diff --git a/platforms/gke/base/use-cases/federated-learning/README.md b/platforms/gke/base/use-cases/federated-learning/README.md index 5efb9282..14e529fd 100644 --- a/platforms/gke/base/use-cases/federated-learning/README.md +++ b/platforms/gke/base/use-cases/federated-learning/README.md @@ -1,16 +1,21 @@ # Federated learning on Google Cloud +## Configure the Federated learning reference architecture + +You can configure the reference architecture by modifying files in +`platforms/gke/base/use-cases/federated-learning/terraform/_shared_config`. + ## Deploy the Federated learning reference architecture -1. Provision the Federated Learning reference architecture: +1. Provision the Federated learning reference architecture: ```sh "${ACP_PLATFORM_BASE_DIR}/use-cases/federated-learning/deploy.sh" ``` -## Teardown the Federated Learning reference architecture +## Teardown the Federated learning reference architecture -1. Teardown the Federated Learning reference architecture: +1. Teardown the Federated learning reference architecture: ```sh "${ACP_PLATFORM_BASE_DIR}/use-cases/federated-learning/teardown.sh" diff --git a/platforms/gke/base/use-cases/federated-learning/common.sh b/platforms/gke/base/use-cases/federated-learning/common.sh index 3df802d6..bb376c13 100755 --- a/platforms/gke/base/use-cases/federated-learning/common.sh +++ b/platforms/gke/base/use-cases/federated-learning/common.sh @@ -40,6 +40,8 @@ federated_learning_terraservices=( # shellcheck disable=SC2034 # Variable is used in other scripts TERRAFORM_CLUSTER_CONFIGURATION=( + "cluster_binary_authorization_evaluation_mode = \"PROJECT_SINGLETON_POLICY_ENFORCE\"" + "cluster_confidential_nodes_enabled = false" ) apply_or_destroy_terraservice() { diff --git a/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf b/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf index cb04e8ea..80282b51 100644 --- a/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf +++ b/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf @@ -14,7 +14,7 @@ resource "google_artifact_registry_repository" "container_image_repository" { location = var.cluster_region - repository_id = "federated-learning-container-image-repository" + repository_id = "${local.unique_identifier_prefix}-fl-repository" description = "Federated Learning container image repository" format = "DOCKER" project = google_project_service.artifactregistry_googleapis_com.project diff --git a/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf b/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf index d45d2311..e2babcdd 100644 --- a/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf +++ b/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf @@ -37,7 +37,7 @@ data "google_compute_network" "main_vpc_network" { resource "google_dns_managed_zone" "private_google_access" { project = google_project_service.dns_googleapis_com.project - name = "private-google-apis" + name = "${local.unique_identifier_prefix}-private-google-apis" dns_name = "googleapis.com." description = "Private DNS zone for Google APIs" visibility = "private" @@ -51,7 +51,7 @@ resource "google_dns_managed_zone" "private_google_access" { resource "google_dns_managed_zone" "private_google_access_container_registry" { project = google_project_service.dns_googleapis_com.project - name = "private-google-access-container-registry" + name = "${local.unique_identifier_prefix}-private-google-access-container-registry" dns_name = "gcr.io." description = "Private DNS zone for Container Registry" visibility = "private" @@ -65,7 +65,7 @@ resource "google_dns_managed_zone" "private_google_access_container_registry" { resource "google_dns_managed_zone" "private_google_access_artifact_registry" { project = google_project_service.dns_googleapis_com.project - name = "private-google-access-artifact-registry" + name = "${local.unique_identifier_prefix}-private-google-access-artifact-registry" dns_name = "pkg.dev." description = "Private DNS zone for Artifact Registry" visibility = "private"