Merge branch 'GoogleCloudPlatform:main' into release-pr

Author: ankitkumar-quad

cluster-toolkit-writers.json

@@ -388,5 +388,11 @@
   },
   {
     "login": "saara-tyagi27"
+  },
+  {
+    "login": "mufaqam-gcl"
+  },
+  {
+    "login": "akiki-liang0"
   }
 ]

cmd/root.go

@@ -53,7 +53,7 @@ HPC deployments on the Google Cloud Platform.`,
 				logging.Fatal("cmd.Help function failed: %s", err)
 			}
 		},
-		Version:     "v1.67.0",
+		Version:     "v1.68.0",
 		Annotations: annotation,
 	}
 )

community/examples/gke-tpu-v6/gke-tpu-v6-deployment.yaml

@@ -55,3 +55,9 @@ vars:
 
   # The name of the compute engine reservation of TPU v6 nodes
   reservation:
+
+  # The disk size of system node pool for this deployment.
+  system_node_pool_disk_size_gb:
+
+  # The disk size of v6e node pool for this deployment.
+  v6e_node_pool_disk_size_gb:

community/examples/gke-tpu-v6/gke-tpu-v6.yaml

@@ -49,13 +49,17 @@ vars:
   # The name of the compute engine reservation of TPU v6 nodes
   reservation:
 
+  system_node_pool_disk_size_gb: 200
+  v6e_node_pool_disk_size_gb: 100
+
 
 deployment_groups:
 - group: primary
   modules:
-  - id: gke-tpu-v6-net
+  - id: gke-tpu-v6-net-0
     source: modules/network/vpc
     settings:
+      network_name: $(vars.deployment_name)-net-0
       subnetworks:
       - subnet_name: $(vars.deployment_name)-sub-0
         subnet_region: $(vars.region)
@@ -69,24 +73,84 @@ deployment_groups:
           ip_cidr_range: 10.0.32.0/20
       firewall_rules:
       - name: $(vars.deployment_name)-internal-0
-        ranges: [192.168.0.0/18]
+        ranges: [192.168.0.0/16]
         allow:
         - protocol: tcp
           ports: ["0-65535"]
         - protocol: udp
           ports: ["0-65535"]
         - protocol: icmp
 
+  - id: gke-tpu-v6-net-1
+    source: modules/network/vpc
+    settings:
+      network_name: $(vars.deployment_name)-net-1
+      subnetworks:
+      - subnet_name: $(vars.deployment_name)-sub-1
+        subnet_region: $(vars.region)
+        subnet_ip: 192.168.64.0/18
+      firewall_rules:
+      - name: $(vars.deployment_name)-internal-1
+        ranges: [192.168.0.0/16]
+        allow:
+        - protocol: tcp
+          ports: ["0-65535"]
+        - protocol: udp
+          ports: ["0-65535"]
+        - protocol: icmp
+
+  - id: node_pool_service_account
+    source: community/modules/project/service-account
+    settings:
+      name: gke-np-sa
+      project_roles:
+      - logging.logWriter
+      - monitoring.metricWriter
+      - monitoring.viewer
+      - stackdriver.resourceMetadata.writer
+      - storage.objectViewer
+      - artifactregistry.reader
+
+  - id: workload_service_account
+    source: community/modules/project/service-account
+    settings:
+      name: gke-wl-sa
+      project_roles:
+      - logging.logWriter
+      - monitoring.metricWriter
+      - monitoring.viewer
+      - stackdriver.resourceMetadata.writer
+      - storage.objectAdmin
+      - artifactregistry.reader
+      - container.admin
+
   - id: gke-tpu-v6-cluster
     source: modules/scheduler/gke-cluster
-    use: [gke-tpu-v6-net]
+    use: [gke-tpu-v6-net-0, workload_service_account]
     settings:
       system_node_pool_machine_type: "n2-standard-8"
+      system_node_pool_disk_size_gb: $(vars.system_node_pool_disk_size_gb)
       system_node_pool_taints: []
       enable_private_endpoint: false # Allows access from authorized public IPs
+      configure_workload_identity_sa: true
       master_authorized_networks:
       - cidr_block: $(vars.authorized_cidr) # Allows your machine to run the kubectl command. Required for multi network setup.
         display_name: "kubectl-access-network"
+      additional_networks:
+        $(concat(
+          [{
+            network=gke-tpu-v6-net-1.network_name,
+            subnetwork=gke-tpu-v6-net-1.subnetwork_name,
+            subnetwork_project=vars.project_id,
+            nic_type="GVNIC",
+            queue_count=null,
+            network_ip=null,
+            stack_type=null,
+            access_config=[{nat_ip=null, public_ptr_domain_name=null, network_tier=null}],
+            ipv6_access_config=[],
+            alias_ip_range=[]
+          }]
+        ))
       # Cluster versions cannot be updated through the toolkit after creation
       # Please manage cluster version from the Google Cloud Console directly
       version_prefix: "1.32."
@@ -100,15 +164,31 @@ deployment_groups:
 
   - id: gke-tpu-v6-pool
     source: modules/compute/gke-node-pool
-    use: [gke-tpu-v6-cluster]
+    use: [gke-tpu-v6-cluster, node_pool_service_account]
     settings:
       num_slices: $(vars.num_slices)
       name: gke-tpu-v6-pool
       disk_type: hyperdisk-balanced
       machine_type: $(vars.machine_type)
       auto_upgrade: true
       zones: [$(vars.zone)]
+      disk_size_gb: $(vars.v6e_node_pool_disk_size_gb)
       static_node_count: $(vars.static_node_count)
+      additional_networks:
+        $(concat(
+          [{
+            network=gke-tpu-v6-net-1.network_name,
+            subnetwork=gke-tpu-v6-net-1.subnetwork_name,
+            subnetwork_project=vars.project_id,
+            nic_type="GVNIC",
+            queue_count=null,
+            network_ip=null,
+            stack_type=null,
+            access_config=[{nat_ip=null, public_ptr_domain_name=null, network_tier=null}],
+            ipv6_access_config=[],
+            alias_ip_range=[]
+          }]
+        ))
       reservation_affinity:
         consume_reservation_type: SPECIFIC_RESERVATION
         specific_reservations:

community/examples/slurm-gke/files/cgroup.conf.tpl

@@ -0,0 +1,10 @@
+# cgroup.conf
+# https://slurm.schedmd.com/cgroup.conf.html
+
+CgroupPlugin=autodetect
+IgnoreSystemd=yes
+# EnableControllers=yes
+ConstrainCores=yes
+ConstrainRamSpace=yes
+ConstrainSwapSpace=no
+ConstrainDevices=yes

community/examples/slurm-gke/files/slurm-namespace.yaml.tftpl

@@ -0,0 +1,18 @@
+# Copyright 2025 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${namespace}

