-
Notifications
You must be signed in to change notification settings - Fork 234
/
Copy pathmetadata.display.yaml
235 lines (232 loc) · 10.4 KB
/
metadata.display.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Blueprint display metadata file is used to define blueprint for marketplace offering UI interface that includes different parameters and their properties including title, description, tooltip, etc.
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: ai-on-gke-display
annotations:
config.kubernetes.io/local-config: "true"
spec:
info:
title: JupyterHub on GKE
source:
repo: https://github.com/GoogleCloudPlatform/ai-on-gke
sourceType: git
dir: /applications/jupyter
ui:
input:
variables:
acknowledge:
name: acknowledge
title: Check to confirm you enabled Google APIs for your project with this command.
section: acknowledge
subtext: |
<pre>
<code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline; line-height: 45px;">gcloud services enable serviceusage.googleapis.com cloudresourcemanager.googleapis.com</code>
</pre>
enumValueLabels:
- label: Confirm that all prerequisites have been met.
value: "true"
iap_consent_info:
name: iap_consent_info
title: Confirm your OAuth consent screen is configured correctly.
section: iap_auth
add_auth:
name: add_auth
title: Enable IAP Authentication
section: iap_auth
additional_labels:
name: additional_labels
title: Additional Labels
invisible: true
section: required_config
autopilot_cluster:
name: autopilot_cluster
title: GKE Cluster Type
section: required_config
invisible: true
cluster_name:
name: cluster_name
title: GKE cluster name
section: required_config
client_id:
name: client_id
title: Client Id
invisible: true
section: iap_auth
client_secret:
name: client_secret
title: Client Secret
invisible: true
section: iap_auth
cluster_location:
name: cluster_location
title: Cluster Location
section: required_config
xGoogleProperty:
type: ET_GCE_REGION
# specified regions have L4 & T4 GPUs https://cloud.google.com/compute/docs/gpus/gpu-regions-zones#view-using-tools
gce_region:
allowlisted_regions: ["asia-east1","asia-southeast1","europe-west1","europe-west4","us-central1","us-east1","us-east4","us-west1","us-west4"]
cluster_membership_id:
name: cluster_membership_id
title: Cluster Membership Id
invisible: true
section: required_config
create_brand:
name: create_brand
title: Create Brand
invisible: true
section: iap_auth
create_cluster:
name: create_cluster
title: Create GKE Cluster
section: required_config
invisible: true
create_gcs_bucket:
name: create_gcs_bucket
title: Create Gcs Bucket
invisible: true
create_network:
name: create_network
title: Create Network
invisible: true
domain:
name: domain
title: Domain to host JupyterHub
section: iap_auth
gcs_bucket:
name: gcs_bucket
title: GCS Bucket
section: required_config
xGoogleProperty:
type: ET_GCS_BUCKET
goog_cm_deployment_name:
name: goog_cm_deployment_name
title: Goog Cm Deployment Name
k8s_backend_config_name:
name: k8s_backend_config_name
title: K8s Backend Config Name
invisible: true
section: iap_auth
k8s_backend_service_name:
name: k8s_backend_service_name
title: K8s Backend Service Name
invisible: true
section: iap_auth
k8s_backend_service_port:
name: k8s_backend_service_port
title: K8s Backend Service Port
invisible: true
section: iap_auth
k8s_iap_secret_name:
name: k8s_iap_secret_name
title: K8s Iap Secret Name
invisible: true
section: iap_auth
k8s_ingress_name:
name: k8s_ingress_name
title: K8s Ingress Name
invisible: true
section: iap_auth
k8s_managed_cert_name:
name: k8s_managed_cert_name
title: K8s Managed Cert Name
invisible: true
section: iap_auth
kubernetes_namespace:
name: kubernetes_namespace
title: Kubernetes Namespace
invisible: true
section: required_config
members_allowlist:
name: members_allowlist
title: Allowlist users to access JupyterHub
