diff --git a/community/examples/hpc-slurm-gromacs.yaml b/community/examples/hpc-slurm-gromacs.yaml index 5627929414..f93f378865 100644 --- a/community/examples/hpc-slurm-gromacs.yaml +++ b/community/examples/hpc-slurm-gromacs.yaml @@ -31,6 +31,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/community/examples/hpc-slurm-local-ssd.yaml b/community/examples/hpc-slurm-local-ssd.yaml index aeaac6a515..38230665c3 100644 --- a/community/examples/hpc-slurm-local-ssd.yaml +++ b/community/examples/hpc-slurm-local-ssd.yaml @@ -31,6 +31,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/community/examples/hpc-slurm-ubuntu2004.yaml b/community/examples/hpc-slurm-ubuntu2004.yaml index 271afd9a82..a7db6a22ec 100644 --- a/community/examples/hpc-slurm-ubuntu2004.yaml +++ b/community/examples/hpc-slurm-ubuntu2004.yaml @@ -36,6 +36,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/community/examples/htc-slurm.yaml b/community/examples/htc-slurm.yaml index bea2b0e51c..4c100a7f97 100644 --- a/community/examples/htc-slurm.yaml +++ b/community/examples/htc-slurm.yaml @@ -45,6 +45,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/community/modules/network/private-service-access/README.md b/community/modules/network/private-service-access/README.md index 82cb34a429..ebed4fee61 100644 --- a/community/modules/network/private-service-access/README.md +++ b/community/modules/network/private-service-access/README.md @@ -23,6 +23,11 @@ It will automatically perform the following steps, as described in the - source: modules/network/vpc id: network + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - source: community/modules/network/private-service-access id: ps_connect use: [network] diff --git a/examples/gke-managed-parallelstore.yaml b/examples/gke-managed-parallelstore.yaml index 6f292e0bb6..6055993f71 100644 --- a/examples/gke-managed-parallelstore.yaml +++ b/examples/gke-managed-parallelstore.yaml @@ -38,6 +38,11 @@ deployment_groups: - range_name: services ip_cidr_range: 10.0.32.0/20 + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access # required for parallelstore source: community/modules/network/private-service-access use: [network] diff --git a/examples/hcls-blueprint.yaml b/examples/hcls-blueprint.yaml index a6c128d9b5..b9ea9f6fc6 100644 --- a/examples/hcls-blueprint.yaml +++ b/examples/hcls-blueprint.yaml @@ -53,6 +53,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/examples/hpc-enterprise-slurm.yaml b/examples/hpc-enterprise-slurm.yaml index 86ba80aa83..bc02155771 100644 --- a/examples/hpc-enterprise-slurm.yaml +++ b/examples/hpc-enterprise-slurm.yaml @@ -51,6 +51,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/examples/hpc-slurm.yaml b/examples/hpc-slurm.yaml index 8435a766c1..95de56e301 100644 --- a/examples/hpc-slurm.yaml +++ b/examples/hpc-slurm.yaml @@ -33,6 +33,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/examples/machine-learning/a3-megagpu-8g/slurm-a3mega-base.yaml b/examples/machine-learning/a3-megagpu-8g/slurm-a3mega-base.yaml index 8b29e8f523..35b8ee3095 100644 --- a/examples/machine-learning/a3-megagpu-8g/slurm-a3mega-base.yaml +++ b/examples/machine-learning/a3-megagpu-8g/slurm-a3mega-base.yaml @@ -40,6 +40,11 @@ deployment_groups: outputs: - network_name - subnetwork_name + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: diff --git a/examples/ml-slurm.yaml b/examples/ml-slurm.yaml index 6064a13113..6f08118a49 100644 --- a/examples/ml-slurm.yaml +++ b/examples/ml-slurm.yaml @@ -46,6 +46,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/examples/pfs-parallelstore.yaml b/examples/pfs-parallelstore.yaml index 1858556212..16c50c78e0 100644 --- a/examples/pfs-parallelstore.yaml +++ b/examples/pfs-parallelstore.yaml @@ -31,6 +31,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/examples/ps-slurm.yaml b/examples/ps-slurm.yaml index f139aa7b3c..639763dfb9 100644 --- a/examples/ps-slurm.yaml +++ b/examples/ps-slurm.yaml @@ -39,6 +39,11 @@ deployment_groups: - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/modules/file-system/gke-storage/README.md b/modules/file-system/gke-storage/README.md index 9d7a2fb428..b6074991f1 100644 --- a/modules/file-system/gke-storage/README.md +++ b/modules/file-system/gke-storage/README.md @@ -15,6 +15,11 @@ then use them in a `gke-job-template` to dynamically provision the resource. settings: enable_parallelstore_csi: true + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/modules/file-system/parallelstore/README.md b/modules/file-system/parallelstore/README.md index 9b0595c965..e344f98fa2 100644 --- a/modules/file-system/parallelstore/README.md +++ b/modules/file-system/parallelstore/README.md @@ -40,6 +40,11 @@ for this newly created network. - id: network source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: private_service_access source: community/modules/network/private-service-access use: [network] diff --git a/tools/validate_configs/test_configs/hpc-cluster-simple-nfs-sql.yaml b/tools/validate_configs/test_configs/hpc-cluster-simple-nfs-sql.yaml index 4e8a076682..8312918003 100644 --- a/tools/validate_configs/test_configs/hpc-cluster-simple-nfs-sql.yaml +++ b/tools/validate_configs/test_configs/hpc-cluster-simple-nfs-sql.yaml @@ -28,6 +28,11 @@ deployment_groups: - id: network1 source: modules/network/vpc + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - id: ps_connect source: community/modules/network/private-service-access use: [network1] diff --git a/tools/validate_configs/test_configs/two-clusters-sql.yaml b/tools/validate_configs/test_configs/two-clusters-sql.yaml index ab6f71c302..a521d570b9 100644 --- a/tools/validate_configs/test_configs/two-clusters-sql.yaml +++ b/tools/validate_configs/test_configs/two-clusters-sql.yaml @@ -50,6 +50,11 @@ deployment_groups: - source: modules/network/vpc id: hpc_network + # Private Service Access (PSA) requires the compute.networkAdmin role which is included in the Owner role, but not Editor + # PSA is a best practice for Filestore instances, but can be optionally + # removed by deleting the following 3 lines and any references to the module + # by Filestore modules. PSA is required for all Parallelstore functionality. + # https://cloud.google.com/vpc/docs/configure-private-services-access#permissions - source: community/modules/network/private-service-access id: ps_connect use: [hpc_network]