Update Rag Marketplace output (#323)

* fix jupyter sa and update marketplace outputs
GoogleCloudPlatform · Mar 11, 2024 · 56762ac · artemvmin · Mar 12, 2024 · artemvmin
1 parent a9e316e
commit 56762ac
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 26 deletions.
diff --git a/applications/rag/main.tf b/applications/rag/main.tf
@@ -63,6 +63,8 @@ locals {
   ray_service_account     = var.goog_cm_deployment_name != "" ? "${var.goog_cm_deployment_name}-${var.ray_service_account}" : var.ray_service_account
   jupyter_service_account = var.goog_cm_deployment_name != "" ? "${var.goog_cm_deployment_name}-${var.jupyter_service_account}" : var.jupyter_service_account
   rag_service_account     = var.goog_cm_deployment_name != "" ? "${var.goog_cm_deployment_name}-${var.rag_service_account}" : var.rag_service_account
+  frontend_default_uri    = "https://console.cloud.google.com/kubernetes/service/${var.cluster_location}/${var.cluster_name}/${var.kubernetes_namespace}/rag-frontend/overview?project=${var.project_id}"
+
 }
 
 

diff --git a/applications/rag/metadata.display.yaml b/applications/rag/metadata.display.yaml
@@ -197,3 +197,8 @@ spec:
           openInNewTab: true
           showInNotification: true
           label: Go to Jupyter Application
+        frontend_uri:
+          openInNewTab: true
+          showInNotification: true
+          label: Go to Rag Frontend Application
+
diff --git a/applications/rag/metadata.yaml b/applications/rag/metadata.yaml
@@ -135,3 +135,4 @@ spec:
     outputs:
       - name: jupyterhub_password
       - name: jupyterhub_uri
+      - name: frontend_uri
diff --git a/applications/rag/outputs.tf b/applications/rag/outputs.tf
@@ -12,15 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-output "jupyter_domain" {
-  value = module.jupyterhub.jupyterhub_uri
+output "jupyterhub_uri" {
+  value = "http://${module.jupyterhub.jupyterhub_uri}"
 }
 
 output "jupyter_password" {
   value     = module.jupyterhub.jupyterhub_password
   sensitive = true
 }
 
-output "frontend_domain" {
-  value = module.frontend.frontend_uri
+output "frontend_uri" {
+  value = module.frontend.frontend_uri != "" ? "http://${module.frontend.frontend_uri}" : local.frontend_default_uri
 }
diff --git a/infrastructure/platform.tfvars b/infrastructure/platform.tfvars
@@ -13,21 +13,21 @@
 # limitations under the License.
 
 ##common variables
-project_id = "<your project ID>"
+project_id = "ai-on-gke-jss-sandbox"
 #######################################################
 ####    PLATFORM
 #######################################################
 ## network values
 create_network    = true
-network_name      = "ml-network"
-subnetwork_name   = "ml-subnet"
+network_name      = "ml-network99"
+subnetwork_name   = "ml-subnet99"
 subnetwork_cidr   = "10.100.0.0/16"
 subnetwork_region = "us-central1"
 
 ## gke variables
 private_cluster   = false ## true = private cluster, false = public cluster
 autopilot_cluster = false ## true = autopilot cluster, false = standard cluster
-cluster_name      = "ml-cluster"
+cluster_name      = "ml-cluster99"
 cluster_location  = "us-central1"
 
 cpu_pools = [{

diff --git a/modules/jupyter/main.tf b/modules/jupyter/main.tf
@@ -57,44 +57,32 @@ resource "kubernetes_annotations" "hub" {
     namespace = var.namespace
   }
   annotations = {
-    "iam.gke.io/gcp-service-account" = "${var.workload_identity_service_account}@${var.project_id}.iam.gserviceaccount.com"
+    "iam.gke.io/gcp-service-account" = module.jupyterhub-workload-identity.gcp_service_account_email
   }
   depends_on = [
     helm_release.jupyterhub,
-    module.jupyterhub-workload-identity
-  ]
-}
-
-data "google_service_account" "sa" {
-  account_id = var.workload_identity_service_account
-  depends_on = [
-    helm_release.jupyterhub,
-    module.jupyterhub-workload-identity
   ]
 }
 
 resource "google_service_account_iam_binding" "hub-workload-identity-user" {
   count              = var.add_auth ? 1 : 0
-  service_account_id = data.google_service_account.sa.name
+  service_account_id = module.jupyterhub-workload-identity.gcp_service_account
   role               = "roles/iam.workloadIdentityUser"
 
   members = [
     "serviceAccount:${var.project_id}.svc.id.goog[${var.namespace}/hub]",
     "serviceAccount:${var.project_id}.svc.id.goog[${var.namespace}/${var.workload_identity_service_account}]",
   ]
   depends_on = [
-    helm_release.jupyterhub,
-    module.jupyterhub-workload-identity
+    helm_release.jupyterhub
   ]
 }
 
 
-
 resource "google_storage_bucket_iam_member" "gcs-bucket-iam" {
-  bucket     = var.gcs_bucket
-  role       = "roles/storage.objectAdmin"
-  member     = "serviceAccount:${var.workload_identity_service_account}@${var.project_id}.iam.gserviceaccount.com"
-  depends_on = [module.jupyterhub-workload-identity]
+  bucket = var.gcs_bucket
+  role   = "roles/storage.objectAdmin"
+  member = "serviceAccount:${module.jupyterhub-workload-identity.gcp_service_account_email}"
 }
 
 resource "random_password" "generated_password" {