section: iap_auth
network_name:
name: network_name
title: Network Name
invisible: true
private_cluster:
name: private_cluster
title: Private Cluster
invisible: true
section: required_config
project_id:
name: project_id
title: Project Id
invisible: true
subnetwork_cidr:
name: subnetwork_cidr
title: Subnetwork Cidr
invisible: true
support_email:
name: support_email
title: Support Email
invisible: true
section: iap_auth
workload_identity_service_account:
name: workload_identity_service_account
title: GCP Workload Identity Service Account
invisible: true
section: required_config
sections:
- name: acknowledge
title: Before you begin
subtext:
This solution deploys a sample <a href="https://github.com/GoogleCloudPlatform/ai-on-gke/blob/release-1.1/applications/jupyter/README.md"><i>JupyterHub</i></a> application on GKE in your project to run your Jupyter notebooks.</br>
- name: required_config
title: Required configuration
- name: iap_auth
title: Optional authentication with Identity-Aware Proxy
subtext: With <a href="https://cloud.google.com/iap/docs/enabling-kubernetes-howto"><i>IAP authentication</i></a>, you can control user access to JupyterHub. To use IAP, you will need to do the following:</br>
<p>
  • Identify a domain for JupyterHub, and</br>
  • Create <a href="https://cloud.google.com/dns/docs/records#add_a_record"<i>DNS A records</i></a> for the domain after the application is deployed.
</p>
Without IAP, users will need to access the GKE cluster and use port-forward to connect to JupyterHub.
runtime:
outputMessage: Deployment can take several minutes to complete.
suggestedActions:
- heading: "Step 1: Create DNS A Records for JupyterHub"
description: If using custom domains for JupyterHub, create DNS A record set (<a href="https://cloud.google.com/dns/docs/records#add_a_record">Google DNS Record Set</a>). Propagation takes 10-15 minutes and logging in won’t succeed until it’s done.
- heading: "Step 2: Launch JupyterHub"
description: |-
<p>
1) If IAP is disabled, port forward to the JupyterHub service:</br>
 • Setup <a href="https://cloud.google.com/sdk/docs/install">gcloud</a> in your environment.</br>
 • Get these values from the Outputs section above: <b>Gke Cluster Name</b>, <b>Gke Cluster Location</b>, <b>Kubernetes Namespace</b> , <b>Project Id</b>, <b>Jupyterhub User</b> and <b>Jupyterhub Password</b> </br>
 • Get cluster credentials: <pre><code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline;">gcloud container clusters get-credentials <Gke Cluster Name> --location=<Gke Cluster Location> --project=<Project Id></code></pre></br>
 • Port forward to JupyterHub: <pre><code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline; line-height: 35px;">kubectl -n <Kubernetes Namespace> port-forward service/proxy-public 3080:80</code></pre> </br>
 • Go to <b>localhost:3080</b> in a browser and log in with <b>Jupyterhub User</b> and <b>Jupyterhub Password</b>
</p>
<p>
2) If IAP is enabled, log in with your organization's credentials. Troubleshooting access issues:</br>
 • SSL or cert errors indicate the cert is provisioning which takes up to 20 minutes.</br>
 • If you're unable to login, go to <a href="https://console.cloud.google.com/security/iap">Google Cloud Platform IAP</a>, select the <b>proxy-public</b> service and add the user with the role <b>IAP-secured Web App User</b>.
</p>
<p>3) Once logged in, choose the appropriate preset and execute notebooks. Sample notebooks are provided <a href="https://github.com/GoogleCloudPlatform/ai-on-gke/tree/release-1.1/ray-on-gke/examples/notebooks">here</a></p>
outputs:
jupyterhub_ip_address: {}
jupyterhub_password: {}
jupyterhub_uri:
openInNewTab: true
showInNotification: true
label: Launch JupyterHub
jupyterhub_user: {}
kubernetes_namespace: {}
gke_cluster_name: {}
gke_cluster_location: {}
project_id: {}