Set up a Google Cloud Project
Creating a Google Cloud Platform (GCP) project for your Kubeflow deployment
Follow these steps to set up your GCP project:
Select or create a project on the GCP Console.
Make sure that you have the owner role for the project in Cloud IAM (Identity and Access Management). The deployment process creates various service accounts with appropriate roles in order to enable seamless integration with GCP services. This process requires that you have the owner role for the project in order to deploy Kubeflow.
Make sure that billing is enabled for your project. Refer to the guide to modifying a project’s billing settings.
Go to the following pages on the GCP Console and ensure that the specified APIs are enabled:
- Compute Engine API
- Kubernetes Engine API
- Identity and Access Management (IAM) API
- Service Management API
- Cloud Resource Manager API
- AI Platform Training & Prediction API
- Cloud Build API (It’s required if you plan to use Fairing in your Kubeflow cluster)
You can also enable these APIs by running the following command in Cloud Shell:
gcloud services enable \
compute.googleapis.com \
container.googleapis.com \
iam.googleapis.com \
servicemanagement.googleapis.com \
cloudresourcemanager.googleapis.com \
ml.googleapis.com
# Cloud Build API is optional, you need it if using Fairing.
# gcloud services enable cloudbuild.googleapis.com
If you are using the GCP Free Tier or the 12-month trial period with $300 credit, note that you can’t run the default GCP installation of Kubeflow, because the free tier does not offer enough resources. You need to upgrade to a paid account.
For more information, see the following issues:
- kubeflow/website #1065 reports the problem.
- kubeflow/kubeflow #3936 requests a Kubeflow configuration to work with a free trial project.
Read the GCP guide to resource quotas to understand the quotas on resource usage that Compute Engine enforces, and to learn how to check your quota and how to request an increase in quota.
Initialize your project to ready it for Anthos Service Mesh installation.
curl --request POST \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--data '' \
https://meshconfig.googleapis.com/v1alpha1/projects/${PROJECT_ID}:initialize
Refer to Anthos Service Mesh documentation for details.
If you encounter a
Workload Identity Pool does not exist
error, refer to the following issue:- kubeflow/website #2121 describes that creating and then removing a temporary Kubernetes cluster may be needed for projects that haven’t had a cluster set up beforehand.
You do not need a running GKE cluster. The deployment process creates a cluster for you.
Next steps
- Set up an OAuth credential to use Cloud Identity-Aware Proxy (Cloud IAP). Cloud IAP is recommended for production deployments or deployments with access to sensitive data.
- Follow the instructions to deploy Kubeflow using kubectl, kustomize and kpt.
Last modified 07.11.2020: Fixing Fairing broken links (#2339) (d79ade7b)