community/examples/slurm-gke/slurm-gke.yaml

@@ -0,0 +1,192 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+blueprint_name: slurm-gke
+
+vars:
+  # The following variables should be over-written in the deployment.yaml file.
+  # Your GCP Project ID
+  project_id: ## Set GCP Project ID Here ##
+
+  # This should be unique across all of your Cluster
+  # Toolkit Deployments.
+  deployment_name: slurmgke
+  # The GCP Region used for this deployment.
+  region:
+
+  # The GCP Zone used for this deployment.
+  zone:
+
+  # Cidr block containing the IP of the machine calling terraform.
+  # To allow all (IAM restrictions still enforced), use 0.0.0.0/0
+  # To allow only your IP address, use <YOUR-IP-ADDRESS>/32
+  authorized_cidr:
+
+  # The number of nodes to be created for the Slurm GKE NodeSet.
+  gke_nodeset_replicas: 2
+
+
+  # The pre-built Slinky Image for GKE Nodeset.
+  # Follow instruction in ./images/containers to build this image.
+  slinky_image: ghcr.io/slinkyproject/slurmd-pyxis:24.11-ubuntu24.04
+
+  # Namespace where Slurm GKE NodeSet will be created
+  slurm_namespace: slurm
+
+deployment_groups:
+- group: primary
+  modules:
+
+###### Common resources ######
+
+  - id: network
+    source: modules/network/vpc
+    settings:
+      subnetwork_name: $(vars.deployment_name)-subnet
+      secondary_ranges_list:
+      - subnetwork_name: $(vars.deployment_name)-subnet
+        ranges:
+        - range_name: pods
+          ip_cidr_range: 10.4.0.0/14
+        - range_name: services
+          ip_cidr_range: 10.0.32.0/20
+
+  - id: private_service_access
+    source: community/modules/network/private-service-access
+    use: [network]
+
+  - id: homefs
+    source: modules/file-system/filestore
+    use: [network, private_service_access]
+    settings:
+      local_mount: /home
+
+###### GKE Setup ######
+
+  - id: gke_service_account
+    source: community/modules/project/service-account
+    settings:
+      name: slinky-gke-sa
+      project_roles:
+      - logging.logWriter
+      - monitoring.metricWriter
+      - monitoring.viewer
+      - stackdriver.resourceMetadata.writer
+      - storage.objectAdmin
+      - artifactregistry.reader
+
+  - id: gke_cluster
+    source: modules/scheduler/gke-cluster
+    use: [network, gke_service_account]
+    settings:
+      enable_private_endpoint: false
+      enable_gcsfuse_csi: true
+      enable_filestore_csi: true
+      master_authorized_networks:
+      - cidr_block: $(vars.authorized_cidr) # Allows your machine to run the kubectl command. Required for multi network setup.
+        display_name: "kubectl-access-network"
+      system_node_pool_enabled: false
+      configure_workload_identity_sa: true
+      enable_dcgm_monitoring: true
+    outputs: [instructions]
+
+  - id: gke_base_pool
+    source: modules/compute/gke-node-pool
+    use: [gke_cluster, gke_service_account]
+    settings:
+      initial_node_count: 1
+      disk_type: pd-balanced
+      machine_type: e2-standard-4
+      zones: [$(vars.zone)]
+
+  - id: gke_compute_pool
+    source: modules/compute/gke-node-pool
+    use: [gke_cluster, gke_service_account]
+    settings:
+      name: gke-compute-pool
+      initial_node_count: $(vars.gke_nodeset_replicas)
+      disk_type: pd-balanced
+      machine_type: c2-standard-16
+      zones: [$(vars.zone)]
+
+  - id: gke_ns_manifest
+    source: modules/management/kubectl-apply
+    use: [gke_cluster]
+    settings:
+      apply_manifests:
+      - source: $(ghpc_stage("./files/slurm-namespace.yaml.tftpl"))
+        template_vars:
+          namespace: $(vars.slurm_namespace)
+
+  - id: slinky
+    source: community/modules/scheduler/slinky
+    use:
+    - gke_cluster
+    - gke_base_pool  # Optionally specify nodepool(s) to avoid operator components running on HPC hardware
+    settings:
+      slurm_operator_namespace: $(vars.slurm_namespace)
+      install_slurm_operator_chart: true
+      install_slurm_chart: false
+
+  - id: gke_compute_nodeset
+    source: community/modules/compute/gke-nodeset
+    use: [gke_compute_pool, slinky, homefs, slurm_controller, network]
+    settings:
+      slurm_cluster_name: $(vars.deployment_name)
+      image: $(vars.slinky_image)
+
+  - id: gke_compute_partition
+    source: community/modules/compute/gke-partition
+    use: [slurm_controller, gke_compute_nodeset]
+
+###### GCE Setup ######
+
+  - id: debug_nodeset
+    source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+    use: [network]
+    settings:
+      node_count_dynamic_max: 4
+      machine_type: n2-standard-2
+      allow_automatic_updates: false
+
+  - id: debug_partition
+    source: community/modules/compute/schedmd-slurm-gcp-v6-partition
+    use:
+    - debug_nodeset
+    settings:
+      partition_name: debug
+      exclusive: false # allows nodes to stay up after jobs are done
+      is_default: true
+      suspend_time: -1 # prevents nodes from suspending while it's idle
+
+  - id: slurm_login
+    source: community/modules/scheduler/schedmd-slurm-gcp-v6-login
+    use: [network]
+    settings:
+      machine_type: n2-standard-4
+      enable_login_public_ips: true
+
+  - id: slurm_controller
+    source: community/modules/scheduler/schedmd-slurm-gcp-v6-controller
+    use:
+    - network
+    - slurm_login
+    - debug_partition
+    - homefs
+    settings:
+      slurm_cluster_name: $(vars.deployment_name)
+      enable_slurm_auth: true
+      cgroup_conf_tpl: $(ghpc_stage("./files/cgroup.conf.tpl"))
+      enable_controller_public_ips: true