GoogleCloudPlatform · arajmane-g · Nov 12, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 14, 2024
diff --git a/examples/gke-a3-highgpu.yaml b/examples/gke-a3-highgpu.yaml
@@ -26,6 +26,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: primary
   modules:
@@ -67,6 +69,7 @@ deployment_groups:
     use: [network1, gpunets, gke_service_account]
     settings:
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - cidr_block: $(vars.authorized_cidr)  # Allows your machine run kubectl command. It's required for the multi-network setup.
         display_name: "kubectl-access-network"

diff --git a/examples/gke-a3-megagpu.yaml b/examples/gke-a3-megagpu.yaml
@@ -26,6 +26,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: primary
   modules:
@@ -67,6 +69,7 @@ deployment_groups:
     use: [network1, gpunets, gke_service_account]
     settings:
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - cidr_block: $(vars.authorized_cidr)  # Allows your machine run kubectl command. It's required for the multi-network setup.
         display_name: "kubectl-access-network"

diff --git a/examples/gke-storage-parallelstore.yaml b/examples/gke-storage-parallelstore.yaml
@@ -23,6 +23,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: setup
   modules:
@@ -52,6 +54,7 @@ deployment_groups:
       enable_parallelstore_csi: true # enable Parallelstore for the cluster
       configure_workload_identity_sa: true
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - display_name: deployment-machine
         cidr_block: $(vars.authorized_cidr)

diff --git a/examples/hpc-gke.yaml b/examples/hpc-gke.yaml
@@ -20,6 +20,7 @@ vars:
   project_id:  ## Set GCP Project ID Here ##
   deployment_name: cluster-01
   region: us-central1
+  gcp_public_cidrs_access_enabled: false
 
 deployment_groups:
 - group: primary
@@ -52,6 +53,7 @@ deployment_groups:
     use: [network1, gke_service_account]
     settings:
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
     outputs: [instructions]
 
   - id: compute_pool

diff --git a/examples/ml-gke.yaml b/examples/ml-gke.yaml
@@ -26,6 +26,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: primary
   modules:
@@ -57,6 +59,7 @@ deployment_groups:
     use: [network1, gke_service_account]
     settings:
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - display_name: deployment-machine
         cidr_block: $(vars.authorized_cidr)

diff --git a/examples/storage-gke.yaml b/examples/storage-gke.yaml
@@ -24,6 +24,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: primary
   modules:
@@ -58,6 +60,7 @@ deployment_groups:
       enable_gcsfuse_csi: true
       configure_workload_identity_sa: true  # needed when using GCS
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - display_name: deployment-machine
         cidr_block: $(vars.authorized_cidr)

diff --git a/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml b/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml
@@ -26,6 +26,8 @@ vars:
   # The following line must be updated for this example to work.
   authorized_cidr: <your-ip-address>/32
 
+  gcp_public_cidrs_access_enabled: false
+
 deployment_groups:
 - group: primary
   modules:
@@ -57,6 +59,7 @@ deployment_groups:
     use: [network1, gke_service_account]
     settings:
       enable_private_endpoint: false  # Allows for access from authorized public IPs
+      gcp_public_cidrs_access_enabled: $(vars.gcp_public_cidrs_access_enabled)
       master_authorized_networks:
       - display_name: deployment-machine
         cidr_block: $(vars.authorized_cidr)

diff --git a/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml b/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml
@@ -37,6 +37,7 @@ cli_deployment_vars:
   authorized_cidr: "{{ build_ip.stdout }}/32"
   network_name: "{{ network }}"
   local_ssd_count_nvme_block: 16
+  gcp_public_cidrs_access_enabled: true
 custom_vars:
   project: "{{ project }}"
 post_deploy_tests:

diff --git a/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml b/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml
@@ -37,6 +37,7 @@ cli_deployment_vars:
   authorized_cidr: "{{ build_ip.stdout }}/32"
   network_name: "{{ network }}"
   local_ssd_count_nvme_block: 16
+  gcp_public_cidrs_access_enabled: true
 custom_vars:
   project: "{{ project }}"
 post_deploy_tests:

diff --git a/tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml b/tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml
@@ -26,3 +26,4 @@ custom_vars:
   project: "{{ project }}"
 cli_deployment_vars:
   region: "{{ region }}"
+  gcp_public_cidrs_access_enabled: true
diff --git a/tools/cloud-build/daily-tests/tests/gke-storage.yml b/tools/cloud-build/daily-tests/tests/gke-storage.yml
@@ -23,3 +23,4 @@ post_deploy_tests: []
 cli_deployment_vars:
   network_name: "{{ network }}"
   authorized_cidr: "{{ build_ip.stdout }}/32"
+  gcp_public_cidrs_access_enabled: true
diff --git a/tools/cloud-build/daily-tests/tests/gke.yml b/tools/cloud-build/daily-tests/tests/gke.yml
@@ -19,4 +19,6 @@ workspace: /workspace
 blueprint_yaml: "{{ workspace }}/examples/hpc-gke.yaml"
 network: "{{ deployment_name }}-net"
 remote_node: "{{ deployment_name }}-0"
+cli_deployment_vars:
+  gcp_public_cidrs_access_enabled: true
 post_deploy_tests: []
diff --git a/tools/cloud-build/daily-tests/tests/ml-gke-e2e.yml b/tools/cloud-build/daily-tests/tests/ml-gke-e2e.yml
@@ -22,6 +22,7 @@ network: "{{ deployment_name }}-net"
 remote_node: "{{ deployment_name }}-0"
 cli_deployment_vars:
   region: "{{ region }}"
+  gcp_public_cidrs_access_enabled: true
 custom_vars:
   project: "{{ project }}"
 post_deploy_tests:

diff --git a/tools/cloud-build/daily-tests/tests/ml-gke.yml b/tools/cloud-build/daily-tests/tests/ml-gke.yml
@@ -22,6 +22,7 @@ network: "{{ deployment_name }}-net"
 remote_node: "{{ deployment_name }}-0"
 cli_deployment_vars:
   region: "{{ region }}"
+  gcp_public_cidrs_access_enabled: true
 custom_vars:
   project: "{{ project }}"
 post_deploy_tests: