Update the docs for private GKE.

[jlewi]

• Replace the instructions for private GKE with the instructions from the
  repo: https://github.com/kubeflow/gcp-blueprints/blob/master/kubeflow/deploy_private.md

• fix: [GCP] Update docs for private clusters and VPC service controls for 1.0 #1705

[kubeflow-bot]

This change is 

[jlewi]

Preview
https://deploy-preview-2190--competent-brattain-de2d6d.netlify.app/docs/gke/private-clusters/

[jlewi]

/assign @Bobgy
This should be ready for review.

[Bobgy]

/lgtm
Thanks!

/assign @joeliedtke
for tech writer review

[Bobgy]

The issue has been fixed and closed, shall we remove this?

[jlewi]

Done.

[Bobgy]

Sounds like it'll be better if we wait for all CNRM resources before continuing to apply other manifests.
Just a side note

[jlewi]

Ack.

[8bitmp3]

Hey @jlewi Thanks again!

I did a quick scan, here are some of my suggestions @Bobgy @joeliedtke :

• Lines 12-13:
  • "work around" -> "workaround" or "work-around"?
  • For links: "text"
  • Add a short description of the GitHub issue and provide a definition for CRD (CustomResourceDefinition(s) - one word, according to k8s docs):
    • "As a workaround for Issue (...Getting started guide for Microsoft Azure #32)[...32] (in CNRM 1.9.1, the CustomResourceDefinition (CRD) for container cluster is missing ipAllocationPolicy fields needed to create a private GKE cluster)..."
      • Should we be using "CustomResourceDefinitions" as one word as per k8s docs or three words on GCP docs?
  • One word "containercluster" -> two words "container cluster"? (I couldn't find containercluster (one word) on Google Cloud docs unless it was a field/var name in some CLI output.)

1. As a workaround for Issue
   [kubeflow/gcp-blueprints#32](https://github.com/kubeflow/gcp-blueprints/issues/32)
   (in CNRM 1.9.1, the [CustomResourceDefinition
   (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions)
   for container cluster is missing `ipAllocationPolicy` fields needed to create
   a private GKE cluster), modify the container cluster CRD schema in your
   management cluster to include the missing fields.

• Add: "where {PKGDIR} is the directory..." (for Kubeflow that you created earlier)?

• "1. Change to the Kubeflow directory" (<- "kubeflow")

• Add back ticks: patchesStrategicMerge and resources

• Add "Note:"

   *Note:* Do not use `kustomize edit` to perform the above actions until Issue [kubernetes-sigs/kustomize#2310](https://github.com/kubernetes-sigs/kustomize/issues/2310) is fixed.

• Add full stops at the end of sentences.

• "Sanity check" -> "double check" (less slang).

• Line 194: Let's add a definition to "GCR", since it could be Google Cloud resources/Run/registry (depending on who's reading this).

• Line 240: since there is already one troubleshooting section for KF on private GKE:

- * [Troubleshoot](/docs/gke/troubleshooting-gke) any issues you may
  find.
+ * [Troubleshoot](/docs/gke/troubleshooting-gke) any GKE issues you may
  find.

LMKWYT

[8bitmp3]

Suggested change

	1. In patchesStrategicMerge add
	1. In `patchesStrategicMerge`, add

[8bitmp3]

Suggested change

	error is
	error is:

[jlewi]

Resolved.

[jlewi]

@8bitmp3 Thanks for all the great suggestions! I think I addressed all of them (may have missed one or two full stops).

@8bitmp3 I think the only use of containercluster is in a command

kubectl --context=$(MGMTCTXT) wait --for=condition=Ready --timeout=600s  containercluster $(NAME)

In this case there is no space; its one word.

Similarly I think for custom resource defintiion 3 words or 1 are both valid depending on whether you are using the actual resource name as it appears in APIs or more descriptively.

[jlewi]

/test all

[jlewi]

@8bitmp3 and @Bobgy Could one of you PTAL?

[8bitmp3]

@jlewi Thanks a million!

A few suggestions:

• Line 10: The steps below 1. Follow the blueprint instructions to setup a management cluster - should be be indented to the right?
• Line 20: Refactor to:

   * Check Issue [kubeflow/gcp-blueprints#32](https://github.com/kubeflow/gcp-blueprints/issues/32)
     to find out if it has been resolved in later versions of CNRM. If the issue hasn't been resolved, there should be directions for a workaround.

(or something along these lines)

• Added back ticks around ${PKGDIR} and Makefile.
• Added full stops (.) and colons (:) in sequential and non-sequential instructions for consistency.
• Added commas and carried out some minor refactoring.
• There was a space missing in * Google Container Registry (GCR) images can't be pulled.
• Changed "Ensure" to "Make sure" (this is more formal, but to me it looks good either way).
• To avoid repeating "issue" twice, refactored: * This likely indicates an issue with access to private GCR. This could be because of:
• Added "and" -> * If image pull errors show IP addresses and not the restricted.googleapis.com VIP, then you have an issue with networking.

Obviously, these are just suggestions. LMKWYT!

cc @Bobgy

Cheers

[8bitmp3]

Line 10: The steps below 1. Follow the blueprint instructions to setup a management cluster - should be be indented to the right?

[Bobgy]

/lgtm
from my side

[jlewi]

Line 10: The steps below 1. Follow the blueprint instructions to setup a management cluster - should be be indented to the right?

This shouldn't be indented; the instructions below aren't setting up the management cluster. I added a link to the management cluster setup instructions.

[jlewi]

@8bitmp3 Thanks again! I incorporated all your suggestions. PTAL.

[8bitmp3]

/lgtm

Thank you @jlewi !

Let's have an updated KF on private GKE doc on the site asap, since the current one is out of date. Any incremental improvements can be added later on.

@Bobgy WDYT?

[8bitmp3]

Hey @jlewi, I ran "private GKE" in the search bar:

I think maybe we could improve the UX by amending the title a little bit.

- title = "Securing Your Clusters"
+ title = "Securing Your Clusters with Private GKE"
description = "How to secure Kubeflow clusters using private GKE"

or

- title = "Securing Your Clusters"
+ title = "Securing Your Clusters on Private GKE"
description = "How to secure Kubeflow clusters using private GKE"

It would be similar to:

title = "Kubeflow On-premises on Anthos GKE"

LMKWYT

[8bitmp3]

Hey @jlewi, I ran "private GKE" in the search bar:

I think maybe we could improve the UX by amending the title a little bit.

- title = "Securing Your Clusters"
+ title = "Securing Your Clusters with Private GKE"
description = "How to secure Kubeflow clusters using private GKE"

or

- title = "Securing Your Clusters"
+ title = "Securing Your Clusters on Private GKE"
description = "How to secure Kubeflow clusters using private GKE"

It would be similar to:

title = "Kubeflow On-premises on Anthos GKE"

LMKWYT

[Bobgy]

Sounds good to me. I'll merge this PR first because the original one is out of date

[Bobgy]

/lgtm
/approve
Thank you both @jlewi @8bitmp3!

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Bobgy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• content/en/docs/gke/OWNERS [Bobgy]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment