Update documentation notebook deployment

JMGaljaard · Sep 6, 2022 · b5e2518 · b5e2518
1 parent 491ae33
commit b5e2518
Showing 1 changed file with 28 additions and 19 deletions.
diff --git a/jupyter/terraform_notebook.ipynb b/jupyter/terraform_notebook.ipynb
@@ -19,16 +19,16 @@
     " * (Windows only) It is strongly recommended to install every dependency in a Windows Subsystem for Linux shell. For installation refer to [here](https://docs.microsoft.com/en-us/windows/wsl/install).\n",
     " * GCloud SDK\n",
     "    - Follow the installation instructions [here](https://cloud.google.com/sdk/docs/install)\n",
-    "    - Initialize the SDK with `gcloud init`\n",
+    "    - Initialize the SDK with `gcloud init`, if prompted you may ignore to set/create a default/first project.\n",
     "    - ⚠️ Run the command `gcloud auth application-default login`\n",
     "        - ℹ️ We need to run this command to utilize your login credentials programmatically with terraform. This is needed as we will use these to impersonate a service account during the creation and setup of the Kubernetes cluster.\n",
     "    - ⚠️ Run the command `gcloud components install beta`\n",
     "        - ℹ️ We need to run this command to list the billing account IDs and enable billing. Currently, these features fall under beta access.\n",
     " * Kubectl\n",
     " * Helm\n",
     " * Terraform\n",
-    " * Python3.9\n",
-    "   * Jupyter, ipython, bash_kernel\n",
+    " * Python3.9/10\n",
+    "   * jupyter, ipython, bash_kernel\n",
     "```bash\n",
     "pip3 install jupyter ipython bash_kernel\n",
     "python3 -m bash_kernel.install\n",
@@ -56,7 +56,7 @@
     "To make sure we can request resources on Google Cloud Platform (GCP), perform the following;\n",
     "\n",
     "1. Create a GCP account on [https://cloud.google.com](https://cloud.google.com), using a Google account\n",
-    "2. Redeem your academic coupon on GCP, see Brightspace for information on obtaining the $\\$$50 academic coupon, or use the free $\\$$300 credits for new users provided by Google.\n",
+    "2. Redeem your academic coupon on GCP, see Brightspace for information on obtaining the \\\\$50 academic coupon, or use the free \\\\$300 credits for new users provided by Google.\n",
     "\n",
     "\n",
     "3. (Non unix systems) Make sure to use the `Bash` kernel, not a Python or other kernel. For those on windows machines, make sure to launch the `jupyter notebook` server from a bash-compliant commandline, we recommend Windows Subsystem for Linux.\n",
@@ -208,25 +208,26 @@
    "source": [
     "# Helper function to quickly enable gcp roles, assumes $PRIVILEGED_ACCOUNT_ID and $PROJECT_ID to be set.\n",
     "function enable_gcp_role () {\n",
+    "  ROLE=$1\n",
     "  gcloud projects add-iam-policy-binding \\\n",
     "    $PROJECT_ID \\\n",
     "    --member=\"serviceAccount:$PRIVILEGED_ACCOUNT_ID\" \\\n",
-    "    --role=\"roles/$1\"\n",
+    "    --role=\"roles/$ROLE\"\n",
     "}\n",
     "\n",
     "# Create service-account\n",
     "gcloud iam service-accounts create $ACCOUNT_ID --display-name=\"Terraform service account\" --project ${PROJECT_ID}\n",
     "\n",
     "# Allow the service account to use the the set of roles below.\n",
-    "enable_gcp_role \"compute.viewer\"\n",
-    "enable_gcp_role \"storage.objectViewer\"\n",
-    "enable_gcp_role \"compute.securityAdmin\"\n",
-    "enable_gcp_role \"container.clusterViewer\"\n",
-    "enable_gcp_role \"container.clusterAdmin\"\n",
-    "enable_gcp_role \"container.developer\"\n",
-    "enable_gcp_role \"iam.serviceAccountAdmin\"\n",
-    "enable_gcp_role \"iam.serviceAccountUser\"\n",
-    "enable_gcp_role \"compute.networkAdmin\"\n"
+    "enable_gcp_role \"compute.viewer\"                # Allow the service account to see active resources\n",
+    "enable_gcp_role \"storage.objectViewer\"          # Allow the service account/managed resources to pull from gcr.io (your code)\n",
+    "enable_gcp_role \"compute.networkAdmin\"          # Needed for setting up private network\n",
+    "enable_gcp_role \"compute.securityAdmin\"         # Needed for GKE\n",
+    "enable_gcp_role \"container.clusterViewer\"       # Needed for GKE\n",
+    "enable_gcp_role \"container.clusterAdmin\"        # Needed for GKE\n",
+    "enable_gcp_role \"container.developer\"           # Needed for GKE\n",
+    "enable_gcp_role \"iam.serviceAccountAdmin\"       # Needed for GKE\n",
+    "enable_gcp_role \"iam.serviceAccountUser\"        # Needed for GKE\n"
    ]
   },
   {
@@ -262,7 +263,11 @@
   },
   {
    "cell_type": "markdown",
-   "metadata": {},
+   "metadata": {
+    "pycharm": {
+     "name": "#%% md\n"
+    }
+   },
    "source": [
     "To enable using your account's credentials, run the command below. This will open in a new tab/open the link that is displayed. Afterwards you can use your own credentials to impersonate the service account. \n",
     "\n",
@@ -272,7 +277,11 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "metadata": {},
+   "metadata": {
+    "pycharm": {
+     "name": "#%%\n"
+    }
+   },
    "outputs": [],
    "source": [
     "gcloud auth application-default login"
@@ -363,9 +372,9 @@
     "\n",
     "By default, this will create a private zonal cluster consisting of two node-pools.\n",
     "\n",
-    "⚠️ Any changes to create a regional cluster, an additional free of 0.10 USD/hour will be billed with minute increments. However, only the **first** zonal cluster is free of this cost.\n",
+    "⚠️ Any changes to create a regional cluster, an additional free of \\\\$ 0.10 /hour will be billed with minute increments. However, only the **first** zonal cluster is free of this cost.\n",
     "\n",
-    "⚠️ The cluster will not make use of Spot/preemtible node, as such no discounts will be given for the deployment. You can experiment by setting `spot` to true in the `tf` files. Note however, that the default implementations provided in the test-bed do not allow for recovering from getting rescheduled.\n"
+    "⚠️ By default spot/preemtible nodes are disabled, as such no discounts will be given for the deployment. You can experiment by setting `spot` to true in the `tf` files. Note, however, that the default implementations provided in the test-bed do not allow for recovering from getting rescheduled.\n"
    ]
   },
   {
@@ -608,4 +617,4 @@
  },
  "nbformat": 4,
  "nbformat_minor": 1
-}
+}