Connect a TPU to a Shared VPC network
Configure a VPC host project
You need to grant the TPU Service Account
in your service project
permissions to manage resources in the host project.
You do this using the "TPU Shared VPC Agent" (roles/tpu.xpnAgent
) role. Run
the following gcloud
commands to grant this role binding.
gcloud projects add-iam-policy-binding host-project-id \ --member=serviceAccount:service-your-service-project-number@gcp-sa-tpu.iam.gserviceaccount.com \ --role=roles/tpu.xpnAgent
Create a TPU VM connected to a Shared VPC Network
First determine which accelerator types and versions are available in the zone
gcloud compute tpus accelerator-types list --zone zone
gcloud compute tpus versions list --zone zone
You connect a TPU VM to a Shared VPC network when you create your TPU.
Specify your Shared VPC using the --network
tag:
gcloud compute tpus tpu-vm create tpu-name \ --zone zone \ --accelerator-type accelerator-type \ --network projects/host-project-id/global/networks/host-network \ --version tpu-image-version \ --project your-service-project-id
You can verify your TPU VM is connected to your Shared VPC using
the gcloud describe
command:
$ gcloud compute tpus tpu-vm describe tpu-name --zone zone
The response includes the network to which your TPU VM is attached:
acceleratorType: v3-8 apiVersion: V2 cidrBlock: 10.128.0.0/20 createTime: '2022-06-17T21:32:13.859274143Z' health: HEALTHY id: '0000000000000000000' name: projects/my-project/locations/us-central1-b/nodes/my-tpu networkConfig: enableExternalIps: true network: projects/my-project/global/networks/default subnetwork: projects/my-project/regions/us-central1/subnetworks/default networkEndpoints: - accessConfig: externalIp: 000.000.000.000 ipAddress: 10.128.0.104 port: 8470 runtimeVersion: tpu-vm-tf-2.8.0 schedulingConfig: {} serviceAccount: email: [email protected] scope: - https://www.googleapis.com/auth/devstorage.read_write - https://www.googleapis.com/auth/logging.write - https://www.googleapis.com/auth/service.management - https://www.googleapis.com/auth/servicecontrol - https://www.googleapis.com/auth/cloud-platform - https://www.googleapis.com/auth/pubsub shieldedInstanceConfig: {} state: READY
Delete the TPU VM
When you are done with the TPU VM, make sure to delete it.
gcloud compute tpus tpu-vm delete tpu-name --zone zone