{"id":46668,"date":"2022-11-05T20:17:08","date_gmt":"2024-02-12T21:56:58","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/"},"modified":"2024-04-28T23:13:11","modified_gmt":"2024-04-28T15:13:11","slug":"46668-2","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/","title":{"rendered":""},"content":{"rendered":"

\u4e00\u3001\u76ee\u7684\u30fb\u80cc\u666f<\/h1>\n

\u30c7\u30fc\u30bf\u30b5\u30a4\u30a8\u30f3\u30c6\u30a3\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u3001\u91cd\u3044\u5b66\u7fd2\u304c\u3067\u304d\u3001\u30e2\u30c7\u30eb\u5171\u6709\u3084\u518d\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u30af\u30e9\u30a6\u30c9\u4e0a\u306e\u5206\u6790\u74b0\u5883\u3092\u7528\u610f\u3057\u307e\u3059\u3002
\n\u30c7\u30fc\u30bf\u57fa\u76e4\u304cGCP\u4e0a\u3067\u69cb\u7bc9\u3055\u308c\u30c7\u30fc\u30bf\u30a6\u30a7\u30a2\u30cf\u30a6\u30b9\u304cBigquery\u306b\u7f6e\u3044\u3066\u3044\u3066\u3001\u793e\u5185\u306e\u4e0d\u7279\u5b9a\u591a\u6570\u4eba\u5229\u7528\uff08\u90e8\u7f72\u5185\u306e\u30c7\u30fc\u30bf\u30b5\u30a4\u30a8\u30f3\u30c6\u30a3\u30b9\u30c8\u53ca\u3073\u30a4\u30f3\u30bf\u30fc\u30f3\u751f\uff09\u3059\u308b\u305f\u3081\u3001\u30b9\u30b1\u30fc\u30e9\u30d6\u30eb\u4e14\u3064\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7684\u306a\u30cb\u30fc\u30ba\u306b\u5fdc\u3058\u3066\u3001GCP\u4e0a\u306eGKE\u30b5\u30fc\u30d3\u30b9\u3092\u9078\u5b9a\u3057\u307e\u3057\u305f\u3002
\nVertexAI\u3092\u5229\u7528\u3057\u306a\u3044\u7406\u7531\u3068\u3057\u3066\u306f\u3001\u2460Rstudio\u5411\u3051\u3066GPU\u304c\u63d0\u4f9b\u3057\u3066\u3044\u306a\u3044\uff1b\u2461\u74b0\u5883\u5185\u90e8\u306e\u7d30\u304b\u304f\u5236\u5fa1\u304c\u3067\u304d\u306a\u3044\uff1b\u2462\u30b3\u30b9\u30d1\u306e\u8003\u616e\u3001<\/p>\n

\u4e8c\u3001\u4e8b\u524d\u77e5\u8b58<\/h1>\n

\uff11\u3001GCP\u306e\u57fa\u790e\u77e5\u8b58\uff08API\u3092\u6709\u52b9\u306b\u3059\u308b\u3001\u6a29\u9650\u4ed8\u4e0e\u3001\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u306a\u3069\uff09
\n\uff12\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u8272\u3005\uff08IP\u3001domain\u3001port\u306a\u3069\uff09
\n\uff13\u3001kubectl\u306e\u77e5\u8b58\uff08Docker\u3001yaml\u30d5\u30a1\u30a4\u30eb\u306a\u3069\uff09<\/p>\n

\u4e09\u3001\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\uff06\u5b9f\u88c5<\/h1>\n
\"\u69cb\u6210\u56f3\uff12.PNG\"<\/div>\n

phase\uff11<\/h2>\n

\uff11\u3001domain\u306b\u3064\u3044\u3066<\/h3>\n

GCP\u306eIAP\u3092\u5229\u7528\u3059\u308b\u3067\u306f\u30c9\u30e1\u30a4\u30f3\u540d\u304c\u5fc5\u8981\u3067\u3059\u306e\u3067\u3001\u4eca\u56de\u306fGCP\u306eCloud Domains\u304b\u3089\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u8cb7\u3044\u307e\u3057\u305f\u3002
\n\u2192https:\/\/cloud.google.com\/blog\/ja\/products\/networking\/introducing-cloud-domains
\nCloudDNS\u306e\u30be\u30fc\u30f3\u3092\u4f5c\u6210\u3057\u3066\u30ec\u30b8\u30b9\u30c8\u30e9\u306b\u30ec\u30b3\u30fc\u30c9\u3092\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n

\uff12\u3001VPC\u4f5c\u6210\uff06\u8a2d\u5b9a<\/h3>\n

\u203bcloudShell\u4e0a\u3067\u5b9f\u884c\uff06\u9069\u5f53\u306a\u6a29\u9650\u3092\u6301\u3061\uff06API\u3092\u6709\u52b9\u306b\u3059\u308b
