Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Ray, RAG and Jupyter Marketplace UI #558

Merged
merged 2 commits into from
Apr 4, 2024
Merged

Update Ray, RAG and Jupyter Marketplace UI #558

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
061ee4a
Update Ray, RAG and Jupyter Marketplace UI
imreddy13 Apr 2, 2024
0dab679
Added new IAP validation block (#559)
umeshkumhar Apr 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion applications/jupyter/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ module "project-services" {
"servicenetworking.googleapis.com",
"serviceusage.googleapis.com",
"sourcerepo.googleapis.com",
(var.add_auth ? ["iap.googleapis.com"] : [])
"iap.googleapis.com"
])
}

Expand Down
99 changes: 63 additions & 36 deletions applications/jupyter/metadata.display.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,29 @@ spec:
variables:
acknowledge:
name: acknowledge
title: Confirm that all prerequisites have been met.
title: Check to confirm you enabled Google APIs for your project with this command.
section: acknowledge
subtext: This solution will incur additional costs due to resource creation and necessary Google API usage. Please confirm to proceed.
subtext: |
<pre>
<code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline; line-height: 45px;">gcloud services enable serviceusage.googleapis.com cloudresourcemanager.googleapis.com</code>
</pre>
enumValueLabels:
- label: Confirm that all prerequisites have been met.
value: "true"
solution_deployment_view:
name: solution_deployment_view
title: Check to confirm that upon deployment completion, you need to go to the Solution deployment page, find your deployment, and follow suggested next steps on the deployment DETAILS tab.
section: acknowledge
subtext: <p>
<a href="https://console.cloud.google.com/products/solutions/deployments"><i>Solution deployment page</i></a>
</p>
enumValueLabels:
- label: Confirm that all prerequisites have been met.
value: "true"
iap_consent_info:
name: iap_consent_info
title: Confirm your OAuth consent screen is configured correctly.
section: iap_auth
add_auth:
name: add_auth
title: Enable IAP Authentication
Expand All @@ -46,12 +63,16 @@ spec:
name: additional_labels
title: Additional Labels
invisible: true
section: cluster_details
section: required_config
autopilot_cluster:
name: autopilot_cluster
title: GKE Cluster Type
section: cluster_details
section: required_config
invisible: true
cluster_name:
name: cluster_name
title: GKE cluster name
section: required_config
client_id:
name: client_id
title: Client Id
Expand All @@ -65,18 +86,14 @@ spec:
cluster_location:
name: cluster_location
title: Cluster Location
section: cluster_details
section: required_config
xGoogleProperty:
type: ET_GCE_REGION
cluster_membership_id:
name: cluster_membership_id
title: Cluster Membership Id
invisible: true
section: cluster_details
cluster_name:
name: cluster_name
title: Cluster Name
section: cluster_details
section: required_config
create_brand:
name: create_brand
title: Create Brand
Expand All @@ -85,7 +102,7 @@ spec:
create_cluster:
name: create_cluster
title: Create GKE Cluster
section: cluster_details
section: required_config
invisible: true
create_gcs_bucket:
name: create_gcs_bucket
Expand All @@ -97,12 +114,12 @@ spec:
invisible: true
domain:
name: domain
title: Domain
title: Domain to host JupyterHub
section: iap_auth
gcs_bucket:
name: gcs_bucket
title: GCS Bucket
section: jupyterhub
section: required_config
xGoogleProperty:
type: ET_GCS_BUCKET
goog_cm_deployment_name:
Expand Down Expand Up @@ -142,10 +159,10 @@ spec:
name: kubernetes_namespace
title: Kubernetes Namespace
invisible: true
section: cluster_details
section: required_config
members_allowlist:
name: members_allowlist
title: Members Allowlist
title: Allowlist users to access JupyterHub
section: iap_auth
network_name:
name: network_name
Expand All @@ -155,7 +172,7 @@ spec:
name: private_cluster
title: Private Cluster
invisible: true
section: cluster_details
section: required_config
project_id:
name: project_id
title: Project Id
Expand All @@ -173,40 +190,50 @@ spec:
name: workload_identity_service_account
title: GCP Workload Identity Service Account
invisible: true
section: jupyterhub
section: required_config
sections:
- name: cluster_details
title: New GKE Cluster Configuration
- name: jupyterhub
title: Other Configuration
- name: acknowledge
title: Before you begin
subtext:
This solution deploys a sample <a href="https://github.com/GoogleCloudPlatform/ai-on-gke/blob/release-1.1/applications/jupyter/README.md"><i>JupyterHub</i></a> application on GKE in your project to run your Jupyter notebooks.</br>
- name: required_config
title: Required configuration
- name: iap_auth
title: Configure Authenticated Access for JupyterHub
subtext: Make sure the <a href="https://developers.google.com/workspace/guides/configure-oauth-consent#configure_oauth_consent"><i>OAuth Consent Screen</i></a> is configured for your project. Ensure <b>User type</b> is set to <i>Internal</i>. Note that by default, only users within your organization can be allowlisted. To add external users, change the <b>User type</b> to <i>External</i> after the application is deployed.
title: Optional authentication with Identity-Aware Proxy
subtext: With <a href="https://cloud.google.com/iap/docs/enabling-kubernetes-howto"><i>IAP authentication</i></a>, you can control user access to JupyterHub. To use IAP, you will need to do the following:</br>
<p>
&emsp;&emsp;&#x2022; Identify a domain for JupyterHub, and</br>
&emsp;&emsp;&#x2022; Create <a href="https://cloud.google.com/dns/docs/records#add_a_record"<i>DNS A records</i></a> for the domain after the application is deployed.
</p>
Without IAP, users will need to access the GKE cluster and use port-forward to connect to JupyterHub.
runtime:
outputMessage: Deployment can take several minutes to complete.
suggestedActions:
- heading: "Step 1: Create DNS A Records for JupyterHub"
description: If using custom domains for JupyterHub, create DNS A record set (<a href="https://cloud.google.com/dns/docs/records#add_a_record">Google DNS Record Set</a>). Propagation takes 10-15 minutes and logging in won’t succeed until it’s done.
- heading: "Step 2: Go to JupyterHub Application"
- heading: "Step 2: Launch JupyterHub"
description: |-
<li>If IAP is enabled, log in with your organization's credentials. SSL or cert errors indicate the cert is provisioning which takes up to 20 minutes.</li>
<li>If IAP is disabled:
<ul>
<li>(1) Setup gcloud in your environment</li>
<li>(2) Get these values from the Outputs section above: the <i>GKE Cluster Name</i>, <i>GKE Cluster Location</i>, <i>Kubernetes Namespace</i> , <i>Project Id</i>, <i>Jupyterhub User</i> and <i>Jupyterhub Password</i> </li>
<li>(3) Get cluster credentials: <b>gcloud container clusters get-credentials <Gke Cluster Name> --location=<Gke Cluster Location> --project=<Project Id></b> </li>
<li>(4) Port forward to JupyterHub: <b>kubectl -n <Kubernetes Namespace> port-forward service/proxy-public 3080:80</b> </li>
<li>(5) Go to <i>localhost:3080</i> in a browser and log in with <i>Jupyterhub User</i> and <i>Jupyterhub Password</i></li>
<ul>
</li>
<li>Once logged in, choose the appropriate preset and execute notebooks. Sample notebooks are provided <a href="https://github.com/GoogleCloudPlatform/ai-on-gke/tree/main/ray-on-gke/examples/notebooks">here</a></li>
<p>
1&#41; If IAP is disabled, port forward to the JupyterHub service:</br>
&emsp;&#x2022; Setup <a href="https://cloud.google.com/sdk/docs/install">gcloud</a> in your environment.</br>
&emsp;&#x2022; Get these values from the Outputs section above: <b>Gke Cluster Name</b>, <b>Gke Cluster Location</b>, <b>Kubernetes Namespace</b> , <b>Project Id</b>, <b>Jupyterhub User</b> and <b>Jupyterhub Password</b> </br>
&emsp;&#x2022; Get cluster credentials: <pre><code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline;">gcloud container clusters get-credentials &ltGke Cluster Name&gt --location=&ltGke Cluster Location&gt --project=&ltProject Id&gt</code></pre></br>
&emsp;&#x2022; Port forward to JupyterHub: <pre><code style="background: #f4f4f4;border: 1px solid #ddd; border-left: 3px solid #3367d6; color: #6d6868; font-size: 12px; max-width: 100%; padding: 0.5em 0.5em; display: inline; line-height: 35px;">kubectl -n &ltKubernetes Namespace&gt port-forward service/proxy-public 3080:80</code></pre> </br>
