Setup Guide

This document provides a comprehensive guide for deploying Tokkio Workflow on Google Cloud Platform (GCP). While multiple approaches exist for implementing Tokkio Workflow in the GCP environment, this guide focuses on a specific deployment method utilizing Tokkio’s opinionated deployment scripts. These scripts automate the process of setting up Tokkio Workflow along with its required infrastructure components.

Prerequisites

GCP Prerequisites

1. GCP Console access with admin privileges

2. Service Account setup with Owner role and respective Key file

3. Cloud Storage bucket for deployment state

4. Public DNS zone

Hardware

Controller Instance

• Ubuntu 22.04 Operating system

• Generate an SSH key pair

• Ensure passwordless sudo access

Note

Instructions to set up some of these prerequisites, such as setting up an SSH key pair and passwordless sudo access, can be found at Common Setup Procedures.

Access

• Access to all the artifacts used during the bringing up of Tokkio Pipeline Application. For example, Tokkio Application Helm chart on NGC. For instructions on how to generate a personal API key, refer to Generating a Personal API Key.

Infrastructure Layout

Tokkio Workflow setup on GCP requires several cloud resources to be created, such as VPC, instance groups, firewall rules, service accounts, Cloud DNS, cloud load balancing, etc. The picture below shows the overall layout of components brought up on GCP.

Note

Many of the resources in this setup may not fall in the Free tier; you can check GCP billing reference pages for understanding cost implications.

Installation Steps

Note

Before proceeding with the installation steps, ensure you have reviewed the Deployment section to understand the deployment workflow and building blocks, including the Controller Instance, Config File, Environment Variables File, and Application Instance.

1. Clone the NVIDIA/ACE.git repository and navigate to the GCP deployment scripts directory.

git clone --single-branch --branch 5.0.0-beta https://github.com/NVIDIA/ACE.git
cd ACE/workflows/tokkio/5.0.0-beta/scripts/one-click/gcp

2. Prepare a config file, either by copying the base config-template.yml or by copying one of the example config files available under the config-template-examples folder.

#list of example templates
config-template-examples/
└── tokkio-3streams
    ├── config-template.yml
    └── my-config.env

Copy a config template of your choice as the base config template for this installation.

cp config-template-examples/tokkio-3streams/config-template.yml ./my-config.yml

3. Modify the my-config.yml with your specific settings. For more details about each parameter, refer to Advanced Configuration

vi my-config.yml

4. Set up environment variables.

• Similar to the config-template file, you can copy an example env file from the config-template-examples folder.

• Modify the environment variables file with your specific settings. For more details about each environment variable, refer to Environment Variables And Prerequisites Setup

cp config-template-examples/tokkio-3streams/my-config.env my-env-file.env
vi my-env-file.env

5. Source the environment variables file

source my-env-file.env

6. Run the installation command

./envbuild.sh install --tf-binary terraform --component all --config-file ./my-config.yml

7. Capture installation results at the end of logs. Output will look like the sample below.

access_urls:
  ace_configurator_endpoint: "https://<ace_configurator_sub_domain>.<base_domain>"
  api_endpoint: "https://<api_sub_domain>.<base_domain>"
  grafana_endpoint: "https://<grafana_sub_domain>.<base_domain>"
  ui_endpoint: "https://<ui_sub_domain>.<base_domain>"
ssh_command:
app:
  bastion: ssh -i /home/my-user/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null <username>@<bastion-instance-ip-address>
  master: ssh -i /home/my-user/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -i /home/my-user/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p <username>@<bastion-instance-ip-address>" <username>@<app-instance-ip-address>
turn:
  master: ssh -i /home/my-user/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null <username>@<turn-instance-ip-address>

8. Verify installation

• Login to the application instance using the SSH command from the installation results ssh_command.app.master.

• Check pod status: kubectl get pods \-n \<application-namespace\>

• Wait for all pods to reach Ready status (may take up to 60 minutes)

• Once all the pods are healthy, you can access the UI using the URL from the installation output access_urls.ui_endpoint.

• For the first time, the browser should prompt for permissions such as Mic, Speaker, or Camera necessary for the UI to operate. Upon accepting the permissions, the UI should load.

Uninstallation Steps

Uninstalling Just the Application

• Source the correct environment variables file

source my-env-file.env

• Run the commands below to uninstall just the application components.

./envbuild.sh uninstall --tf-binary terraform --component app --config-file ./my-config.yml

Uninstalling the Whole Setup

• Source the correct environment variables file

source my-env-file.env

• Run the below uninstall command.

./envbuild.sh uninstall --tf-binary terraform --component all --config-file ./my-config.yml

Caution

This step uninstalls the entire Kubernetes cluster and GCP infrastructure resources that were brought up during the install step. So use this with caution.

Caution

If you modify your <my-env-file.env> file or start a new shell, you will have to run source <my-env-file.env> again before running ./envbuild.sh command.

Additional Considerations

Cost

Many resources in this setup may exceed GCP Free Tier limits. Review the GCP Free Program terms for better understanding. And, use the GCP Pricing Calculator to estimate costs beyond Free Tier limits. Monitor usage through the Cloud Billing console and set up budgets and alerts to avoid unexpected charges.

Security

The security of Tokkio in production environments is the responsibility of the end users deploying it. When deploying in a production environment, have the security experts review any potential risks and threats; define the trust boundaries, secure the communication channels, integrate AuthN & AuthZ with appropriate access controls, keep the deployment including the containers up to date, and ensure the containers are secure and free of vulnerabilities.

Essential Skills and Background

Familiarity With Google Cloud Platform (GCP)

Users should have a basic understanding of Google Cloud Platform, including its core services and billing model. Below are some of the key areas that users should be familiar with.

• Resource Management: Understanding GCP’s resource hierarchy, including organizations, folders, and projects, is crucial for effective cost management and access control.

• Identity and Access Management (IAM): Familiarity with IAM roles and permissions is essential for securing resources and managing user access.

• Core Services: Knowledge of fundamental GCP services such as Compute Engine and Cloud Storage is important.

• Cloud Console: Familiarity with GCP’s management graphical interface is required for resource provisioning and management, especially for setting up one-time prerequisites.

• Networking: Basic knowledge of Virtual Private Cloud (VPC) and related networking concepts is important.

Familiarity With Command-Line-Interface (CLI)

• Basic Commands: Users should be comfortable with basic command-line operations, such as navigating directories, executing scripts, and managing files.

• Environment Configuration: Understanding how the environment variables and the PATH setup work on Linux will greatly help in operating the OneClick script.

• Scripting Basics: Basic scripting knowledge (e.g., shell scripting) is beneficial for understanding how the OneClick script operates and for troubleshooting any issues that may arise.

Familiarity With YAML

• YAML Syntax and Structure: YAML is often used for configuration files in cloud-native applications due to its readability and flexibility. The configuration templates used in deployment scripts use YAML format. Users should be familiar with YAML syntax and structure.

Familiarity With Kubernetes eco system

Tokkio pipeline is a cloud-native application and uses concepts like containerization, Kubernetes, Helm, etc. Users need to be familiar with these to get the best results from using deployment scripts and the app.

• Kubernetes Basics: Users should have a basic understanding of Kubernetes core concepts such as pods, services, and deployments.

• kubectl: Familiarity with kubectl, the command line tool used to interact with Kubernetes clusters, including querying the status or logs of running application pods, etc.

• Helm: Understanding the Helm package manager for Kubernetes, which simplifies application deployment by managing charts (collections of pre-configured Kubernetes resource definitions). How to use Helm with override values will help configure the templates appropriately.