\n\u5b89\u5168\u6027\u3092\u8003\u616e\u3057\u305f\u4e0a\u3001GKE\u9650\u5b9a\u516c\u958b\u30af\u30e9\u30b9\u30bf\u30fc\u4f5c\u6210\u3057\u3088\u3046\u3068\u6c7a\u307e\u308a\u307e\u3057\u305f\u3002
\n\u5c02\u7528\u306eVPC\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u307e\u305a\u4f5c\u6210\u3057\u307e\u3059\u3002
\n\u2192https:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/private-clusters?hl=ja
\n\u2460vpc\uff06\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u4f5c\u6210
\nVPC<\/p>\n

gcloud compute networks create gke-vpc \\\r\n    --subnet-mode=custom \\\r\n    --bgp-routing-mode=regional \\\r\n    --mtu=1460\r\n<\/code><\/pre>\n
\"net1.PNG\"<\/div>\n
\"net2.PNG\"<\/div>\n
\uff13\u3001\u9759\u7684IP\u30a2\u30c9\u30ec\u30b9\u306e\u4e88\u7d04<\/h3>\n
GKE\u30b5\u30fc\u30d3\u30b9\u7528\u306e\u5916\u90e8\u9759\u7684IP\u30a2\u30c9\u30ec\u30b9\u3092\u4e88\u7d04\u3057\u307e\u3059\u3002
\n\u5916\u90e8\u9759\u7684IP\u30a2\u30c9\u30ec\u30b9\u306e\u4e88\u7d04<\/p>\n
gcloud compute addresses create <demo-static-ip> --global\r\n<\/code><\/pre>\n
\uff14\u3001GKE\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u4f5c\u6210<\/h3>\n
\u2460\u30af\u30e9\u30b9\u30bf\u30fc\u4f5c\u6210
\nGPU\u3082\u4ed8\u3051<\/p>\n
gcloud container clusters create <your-private-cluster-name> \\\r\n    --machine-type=<your-machine-type> \\\r\n    --num-nodes=<\u4f8b\uff1a3> \\\r\n    --disk-size=100 \\\r\n    --region=asia-northeast1 \\\r\n    --scopes=cloud-platform\\\r\n    --accelerator type=<TYPE>,count=<AMOUNT>\\\r\n    --subnetwork=<your-subnet-name>\\\r\n    --enable-master-authorized-networks \\\r\n    --enable-ip-alias \\\r\n    --enable-private-nodes \\\r\n    --enable-private-endpoint \\\r\n    --master-ipv4-cidr <\u4f8b\uff1a172.16.0.32\/28>\r\n<\/code><\/pre>\n
\u2461Workload Identity pool\u4f5c\u6210
\nBigquery\u3084GCS\u306a\u3069\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u3001workload identity\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002
\nhttps:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/workload-identity?hl=ja
\n\u4e0a\u3067\u306f\u30ce\u30fc\u30c9\u30d7\u30fc\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u306e\u3067\u3001\u3053\u3053\u3067\u306fupdate\u3060\u3051<\/p>\n
gcloud container node-pools update <your-pool-name> --cluster=<your-private-cluster-name> --zone=asia-northeast1-c --workload-metadata=GKE_METADATA\r\n<\/code><\/pre>\n
\u2462CloudRouter&CloudNAT\u306e\u4f5c\u6210
\n\u307b\u307c\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u306a\u306e\u3067\u3001\u5272\u611b\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3059\u3002<\/p>\n
\uff15\u3001\u8e0f\u307f\u53f0VM\u306e\u4f5c\u6210\uff06IAP\u306e\u8a2d\u5b9a\uff06\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u306e\u8ffd\u52a0<\/h3>\n
\"fireWALL.PNG\"<\/div>\n
gcloud container clusters update <your-private-cluster-name>\\\r\n --enable-master-authorized-networks\\\r\n --master-authorized-networks <vm\u5185\u90e8ip>\/32\\\r\n --zone asia-northeast1-c\r\n<\/code><\/pre>\n
\uff16\u3001Workload Identity\u4e0a\u306e\u6a29\u9650\u8a2d\u5b9a<\/h3>\n
\u2460\u8e0f\u307f\u53f0\u30b5\u30fc\u30d0\u304b\u3089GKE\u30af\u30e9\u30b9\u30bf\u30fc\u306b\u63a5\u7d9a\u3001kubectl\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c<\/p>\n
gcloud container clusters get-credentials <your-private-cluster-name> --zone=asia-northeast1-c\r\n<\/code><\/pre>\n
\u2461namespace\u4f5c\u6210<\/p>\n
kubectl create namespace <your-namespace>\r\n<\/code><\/pre>\n
\u2462Kubernetes Service Account\u4f5c\u6210<\/p>\n
kubectl create serviceaccount <your-KubernetesServiceAccount> --namespace <your-namespace>\r\n<\/code><\/pre>\n
\u2463google Service Account\u306e\u4f5c\u6210<\/p>\n
gcloud iam service-accounts create <your-GoogleServiceAccount-name> --project=<your-project-id>\r\n<\/code><\/pre>\n
\u2464google Service Account\u306e\u6a29\u9650<\/p>\n
gcloud projects add-iam-policy-binding dev-analysis-mountain\\\r\n --member \"serviceAccount:<your-GoogleServiceAccount>\" --role \"editor\"\r\n<\/code><\/pre>\n
\u2465GSA\u3068KSA\u306e\u6a29\u9650\uff08in cloud shell\uff09<\/p>\n
gcloud iam service-accounts add-iam-policy-binding <your-GoogleServiceAccount-name>\\\r\n --role roles\/iam.workloadIdentityUser\\\r\n --member \"serviceAccount:<your-project-id>.svc.id.goog[<your-namespace>\/<your-KubernetesServiceAccount>]\"\r\n<\/code><\/pre>\n
\u2466GSA\u3068KSA\u306e\u6a29\u9650\uff08in VM\uff09<\/p>\n
kubectl annotate serviceaccount <your-KubernetesServiceAccount>\\\r\n --namespace <your-namespace> iam.gke.io\/gcp-service-account=<your-GoogleServiceAccount-name>\r\n<\/code><\/pre>\n
\uff17\u3001docker\u30d5\u30a1\u30a4\u30eb<\/h3>\n
\u2460Rstudio<\/h4>\n
Dockerfile\uff08from RockerProject: https:\/\/rocker-project.org\/images\/versioned\/rstudio.html\uff09<\/p>\n
FROM rocker\/r-ver:4.2.2\r\n\r\nLABEL org.opencontainers.image.licenses=\"GPL-2.0-or-later\" \\\r\n      org.opencontainers.image.source=\"https:\/\/github.com\/rocker-org\/rocker-versioned2\" \\\r\n      org.opencontainers.image.vendor=\"Rocker Project\" \\\r\n      org.opencontainers.image.authors=\"Carl Boettiger <cboettig@ropensci.org>\"\r\n\r\nENV S6_VERSION=v2.1.0.2\r\nENV RSTUDIO_VERSION=2022.12.0+353\r\nENV DEFAULT_USER=rstudio\r\nENV PANDOC_VERSION=default\r\nENV QUARTO_VERSION=default\r\n\r\nRUN \/rocker_scripts\/install_rstudio.sh\r\nRUN \/rocker_scripts\/install_pandoc.sh\r\nRUN \/rocker_scripts\/install_quarto.sh\r\n\r\nRUN apt-get update -y && apt-get install -y vim\r\nRUN apt-get install -y nginx\r\nCOPY .\/nginx.conf \/etc\/nginx\/\r\nCOPY .\/init.sh \/etc\/\r\nRUN \/etc\/init.d\/nginx restart\r\n\r\n# gcsfuse mount\r\nRUN apt-get update -y && apt-get install -y gnupg2\r\n# RUN echo \"deb http:\/\/packages.cloud.google.com\/apt gcsfuse-jessie main\" | tee \/etc\/apt\/sources.list.d\/gcsfuse.list\r\n# RUN wget https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg\r\n# RUN sudo apt-key add apt-key.gpg\r\n# RUN apt-get update -y && apt-get install -y gcsfuse\r\n\r\n# packages install\r\n# your packages\r\n\r\nEXPOSE 8787\r\nCMD [\"bin\/bash\",\"\/etc\/init.sh\"]\r\n<\/code><\/pre>\n
nginx.conf\uff08root-path\u3092domain.com\/rstudio\/\u306e\u4e0b\u306b\uff09<\/p>\n
events {\r\n        worker_connections 768;\r\n}\r\n\r\nhttp {\r\n\r\n  map $http_upgrade $connection_upgrade {\r\n    default upgrade;\r\n    ''      close;\r\n  }\r\n\r\n        server {\r\n                listen <port>;\r\n\r\n                location \/rstudio\/ {\r\n                rewrite ^\/rstudio\/(.*)$ \/$1 break;\r\n                proxy_pass http:\/\/localhost:8787;\r\n                proxy_http_version 1.1;\r\n                proxy_set_header Upgrade $http_upgrade;\r\n                proxy_set_header Connection $connection_upgrade;\r\n                proxy_read_timeout 20d;\r\n\r\n                # Use preferably\r\n                proxy_set_header X-RStudio-Request https:\/\/$host\/$request_uri;\r\n                proxy_set_header X-RStudio-Root-Path \/rstudio;\r\n\r\n        }\r\n        #GCP\u306ehealth check\u3092\u901a\u308b\u305f\u3081\r\n        location ~ \/health {\r\n                return 200;\r\n        }\r\n    }\r\n}\r\n<\/code><\/pre>\n
init.sh<\/p>\n
\/etc\/init.d\/nginx restart\r\n\/init\r\n<\/code><\/pre>\n
\u2461jupyterlab<\/h4>\n
Dockerfile<\/p>\n
#GPU\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u4e0b\u8a18\u306egoogle-docker-image\u3092\u4f7f\u7528\r\nFROM gcr.io\/deeplearning-platform-release\/pytorch-gpu\r\n\r\n# workdir set\r\nENV APP_HOME \/app\r\nWORKDIR $APP_HOME\r\nCOPY . .\/\r\n\r\n# gcsfuse mount\r\nRUN apt-get update -y && apt-get install -y gnupg2\r\nRUN echo \"deb http:\/\/packages.cloud.google.com\/apt gcsfuse-jessie main\" | tee \/etc\/apt\/sources.list.d\/gcsfuse.list\r\nRUN wget https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg\r\nRUN sudo apt-key add apt-key.gpg\r\nRUN apt-get update -y && apt-get install -y gcsfuse\r\nRUN chmod 555 \/app\/gcsmount.sh\r\n\r\n# JupyterLab\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\r\nRUN apt-get install -y vim\r\nRUN python -m pip install --upgrade pip \r\nRUN pip install jupyterlab \r\n\r\n# jupyterlab\u8d77\u52d5\uff06baseurl\u8a2d\u5b9a\uff06token\u8a2d\u5b9a\r\nCMD jupyter-lab --allow-root --ip=0.0.0.0 --port=<your-port> --no-browser --LabApp.base_url=\/jupyter --LabApp.token=<your-token>\r\n<\/code><\/pre>\n
\u2462gcsmount.sh\u306e\u5185\u5bb9<\/h4>\n
GCS\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\u3084\u6a29\u9650\u8a2d\u5b9a\u3092\u5272\u611b\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3059\u3002<\/p>\n
mkdir .\/<your-folder>\r\ngcsfuse -file-mode=777 -dir-mode=777 <your-bucket> .\/<your-folder>\r\n<\/code><\/pre>\n
\u2463Dockerfile\u306e\u30b5\u30df\u30c3\u30c8<\/h4>\n
docker-image\u7528\u306e\u30ec\u30b8\u30b9\u30c8\u30eaArtifact Registry\u3092\u4f5c\u6210<\/p>\n
gcloud artifacts repositories create <your-repo>\\\r\n --project=<your-project-id>\\\r\n --repository-format=docker\\\r\n --location=asia-northeast1\\\r\n --description=\"Docker repository\"\r\n<\/code><\/pre>\n
CloudBuild\u3067submit<\/p>\n
gcloud builds submit --tag asia-northeast1-docker.pkg.dev\/<your-project-id>\/<your-repo>\/<docker-image-name> .\r\n<\/code><\/pre>\n
\uff18\u3001yaml\u30d5\u30a1\u30a4\u30eb<\/h3>\n
\u8e0f\u307f\u53f0\u30b5\u30fc\u30d0\u304b\u3089\u4e0b\u8a18\u306eyaml\u30d5\u30a1\u30a4\u30eb\u3092\u30c7\u30d7\u30ed\u30a4<\/p>\n
\u2460deployment.yaml<\/h4>\n
Rstudio
\nparameter\u306f\u3053\u3061\u3089\u306e\u30b5\u30a4\u30c9\u3092\u53c2\u8003\uff1ahttps:\/\/rocker-project.org\/images\/versioned\/rstudio.html<\/p>\n
apiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n  name: rstudio-deployment\r\n  namespace: <your-namespace>\r\nspec:\r\n  replicas: 1\r\n  selector:\r\n    matchLabels:\r\n      app: rstudio\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: rstudio\r\n    spec:\r\n      serviceAccountName: <your-KubernetesServiceAccount>\r\n      nodeSelector:\r\n        iam.gke.io\/gke-metadata-server-enabled: \"true\"\r\n        cloud.google.com\/gke-nodepool: <your-pool-name>\r\n        cloud.google.com\/gke-accelerator: nvidia-tesla-t4\r\n      containers:\r\n      - name: rstudio-app\r\n        image: <your-docker-image>\r\n        ports:\r\n        - containerPort: <port\u756a\u53f7>\r\n        env:\r\n          - name: PORT\r\n            value: <port\u756a\u53f7>\r\n        securityContext:\r\n            privileged: true\r\n<\/code><\/pre>\n
jupyterlab<\/p>\n
apiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n  name: jupyter-deployment\r\n  namespace: <your-namespace>\r\nspec:\r\n  replicas: 1\r\n  selector:\r\n    matchLabels:\r\n      app: jupyter\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: jupyter\r\n    spec:\r\n      serviceAccountName: <your-KubernetesServiceAccount>\r\n      nodeSelector:\r\n        iam.gke.io\/gke-metadata-server-enabled: \"true\"\r\n        cloud.google.com\/gke-nodepool: <your-pool-name>\r\n        cloud.google.com\/gke-accelerator: nvidia-tesla-t4\r\n      containers:\r\n      - name: jupyter-app\r\n        image: <your-docker-image>\r\n        ports:\r\n        - containerPort: <port\u756a\u53f7>\r\n        securityContext:\r\n            privileged: true\r\n<\/code><\/pre>\n
\u2461ManagedCertificate.yaml<\/h4>\n
apiVersion: networking.gke.io\/v1 \r\nkind: ManagedCertificate\r\nmetadata:\r\n  name: <your-Certificate>\r\n  namespace: <your-namespace>\r\nspec:\r\n  domains:\r\n    - <your-domain>\r\n<\/code><\/pre>\n
\u2462Oathu\uff06IAP\u306e\u8a2d\u5b9a<\/h4>\n
\u4e0b\u8a18\u306e\u30b5\u30a4\u30c9\u3092\u53c2\u8003\u3057\u306a\u304c\u3089\u8a2d\u5b9a\u3057\u307e\u3059\u3002
\nhttps:\/\/cloud.google.com\/iap\/docs\/enabling-kubernetes-howto?hl=ja<\/p>\n
kubectl create secret generic <your-secret>\\\r\n --from-literal=client_id=client_id_key \\\r\n --from-literal=client_secret=client_secret_key\r\n<\/code><\/pre>\n
\u2463BackendConfig.yaml<\/h4>\n
Rstudio<\/p>\n
apiVersion: cloud.google.com\/v1\r\nkind: BackendConfig\r\nmetadata:\r\n  name: config-rstudio\r\n  namespace: <your-namespace>\r\nspec:\r\n  iap:\r\n    enabled: true\r\n    oauthclientCredentials:\r\n      secretName: <your-secret>\r\n  healthCheck:\r\n    checkIntervalSec: 15\r\n    timeoutSec: 15\r\n    healthyThreshold: 1\r\n    unhealthyThreshold: 2\r\n    type: HTTP\r\n    requestPath: \/health\r\n    port: <your-rstudio-port\u756a\u53f7>\r\n<\/code><\/pre>\n
jupyter<\/p>\n
apiVersion: cloud.google.com\/v1\r\nkind: BackendConfig\r\nmetadata:\r\n  name: config-jupyter\r\n  namespace: <your-namespace>\r\nspec:\r\n  iap:\r\n    enabled: true\r\n    oauthclientCredentials:\r\n      secretName: <your-secret>\r\n  healthCheck:\r\n    checkIntervalSec: 15\r\n    timeoutSec: 15\r\n    healthyThreshold: 1\r\n    unhealthyThreshold: 2\r\n    type: HTTP\r\n    requestPath: \/jupyter\/login?next=%2Flab%3F \r\n    port: <your-jupyter-port\u756a\u53f7>\r\n<\/code><\/pre>\n
\u2464service.yaml<\/h4>\n
Rstudio<\/p>\n
apiVersion: \"v1\"\r\nkind: \"Service\"\r\nmetadata:\r\n  name: \"rstudio-service\"\r\n  namespace: <your-namespace>\r\n  annotations:\r\n    beta.cloud.google.com\/backend-config: '{\"default\": \"config-rstudio\"}'\r\nspec:\r\n  ports:\r\n  - port: <your-rstudio-port\u756a\u53f7>\r\n    protocol: TCP\r\n    targetPort: <your-rstudio-port\u756a\u53f7>\r\n  selector:\r\n    app: rstudio\r\n  type: ClusterIP\r\n<\/code><\/pre>\n
jupyter<\/p>\n
apiVersion: \"v1\"\r\nkind: \"Service\"\r\nmetadata:\r\n  name: \"jupyter-service\"\r\n  namespace: <your-namespace>\r\n  annotations:\r\n    beta.cloud.google.com\/backend-config: '{\"default\": \"config-jupyter\"}'\r\nspec:\r\n  ports:\r\n  - port: <your-jupyter-port\u756a\u53f7>\r\n    protocol: TCP\r\n    targetPort: <your-jupyter-port\u756a\u53f7>\r\n  selector:\r\n    app: jupyter\r\n  type: ClusterIP\r\n<\/code><\/pre>\n
\u203btype\u306fClusterIP\u3067\u3082NodePortIP\u3067\u3082\u5927\u4e08\u592b\u3067\u3059\u3002<\/p>\n
\u2465ingress.yaml<\/h4>\n
apiVersion: networking.k8s.io\/v1\r\nkind: Ingress\r\nmetadata:\r\n  name: <your-ingress>\r\n  namespace: <your-namespace>\r\n  annotations:\r\n    ingressclass.kubernetes.io\/is-default-class: \"true\"\r\n    kubernetes.io\/ingress.global-static-ip-name: \"<your-static-ip>\"\r\n    networking.gke.io\/managed-certificates: \"<your-Certificate>\"\r\n    kubernetes.io\/ingress.allow-http: \"false\"\r\nspec:\r\n  defaultBackend:\r\n    service:\r\n      name: rstudio-service\r\n      port:\r\n        number: <your-rstudio-port\u756a\u53f7>\r\n  rules:\r\n  - http:\r\n      paths:\r\n      - path: \/jupyter\r\n        pathType: Prefix\r\n        backend:\r\n          service:\r\n            name: jupyter-service\r\n            port:\r\n              number: <your-jupyter-port\u756a\u53f7>\r\n<\/code><\/pre>\n
phase\uff12<\/h2>\n
\u5143\u3005\u306fCloudRun\u3092\u5229\u7528\u4e88\u5b9a\u3067\u3059\u304c\u3001\u73fe\u5728\u306fGAE\u4e0a\u306b\u30c7\u30d7\u30ed\u30a4\u3057\u3066\u3044\u307e\u3059\u3002
\n\u3053\u3061\u3089\u306e\u90e8\u5206\u304c\u81ea\u5206\u306e\u62c5\u5f53\u3067\u306f\u306a\u3044\u3067\u3001\u540c\u3058GKE\u306b\u30c7\u30d7\u30ed\u30a4\u3057\u305f\u65b9\u304c\u826f\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u306e\u3067\u3001
\n\u4e00\u65e6\u30b9\u30ad\u30c3\u30d7\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3059\u3002
\n\u307e\u305f\u66f4\u65b0\u3057\u307e\u3059\u3002<\/p>\n
\u56db\u3001\u6700\u5f8c<\/h1>\n
\u30a4\u30f3\u30d5\u30e9\u306e\u65b9\u3067\u306f\u3001terraform\u3092\u4f7f\u3063\u3066\u30a4\u30f3\u30d5\u30e9\u3092\u69cb\u7bc9\u3057\u305f\u65b9\u304c\u826f\u3044\u3068\u5b9f\u611f\u3067\u304d\u307e\u3057\u305f\u3002
\nRstudio\u306e\u65b9\u306b\u3064\u3044\u3066\u306f\u3001healthcheck\u306a\u3069\u8272\u3005\u306a\u554f\u984c\u304c\u51fa\u3066\u304d\u307e\u3057\u305f\u3002
