Fix Jit notebook service account.
This commit is contained in:
parent
fd07c444cb
commit
e213f156ad
|
@ -98,5 +98,5 @@ module "test" {
|
|||
prefix = "prefix"
|
||||
}
|
||||
|
||||
# tftest modules=9 resources=46
|
||||
# tftest modules=9 resources=47
|
||||
```
|
||||
|
|
|
@ -17,30 +17,35 @@ This sample creates several distinct groups of resources:
|
|||
- One BigQuery dataset
|
||||
|
||||
## Virtual Private Cloud (VPC) design
|
||||
|
||||
As is often the case in real-world configurations, this blueprint accepts as input an existing Shared-VPC via the network_config variable. Make sure that 'container.googleapis.com', 'notebooks.googleapis.com' and 'servicenetworking.googleapis.com' are enabled in the VPC host project.
|
||||
|
||||
If the network_config variable is not provided, one VPC will be created in each project that supports network resources (load, transformation and orchestration).
|
||||
|
||||
## Deploy your enviroment
|
||||
|
||||
We assume the identiy running the following steps has the following role:
|
||||
|
||||
- resourcemanager.projectCreator in case a new project will be created.
|
||||
- owner on the project in case you use an existing project.
|
||||
|
||||
Run Terraform init:
|
||||
|
||||
```
|
||||
$ terraform init
|
||||
terraform init
|
||||
```
|
||||
|
||||
Configure the Terraform variable in your terraform.tfvars file. You need to spefify at least the following variables:
|
||||
|
||||
```
|
||||
prefix = "prefix"
|
||||
project_id = "data-001"
|
||||
```
|
||||
|
||||
You can run now:
|
||||
|
||||
```
|
||||
$ terraform apply
|
||||
terraform apply
|
||||
```
|
||||
|
||||
You can now connect to the Vertex AI notbook to perform your data analysy.
|
||||
|
@ -81,5 +86,5 @@ module "test" {
|
|||
parent = "folders/467898377"
|
||||
}
|
||||
}
|
||||
# tftest modules=8 resources=39
|
||||
# tftest modules=8 resources=40
|
||||
```
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
# MLOps with Vertex AI
|
||||
|
||||
## Introduction
|
||||
|
||||
This example implements the infrastructure required to deploy an end-to-end [MLOps process](https://services.google.com/fh/files/misc/practitioners_guide_to_mlops_whitepaper.pdf) using [Vertex AI](https://cloud.google.com/vertex-ai) platform.
|
||||
|
||||
## GCP resources
|
||||
|
||||
The blueprint will deploy all the required resources to have a fully functional MLOPs environment containing:
|
||||
|
||||
- Vertex Workbench (for the experimentation environment)
|
||||
- GCP Project (optional) to host all the resources
|
||||
- Isolated VPC network and a subnet to be used by Vertex and Dataflow. Alternatively, an external Shared VPC can be configured using the `network_config`variable.
|
||||
|
@ -34,6 +37,7 @@ We use the following groups to control access to resources:
|
|||
Please note that these groups are not suitable for production grade environments. Roles can be customized in the `main.tf`file.
|
||||
|
||||
## Instructions
|
||||
|
||||
### Deploy the experimentation environment
|
||||
|
||||
- Create a `terraform.tfvars` file and specify the variables to match your desired configuration. You can use the provided `terraform.tfvars.sample` as reference.
|
||||
|
@ -76,6 +80,7 @@ This blueprint can be used as a building block for setting up an end2end ML Ops
|
|||
<!-- END TFDOC -->
|
||||
|
||||
## TODO
|
||||
|
||||
- Add support for User Managed Notebooks, SA permission option and non default SA for Single User mode.
|
||||
- Improve default naming for local VPC and Cloud NAT
|
||||
|
||||
|
@ -105,5 +110,5 @@ module "test" {
|
|||
parent = "folders/111111111111"
|
||||
}
|
||||
}
|
||||
# tftest modules=12 resources=56
|
||||
# tftest modules=12 resources=57
|
||||
```
|
||||
|
|
|
@ -83,6 +83,7 @@ locals {
|
|||
"multiclusteringress.googleapis.com", # grant roles/multiclusteringress.serviceAgent to multicluster-ingress
|
||||
"pubsub.googleapis.com", # grant roles/pubsub.serviceAgent to pubsub
|
||||
"meshconfig.googleapis.com", # grant roles/anthosservicemesh.serviceAgent to meshconfig
|
||||
"notebooks.googleapis.com", # no grants needed
|
||||
"secretmanager.googleapis.com", # no grants needed
|
||||
"sqladmin.googleapis.com", # grant roles/cloudsql.serviceAgent to sqladmin (TODO: verify)
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue