From 2a61aece6e185b040644da00c5ffb5dc3e05a804 Mon Sep 17 00:00:00 2001 From: Aaron Liang Date: Wed, 8 Nov 2023 16:32:11 -0800 Subject: [PATCH 1/2] Change pantheon to cloud console --- jupyter-on-gke/README.md | 4 ++-- jupyter-on-gke/authentication/README.MD | 6 +++--- jupyter-on-gke/variable_definitions.md | 2 +- .../raytrain-examples/raytrain-with-gcsfusecsi/README.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/jupyter-on-gke/README.md b/jupyter-on-gke/README.md index 96789c9f4..bf7220e0a 100644 --- a/jupyter-on-gke/README.md +++ b/jupyter-on-gke/README.md @@ -52,7 +52,7 @@ If not, set `enable_create_namespace` to `true` so a new k8s namespace is create **Note:** We allow user to set their own domains, in the `variables.tf` file. Since we are also using an Ingress Object, it is required for the Ingress to also have specifiy the name of the global static address. - Visit the [GCloud UI](https://pantheon.corp.google.com/security/iap) to see if it's enabled. If it's enabled, you will be able to see the page and will not prompt you to enable API: + Visit the [Cloud Console](https://console.cloud.google.com/security/iap) to see if it's enabled. If it's enabled, you will be able to see the page and will not prompt you to enable API: ![IAP API Screen](./images/iap_enable_api_screenshot.png) @@ -106,7 +106,7 @@ To secure the Jupyter endpoint, this example enables IAP by default. It is _stro 12. Re-run `terraform apply` -13. Navigate to the [GCP IAP Cloud Console](https://pantheon.corp.google.com/security/iap) and select your backend-service checkbox. +13. Navigate to the [GCP IAP Cloud Console](https://console.cloud.google.com/security/iap) and select your backend-service checkbox. 14. Click on `Add Principal`, insert the new principle and select under `Cloud IAP` with role `IAP-secured Web App User` diff --git a/jupyter-on-gke/authentication/README.MD b/jupyter-on-gke/authentication/README.MD index 763b8e79e..8a4a7bec8 100644 --- a/jupyter-on-gke/authentication/README.MD +++ b/jupyter-on-gke/authentication/README.MD @@ -117,7 +117,7 @@ By default, the IAP service is not enabled on the project. If this variable is s ### `brand` and `support_email` -To create an OAuth client, a brand is required. The brand is essentially the app show on the [OAuth consent screen](https://pantheon.corp.google.com/apis/credentials/consent). Ex: +To create an OAuth client, a brand is required. The brand is essentially the app show on the [OAuth consent screen](https://console.cloud.google.com/apis/credentials/consent). Ex: ![IAP Screen](../images/brand_screenshot.png) @@ -127,12 +127,12 @@ The `support_email` variable will not be used if the `brand` variable is not fil There are 2 ways to add users to the IAP allowlist so users can access Jupyterhub. -1. Manually on the GCloud UI +1. Manually on the Cloud Console 2. Add users to the allowlist file ### Manually -Navigate to [IAP](https://pantheon.corp.google.com/security/iap) and select the Backend Service associated with Jupyterhub. +Navigate to [IAP](https://console.cloud.google.com/security/iap) and select the Backend Service associated with Jupyterhub. Click on `Add Principal`. Add the email of the user/group and select the `IAP-secured Web App User` role to give access to that user/group diff --git a/jupyter-on-gke/variable_definitions.md b/jupyter-on-gke/variable_definitions.md index d53bfab5d..dbdfda13d 100644 --- a/jupyter-on-gke/variable_definitions.md +++ b/jupyter-on-gke/variable_definitions.md @@ -55,7 +55,7 @@ Uses [support_email](#support_email) ### support_email -Support email assocated with the [brand](#brand). Used as a point of contact for consent for the ["OAuth Consent" in Pantheon](https://pantheon.corp.google.com/apis/credentials/consent). It will not be used if brand is empty. +Support email assocated with the [brand](#brand). Used as a point of contact for consent for the ["OAuth Consent" in Cloud Console](https://console.cloud.google.com/apis/credentials/consent). It will not be used if brand is empty. ### url_domain_addr diff --git a/ray-on-gke/raytrain-examples/raytrain-with-gcsfusecsi/README.md b/ray-on-gke/raytrain-examples/raytrain-with-gcsfusecsi/README.md index 148ed2957..cbbc54cd2 100644 --- a/ray-on-gke/raytrain-examples/raytrain-with-gcsfusecsi/README.md +++ b/ray-on-gke/raytrain-examples/raytrain-with-gcsfusecsi/README.md @@ -98,5 +98,5 @@ http://tensorflow-0:8888/?token= :: /home/jovyan ``` kubectl port-forward -n example service/example-cluster-kuberay-head-svc 8265:8265 ``` -14. During an ongoing traing, the pod resource usage of CPU, Memory, GPU, GPU Memory can be visualized with the GKE Pantheon UI for the workloads +14. During an ongoing traing, the pod resource usage of CPU, Memory, GPU, GPU Memory can be visualized with the GKE Cloud Console for the workloads example ![Ray Head resources](https://github.com/GoogleCloudPlatform/ai-on-gke/blob/main/ray-on-gke/raytrain-examples/images/ray-head-resources.png) and ![Ray Worker resources](https://github.com/GoogleCloudPlatform/ai-on-gke/blob/main/ray-on-gke/raytrain-examples/images/ray-worker-resources.png) From 6d89273a5d4c17f3299be42eddf190e39483a5b2 Mon Sep 17 00:00:00 2001 From: Aaron Liang Date: Fri, 17 Nov 2023 16:11:44 -0800 Subject: [PATCH 2/2] Increase default Jupyterhub singler user memory and cpu --- jupyter-on-gke/jupyter_config/config-selfauth.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/jupyter-on-gke/jupyter_config/config-selfauth.yaml b/jupyter-on-gke/jupyter_config/config-selfauth.yaml index 6a1d31abf..a92cc7330 100644 --- a/jupyter-on-gke/jupyter_config/config-selfauth.yaml +++ b/jupyter-on-gke/jupyter_config/config-selfauth.yaml @@ -66,11 +66,16 @@ scheduling: singleuser: memory: - limit: 1G - guarantee: 1G + limit: 32G + guarantee: 8G cpu: - limit: .5 - guarantee: .5 + limit: 8 + guarantee: 4 + extraResource: + limits: + ephemeral-storage: 20Gi + guarantees: + ephemeral-storage: 10Gi nodeSelector: iam.gke.io/gke-metadata-server-enabled: "true" image: