This document includes the best practices and guidelines for Cloud Build when running generative AI workloads on Google Cloud. Use Cloud Build with Vertex AI to build, test, and deploy a serverless CI/CD platform on Google Cloud.
Consider the following use cases for Cloud Build with Vertex AI:
- Automate ML pipeline builds: Cloud Build lets you automate the building and testing of your ML pipelines defined in Vertex AI Pipelines. This automation helps you build and deploy your models faster and with greater consistency.
- Build custom container images for deployment: Cloud Build can build custom container images for your model-serving environments. Cloud Build lets you package your model code, dependencies, and runtime environment into a single image that you can deploy to Vertex AI Inference for serving predictions.
- Integrate with CI/CD workflows: Cloud Build lets you automate the build and deployment of your ML models in your CI/CD workflows. This automation ensures that your models are up-to-date and deployed to production.
- Trigger builds based on code changes: Cloud Build can automatically trigger builds when changes are made to your model code or pipeline definition. This automation helps to ensure that your models are built with the latest code and that any changes are automatically deployed to production.
- Get scalable and secure infrastructure: Cloud Build uses Google Cloud scalable and secure infrastructure to build and deploy your models. This scalability means you don't need to worry about managing your own infrastructure and can focus on developing your models.
- Support for various programming languages: Cloud Build supports various programming languages, including Python, Java, Go, and Node.js. This support lets you build your models using the language of your choice.
- Use prebuilt build steps: To help simplify the build process, Cloud Build offers prebuilt build steps for common ML tasks, such as installing dependencies, running tests, and pushing images to container registries.
- Create custom build steps: You can define your own custom build steps in Cloud Build to execute any arbitrary code during the build process.
- Build artifacts for other Vertex AI services: Cloud Build can build artifacts for other Vertex AI services such as Vertex AI Feature Store and Vertex AI Data Labeling. This flexibility helps you build a complete ML workflow on Google Cloud.
- Realize a cost-effective solution: Cloud Build offers a pay-as-you-go pricing model, so you only pay for the resources you use.
Required Cloud Build controls
The following controls are strongly recommended when using Cloud Build.
Define permitted private pools
| Google control ID | CBD-CO-6.1 |
|---|---|
| Category | Required |
| Description | The Use one of the following formats to define an allowed or denied list of Worker Pools:
|
| Applicable products |
|
| Path | constraints/cloudbuild.allowedWorkerPools |
| Operator | = |
| Type | String |
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
Define which external services can invoke build triggers
| Google control ID | CBD-CO-6.2 |
|---|---|
| Category | Required |
| Description | The |
| Applicable products |
|
| Path | constraints/cloudbuild.allowedIntegrations |
| Operator | = |
| Type | List |
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
Define permitted external IP addresses for VM instances
| Google control ID | CBD-CO-6.3 |
|---|---|
| Category | Required |
| Description | The |
| Applicable products |
|
| Path | compute.vmExternalIpAccess |
| Operator | = |
| Value |
|
| Type | List |
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
What's next
Review Cloud DNS controls.
See more Google Cloud security best practices and guidelines for generative AI workloads.