Skip to content

Latest commit

 

History

History
628 lines (476 loc) · 19.9 KB

workbench_instance.html.markdown

File metadata and controls

628 lines (476 loc) · 19.9 KB
subcategory description
Vertex AI Workbench
A Workbench instance.

google_workbench_instance

A Workbench instance.

To get more information about Instance, see:

## Example Usage - Workbench Instance Basic 
resource "google_workbench_instance" "instance" {
  name = "workbench-instance"
  location = "us-west1-a"
}
## Example Usage - Workbench Instance Basic Container 
resource "google_workbench_instance" "instance" {
  name = "workbench-instance"
  location = "us-west1-a"

  gce_setup {
    container_image {
      repository = "us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310"
      tag = "latest"
    }
  }
}
## Example Usage - Workbench Instance Basic Gpu 
resource "google_workbench_instance" "instance" {
  name = "workbench-instance"
  location = "us-central1-a"
  gce_setup {
    machine_type = "n1-standard-1" // cant be e2 because of accelerator
    accelerator_configs {
      type         = "NVIDIA_TESLA_T4"
      core_count   = 1
    }
    vm_image {
      project      = "cloud-notebooks-managed"
      family       = "workbench-instances"
    }
  }
}

Example Usage - Workbench Instance Labels Stopped

resource "google_workbench_instance" "instance" {
  name = "workbench-instance"
  location = "us-central1-a"

  gce_setup {
    machine_type = "e2-standard-4"

    shielded_instance_config {
      enable_secure_boot = false
      enable_vtpm = false
      enable_integrity_monitoring = false
    }

    service_accounts {
      email = "[email protected]"
    }

    metadata = {
      terraform = "true"
    }

  }

  labels = {
    k = "val"
  }

  desired_state = "STOPPED"

}

Example Usage - Workbench Instance Full

resource "google_compute_network" "my_network" {
  name = "wbi-test-default"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "my_subnetwork" {
  name   = "wbi-test-default"
  network = google_compute_network.my_network.id
  region = "us-central1"
  ip_cidr_range = "10.0.1.0/24"
}

resource "google_compute_address" "static" {
  name = "wbi-test-default"
}

resource "google_service_account_iam_binding" "act_as_permission" {
  service_account_id = "projects/my-project-name/serviceAccounts/[email protected]"
  role               = "roles/iam.serviceAccountUser"
  members = [
    "user:[email protected]",
  ]
}

resource "google_workbench_instance" "instance" {
  name = "workbench-instance"
  location = "us-central1-a"

  gce_setup {
    machine_type = "n1-standard-4" // cant be e2 because of accelerator
    accelerator_configs {
      type         = "NVIDIA_TESLA_T4"
      core_count   = 1
    }

    shielded_instance_config {
      enable_secure_boot = true
      enable_vtpm = true
      enable_integrity_monitoring = true
    }

    disable_public_ip = false

    service_accounts {
      email = "[email protected]"
    }

    boot_disk {
      disk_size_gb  = 310
      disk_type = "PD_SSD"
      disk_encryption = "CMEK"
      kms_key = "my-crypto-key"
    }

    data_disks {
      disk_size_gb  = 330
      disk_type = "PD_SSD"
      disk_encryption = "CMEK"
      kms_key = "my-crypto-key"
    }

    network_interfaces {
      network = google_compute_network.my_network.id
      subnet = google_compute_subnetwork.my_subnetwork.id
      nic_type = "GVNIC"
      access_configs {
        external_ip = google_compute_address.static.address
      }
    }

    metadata = {
      terraform = "true"
    }

    enable_ip_forwarding = true

    tags = ["abc", "def"]

  }

  disable_proxy_access = "true"

  instance_owners  = ["[email protected]"]

  labels = {
    k = "val"
  }

  desired_state = "ACTIVE"

  enable_third_party_identity = "true"

}

Argument Reference

The following arguments are supported:

  • name - (Required) The name of this workbench instance. Format: projects/{project_id}/locations/{location}/instances/{instance_id}

  • location - (Required) Part of parent. See documentation of projectsId.

  • gce_setup - (Optional) The definition of how to configure a VM instance outside of Resources and Identity. Structure is documented below.

  • instance_owners - (Optional) 'Optional. Input only. The owner of this instance after creation. Format: [email protected] Currently supports one owner only. If not specified, all of the service account users of your VM instance''s service account can use the instance. If specified, sets the access mode to Single user. For more details, see https://cloud.google.com/vertex-ai/docs/workbench/instances/manage-access-jupyterlab'

  • disable_proxy_access - (Optional) Optional. If true, the workbench instance will not register with the proxy.

  • labels - (Optional) Optional. Labels to apply to this instance. These can be later modified by the UpdateInstance method.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

  • enable_third_party_identity - (Optional) Flag that specifies that a notebook can be accessed with third party identity provider.

  • instance_id - (Optional) Required. User-defined unique ID of this instance.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • desired_state - (Optional) Desired state of the Workbench Instance. Set this field to ACTIVE to start the Instance, and STOPPED to stop the Instance.

The gce_setup block supports:

  • machine_type - (Optional) Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource

  • accelerator_configs - (Optional) The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has enough vCPUs and memory to support the machine_type you have selected. Currently supports only one accelerator configuration. Structure is documented below.

  • shielded_instance_config - (Optional) A set of Shielded Instance options. See Images using supported Shielded VM features. Not all combinations are valid. Structure is documented below.

  • service_accounts - (Optional) The service account that serves as an identity for the VM instance. Currently supports only one service account. Structure is documented below.

  • vm_image - (Optional) Definition of a custom Compute Engine virtual machine image for starting a workbench instance with the environment installed directly on the VM. Structure is documented below.

  • container_image - (Optional) Use a container image to start the workbench instance. Structure is documented below.

  • boot_disk - (Optional) The definition of a boot disk. Structure is documented below.

  • data_disks - (Optional) Data disks attached to the VM instance. Currently supports only one data disk. Structure is documented below.

  • network_interfaces - (Optional) The network interfaces for the VM. Supports only one interface. Structure is documented below.

  • disable_public_ip - (Optional) Optional. If true, no external IP will be assigned to this VM instance.

  • tags - (Optional) Optional. The Compute Engine tags to add to instance (see Tagging instances).

  • metadata - (Optional) Optional. Custom metadata to apply to this instance.

  • enable_ip_forwarding - (Optional) Optional. Flag to enable ip forwarding or not, default false/off. https://cloud.google.com/vpc/docs/using-routes#canipforward

The accelerator_configs block supports:

  • type - (Optional) Optional. Type of this accelerator. Possible values are: NVIDIA_TESLA_P100, NVIDIA_TESLA_V100, NVIDIA_TESLA_P4, NVIDIA_TESLA_T4, NVIDIA_TESLA_A100, NVIDIA_A100_80GB, NVIDIA_L4, NVIDIA_TESLA_T4_VWS, NVIDIA_TESLA_P100_VWS, NVIDIA_TESLA_P4_VWS.

  • core_count - (Optional) Optional. Count of cores of this accelerator.

The shielded_instance_config block supports:

  • enable_secure_boot - (Optional) Optional. Defines whether the VM instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Disabled by default.

  • enable_vtpm - (Optional) Optional. Defines whether the VM instance has the vTPM enabled. Enabled by default.

  • enable_integrity_monitoring - (Optional) Optional. Defines whether the VM instance has integrity monitoring enabled. Enables monitoring and attestation of the boot integrity of the VM instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the VM instance is created. Enabled by default.

The service_accounts block supports:

  • email - (Optional) Optional. Email address of the service account.

  • scopes - (Output) Output only. The list of scopes to be made available for this service account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform

The vm_image block supports:

  • project - (Optional) The name of the Google Cloud project that this VM image belongs to. Format: {project_id}

  • name - (Optional) Optional. Use VM image name to find the image.

  • family - (Optional) Optional. Use this VM image family to find the image; the newest image in this family will be used.

The container_image block supports:

  • repository - (Required) The path to the container image repository. For example: gcr.io/{project_id}/{imageName}

  • tag - (Optional) The tag of the container image. If not specified, this defaults to the latest tag.

The boot_disk block supports:

  • disk_size_gb - (Optional) Optional. The size of the boot disk in GB attached to this instance, up to a maximum of 64000 GB (64 TB). If not specified, this defaults to the recommended value of 150GB.

  • disk_type - (Optional) Optional. Indicates the type of the disk. Possible values are: PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME.

  • disk_encryption - (Optional) Optional. Input only. Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values are: GMEK, CMEK.

  • kms_key - (Optional) 'Optional. The KMS key used to encrypt the disks, only applicable if disk_encryption is CMEK. Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} Learn more about using your own encryption keys.'

The data_disks block supports:

  • disk_size_gb - (Optional) Optional. The size of the disk in GB attached to this VM instance, up to a maximum of 64000 GB (64 TB). If not specified, this defaults to 100.

  • disk_type - (Optional) Optional. Input only. Indicates the type of the disk. Possible values are: PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME.

  • disk_encryption - (Optional) Optional. Input only. Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values are: GMEK, CMEK.

  • kms_key - (Optional) 'Optional. The KMS key used to encrypt the disks, only applicable if disk_encryption is CMEK. Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} Learn more about using your own encryption keys.'

The network_interfaces block supports:

  • network - (Optional) Optional. The name of the VPC that this VM instance is in.

  • subnet - (Optional) Optional. The name of the subnet that this VM instance is in.

  • nic_type - (Optional) Optional. The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet. Possible values are: VIRTIO_NET, GVNIC.

  • access_configs - (Optional) Optional. An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If no accessConfigs specified, the instance will have an external internet access through an ephemeral external IP address. Structure is documented below.

The access_configs block supports:

  • external_ip - (Required) An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}

  • proxy_uri - Output only. The proxy endpoint that is used to access the Jupyter notebook.

  • creator - Output only. Email address of entity that sent original CreateInstance request.

  • state - Output only. The state of this instance.

  • upgrade_history - Output only. The upgrade history of this instance. Structure is documented below.

  • health_state - Output only. Instance health_state.

  • health_info - 'Output only. Additional information about instance health. Example: healthInfo": { "docker_proxy_agent_status": "1", "docker_status": "1", "jupyterlab_api_status": "-1", "jupyterlab_status": "-1", "updated": "2020-10-18 09:40:03.573409" }'

  • create_time - An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. The milliseconds portion (".SSS") is optional.

  • update_time - An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. The milliseconds portion (".SSS") is optional.

  • terraform_labels - The combination of labels configured directly on the resource and default labels configured on the provider.

  • effective_labels - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

The upgrade_history block contains:

  • snapshot - (Optional) Optional. The snapshot of the boot disk of this workbench instance before upgrade.

  • vm_image - (Optional) Optional. The VM image before this instance upgrade.

  • container_image - (Optional) Optional. The container image before this instance upgrade.

  • framework - (Optional) Optional. The framework of this workbench instance.

  • version - (Optional) Optional. The version of the workbench instance before this upgrade.

  • state - (Output) Output only. The state of this instance upgrade history entry.

  • create_time - (Optional) An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. The milliseconds portion (".SSS") is optional.

  • action - (Optional) Optional. Action. Rolloback or Upgrade.

  • target_version - (Optional) Optional. Target VM Version, like m63.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Instance can be imported using any of these accepted formats:

  • projects/{{project}}/locations/{{location}}/instances/{{name}}
  • {{project}}/{{location}}/{{name}}
  • {{location}}/{{name}}

In Terraform v1.5.0 and later, use an import block to import Instance using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/instances/{{name}}"
  to = google_workbench_instance.default
}

When using the terraform import command, Instance can be imported using one of the formats above. For example:

$ terraform import google_workbench_instance.default projects/{{project}}/locations/{{location}}/instances/{{name}}
$ terraform import google_workbench_instance.default {{project}}/{{location}}/{{name}}
$ terraform import google_workbench_instance.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.