Connect a TPU to a Shared VPC network
Configure a VPC host project
You need to grant the TPU Service Account
in your service project
permissions to manage resources in the host project.
You do this using the "TPU Shared VPC Agent" (roles/tpu.xpnAgent) role. Run
the following gcloud commands to grant this role binding.
gcloud projects add-iam-policy-binding host-project-id \ --member=serviceAccount:service-your-service-project-number@gcp-sa-tpu.iam.gserviceaccount.com \ --role=roles/tpu.xpnAgent
Create a TPU VM connected to a Shared VPC Network
First determine which accelerator types and versions are available in the zone
gcloud compute tpus accelerator-types list --zone zone
gcloud compute tpus versions list --zone zone
You connect a TPU VM to a Shared VPC network when you create your TPU.
Specify your Shared VPC using the --network tag:
gcloud compute tpus tpu-vm create tpu-name \ --zone zone \ --accelerator-type accelerator-type \ --network projects/host-project-id/global/networks/host-network \ --version tpu-image-version \ --project your-service-project-id
You can verify your TPU VM is connected to your Shared VPC using
the gcloud describe command:
$ gcloud compute tpus tpu-vm describe tpu-name --zone zone
The response includes the network to which your TPU VM is attached:
acceleratorType: v3-8
apiVersion: V2
cidrBlock: 10.128.0.0/20
createTime: '2022-06-17T21:32:13.859274143Z'
health: HEALTHY
id: '0000000000000000000'
name: projects/my-project/locations/us-central1-b/nodes/my-tpu
networkConfig:
  enableExternalIps: true
  network: projects/my-project/global/networks/default
  subnetwork: projects/my-project/regions/us-central1/subnetworks/default
networkEndpoints:
- accessConfig:
    externalIp: 000.000.000.000
  ipAddress: 10.128.0.104
  port: 8470
runtimeVersion: tpu-vm-tf-2.8.0
schedulingConfig: {}
serviceAccount:
  email: 00000000000-compute@developer.gserviceaccount.com
  scope:
  - https://www.googleapis.com/auth/devstorage.read_write
  - https://www.googleapis.com/auth/logging.write
  - https://www.googleapis.com/auth/service.management
  - https://www.googleapis.com/auth/servicecontrol
  - https://www.googleapis.com/auth/cloud-platform
  - https://www.googleapis.com/auth/pubsub
shieldedInstanceConfig: {}
state: READY
Delete the TPU VM
When you are done with the TPU VM, make sure to delete it.
gcloud compute tpus tpu-vm delete tpu-name --zone zone