\n\u30e6\u30fc\u30b6\u8981\u671b\u306b\u3088\u308a\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3059\u308b\u4e88\u5b9a\u3067\u3059\u306e\u3067\u3001\u3053\u3061\u3089\u306e\u6587\u7ae0\u3092\u4f55\u56de\u3082\u66f4\u65b0\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u76ee\u7684\u30fb\u80cc\u666f \u30c7\u30fc\u30bf\u30b5\u30a4\u30a8\u30f3\u30c6\u30a3\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u3001\u91cd\u3044\u5b66\u7fd2\u304c\u3067\u304d\u3001\u30e2\u30c7\u30eb\u5171\u6709\u3084\u518d\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u30af\u30e9\u30a6\u30c9\u4e0a\u306e\u5206\u6790\u74b0 […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-46668","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n- Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:description\" content=\"\u4e00\u3001\u76ee\u7684\u30fb\u80cc\u666f \u30c7\u30fc\u30bf\u30b5\u30a4\u30a8\u30f3\u30c6\u30a3\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u3001\u91cd\u3044\u5b66\u7fd2\u304c\u3067\u304d\u3001\u30e2\u30c7\u30eb\u5171\u6709\u3084\u518d\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u30af\u30e9\u30a6\u30c9\u4e0a\u306e\u5206\u6790\u74b0 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-12T21:56:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-28T15:13:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d65ec37434c4406d087cf\/5-0.png\" \/>\n<meta name=\"author\" content=\"\u6587, \u7fd4\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6587, \u7fd4\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/\",\"name\":\"- Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2024-02-12T21:56:58+00:00\",\"dateModified\":\"2024-04-28T15:13:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\",\"name\":\"\u6587, \u7fd4\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"caption\":\"\u6587, \u7fd4\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"- Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/","og_locale":"zh_CN","og_type":"article","og_description":"\u4e00\u3001\u76ee\u7684\u30fb\u80cc\u666f \u30c7\u30fc\u30bf\u30b5\u30a4\u30a8\u30f3\u30c6\u30a3\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u3001\u91cd\u3044\u5b66\u7fd2\u304c\u3067\u304d\u3001\u30e2\u30c7\u30eb\u5171\u6709\u3084\u518d\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u30af\u30e9\u30a6\u30c9\u4e0a\u306e\u5206\u6790\u74b0 […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2024-02-12T21:56:58+00:00","article_modified_time":"2024-04-28T15:13:11+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d65ec37434c4406d087cf\/5-0.png"}],"author":"\u6587, \u7fd4","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6587, \u7fd4","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"6 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/","name":"- Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2024-02-12T21:56:58+00:00","dateModified":"2024-04-28T15:13:11+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c","name":"\u6587, \u7fd4","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","caption":"\u6587, \u7fd4"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/46668-2\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/46668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=46668"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/46668\/revisions"}],"predecessor-version":[{"id":64179,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/46668\/revisions\/64179"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=46668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=46668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=46668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}