&emsp;&#x2022; Go to <b>localhost:3080</b> in a browser and log in with <b>Jupyterhub User</b> and <b>Jupyterhub Password</b>
</p>
<p>
2&#41; If IAP is enabled, log in with your organization's credentials. Troubleshooting access issues:</br>
&emsp;&#x2022; SSL or cert errors indicate the cert is provisioning which takes up to 20 minutes.</br>
&emsp;&#x2022; If you're unable to login, go to <a href="https://console.cloud.google.com/security/iap">Google Cloud Platform IAP</a>, select the <b>proxy-public</b> service and add the user with the role <b>IAP-secured Web App User</b>.
</p>
<p>3&#41; Once logged in, choose the appropriate preset and execute notebooks. Sample notebooks are provided <a href="https://github.com/GoogleCloudPlatform/ai-on-gke/tree/release-1.1/ray-on-gke/examples/notebooks">here</a></p>
outputs:
jupyterhub_ip_address: {}
jupyterhub_password: {}
jupyterhub_uri:
openInNewTab: true
showInNotification: true
label: Go to JupyterHub Application
label: Launch JupyterHub
jupyterhub_user: {}
kubernetes_namespace: {}
gke_cluster_name: {}
Expand Down
17 changes: 12 additions & 5 deletions applications/jupyter/metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,13 @@ spec:
- name: acknowledge
varType: bool
required: true
- name: solution_deployment_view
varType: bool
required: true
- name: iap_consent_info
description: Configure the <a href="https://developers.google.com/workspace/guides/configure-oauth-consent#configure_oauth_consent"><i>OAuth Consent Screen</i></a> for your project. Ensure <b>User type</b> is set to <i>Internal</i>. Note that by default, only users within your organization can be allowlisted. To add external users, change the <b>User type</b> to <i>External</i> after the application is deployed.
varType: bool
defaultValue: false
- name: add_auth
description: Enable IAP authentication on jupyterhub
varType: bool
Expand All @@ -55,16 +62,16 @@ spec:
description: Client secret used for enabling IAP
varType: string
defaultValue: ""
- name: cluster_name
varType: string
defaultValue: "ai-on-gke"
- name: cluster_location
varType: string
required: true
- name: cluster_membership_id
description: "require to use connectgateway for private clusters, default: cluster_name"
varType: string
defaultValue: ""
- name: cluster_name
varType: string
defaultValue: "ai-on-gke"
- name: create_brand
description: Create Brand OAuth Screen
varType: bool
Expand All @@ -83,7 +90,7 @@ spec:
- name: domain
description: Domain used for application and SSL certificate.
varType: string
defaultValue: "jupyter.example.com"
defaultValue: "<your JupyterHub domain here>"
- name: gcs_bucket
description: Bucket name to store the dataset. The bucket name must be globally unique across google cloud projects
varType: string
Expand Down Expand Up @@ -121,7 +128,7 @@ spec:
- name: members_allowlist
description: "For example - user:[email protected],serviceAccount:[email protected],group:[email protected],domain:google.com"
varType: string
defaultValue: ""
defaultValue: "user:<your-email-here>"
- name: network_name
description: Network name of VPC
varType: string
Expand Down
1 change: 0 additions & 1 deletion applications/rag/frontend/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,4 +191,3 @@ resource "kubernetes_deployment" "rag_frontend_deployment" {
}
}
}

5 changes: 2 additions & 3 deletions applications/rag/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ module "project-services" {
"serviceusage.googleapis.com",
"sourcerepo.googleapis.com",
"sqladmin.googleapis.com",
(var.frontend_add_auth || var.jupyter_add_auth ? ["iap.googleapis.com"] : [])
"iap.googleapis.com"
])
}

Expand Down Expand Up @@ -255,7 +255,7 @@ module "kuberay-cluster" {
k8s_backend_config_name = var.ray_dashboard_k8s_backend_config_name
k8s_backend_service_port = var.ray_dashboard_k8s_backend_service_port
domain = var.ray_dashboard_domain
members_allowlist = var.ray_dashboard_members_allowlist
members_allowlist = var.ray_dashboard_members_allowlist != "" ? split(",", var.ray_dashboard_members_allowlist) : []
}

module "kuberay-monitoring" {
Expand Down Expand Up @@ -310,4 +310,3 @@ module "frontend" {
members_allowlist = var.frontend_members_allowlist != "" ? split(",", var.frontend_members_allowlist) : []
depends_on = [module.namespace]
}

Loading
Loading