.
+        # https://github.com/actions/setup-python/issues/544
+        os: [ubuntu-20.04]
+    runs-on: ${{ matrix.os }}
     name: CI tests
     steps:
       - uses: actions/checkout@v2

Dockerfile

@@ -4,9 +4,13 @@ WORKDIR /app
 COPY . /app
 
 RUN apt-get -y update \
+    && apt-get -y install cron \
     && apt-get -y install libgmp-dev \
     && apt-get -y install libmpfr-dev \
     && apt-get -y install libmpc-dev \
+    # For krb5-user installation
+    && export DEBIAN_FRONTEND=noninteractive \ 
+    && apt-get -y install krb5-user \
     && rm -rf /var/lib/apt/lists/* 
 
 RUN pip install --upgrade pip \

Makefile

@@ -23,6 +23,14 @@ protobuf:
 		--grpc_python_out=. \
 		protocols/fedlearner/channel/*.proto
 
+	python -m grpc_tools.protoc -I. \
+		--python_out=. \
+		fedlearner/fedavg/cluster/cluster.proto
+	python -m grpc_tools.protoc -I. \
+		--python_out=. \
+		--grpc_python_out=. \
+		fedlearner/fedavg/training_service.proto
+
 lint:
 	pylint --rcfile ci/pylintrc fedlearner example
 

deploy/charts/fedlearner-add-on/templates/ingress-v1.yaml

@@ -0,0 +1,39 @@
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fedlearner-proxy
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "fedlearner-add-on.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+    nginx.ingress.kubernetes.io/auth-tls-secret: default/ca-secret
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      grpc_set_header  Authority $http_x_host;
+      grpc_set_header  Host $http_x_host;
+      grpc_next_upstream_tries 5;
+  {{- end }}
+spec:
+  rules:
+  - host: {{ .Values.ingress.host | quote }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: fedlearner-stack-ingress-nginx-controller
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: fedlearner-proxy-server
+{{- end }}
+
+{{- end }}

deploy/charts/fedlearner-add-on/templates/ingress.yaml → deploy/charts/fedlearner-add-on/templates/ingress-v1beta1.yaml

@@ -1,6 +1,7 @@
+{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+
 {{- if .Values.ingress.enabled -}}
-{{- $configurationSnippet := .Files.Get "configuration-snippet.txt" -}}
-{{- $serverSnippet := .Files.Get "server-snippet.txt" -}}
+
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
@@ -15,14 +16,12 @@ metadata:
   {{- with .Values.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
-    {{- if not (empty $configurationSnippet) }}
+    nginx.ingress.kubernetes.io/auth-tls-secret: default/ca-secret
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
     nginx.ingress.kubernetes.io/configuration-snippet: |
-{{ $configurationSnippet | indent 6 }}
-    {{- end }}
-    {{- if not (empty $serverSnippet) }}
-    nginx.ingress.kubernetes.io/server-snippet: |
-{{ $serverSnippet | indent 6 }}
-    {{- end }}
+      grpc_set_header  Authority $http_x_host;
+      grpc_set_header  Host $http_x_host;
+      grpc_next_upstream_tries 5;
   {{- end }}
 spec:
   rules:
@@ -31,6 +30,12 @@ spec:
         paths:
           - path: "/"
             backend:
-              serviceName: fedlearner-proxy
-              servicePort: {{ .Values.ingress.port }}
+              serviceName: fedlearner-stack-ingress-nginx-controller
+              servicePort: 80
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: fedlearner-proxy-server
+{{- end }}
+
 {{- end }}

deploy/charts/fedlearner-add-on/templates/secrets.yaml

@@ -1,14 +1,3 @@
-{{- if .Values.imageCredentials.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: regcred
-  namespace: {{ .Release.Namespace }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end}}
----
 {{- if .Values.tls.enabled }}
 apiVersion: v1
 kind: Secret

deploy/charts/fedlearner-add-on/values.yaml

@@ -2,26 +2,14 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-imageCredentials:
-  enabled: true
-  registry: ""
-  username: ""
-  password: ""
-
-service:
-  enabled: true
-  type: ExternalName
-  externalName: ""
-
 ingress:
   enabled: true
   annotations:
     "nginx.ingress.kubernetes.io/proxy-body-size": 10g
-    "nginx.ingress.kubernetes.io/backend-protocol": GRPCS
+    "nginx.ingress.kubernetes.io/backend-protocol": GRPC
     "nginx.ingress.kubernetes.io/http2-insecure-port": "true"
     "kubernetes.io/ingress.class": nginx
-  host: external.name
-  port: 443
+  host: test.fedlearner.net
 
 tls:
   enabled: true