From e8188155bcb905a15d9d383be6ffceb31a8593dd Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Fri, 21 Feb 2025 11:28:47 -0800 Subject: [PATCH 1/4] Format and rename vars --- infra/aca.bicep | 112 ++++++++--------- infra/main.bicep | 309 +++++++++++++++++++++++------------------------ 2 files changed, 207 insertions(+), 214 deletions(-) diff --git a/infra/aca.bicep b/infra/aca.bicep index d08c0f5..8631a37 100644 --- a/infra/aca.bicep +++ b/infra/aca.bicep @@ -1,56 +1,56 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param identityName string -param containerAppsEnvironmentName string -param containerRegistryName string -param serviceName string = 'aca' -param exists bool -param aiServicesDeploymentName string -param aiServicesEndpoint string - -resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { - name: identityName - location: location -} - -var env = [ - { - name: 'AZURE_DEEPSEEK_DEPLOYMENT' - value: aiServicesDeploymentName - } - { - name: 'AZURE_INFERENCE_ENDPOINT' - value: aiServicesEndpoint - } - { - name: 'RUNNING_IN_PRODUCTION' - value: 'true' - } - { - // DefaultAzureCredential will look for an environment variable with this name: - name: 'AZURE_CLIENT_ID' - value: acaIdentity.properties.clientId - } -] - -module app 'core/host/container-app-upsert.bicep' = { - name: '${serviceName}-container-app-module' - params: { - name: name - location: location - tags: union(tags, { 'azd-service-name': serviceName }) - identityName: acaIdentity.name - exists: exists - containerAppsEnvironmentName: containerAppsEnvironmentName - containerRegistryName: containerRegistryName - env: env - targetPort: 50505 - } -} - -output SERVICE_ACA_IDENTITY_PRINCIPAL_ID string = acaIdentity.properties.principalId -output SERVICE_ACA_NAME string = app.outputs.name -output SERVICE_ACA_URI string = app.outputs.uri -output SERVICE_ACA_IMAGE_NAME string = app.outputs.imageName +param name string +param location string = resourceGroup().location +param tags object = {} + +param identityName string +param containerAppsEnvironmentName string +param containerRegistryName string +param serviceName string = 'aca' +param exists bool +param aiServicesDeploymentName string +param aiServicesEndpoint string + +resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: identityName + location: location +} + +var env = [ + { + name: 'AZURE_DEEPSEEK_DEPLOYMENT' + value: aiServicesDeploymentName + } + { + name: 'AZURE_INFERENCE_ENDPOINT' + value: aiServicesEndpoint + } + { + name: 'RUNNING_IN_PRODUCTION' + value: 'true' + } + { + // DefaultAzureCredential will look for an environment variable with this name: + name: 'AZURE_CLIENT_ID' + value: acaIdentity.properties.clientId + } +] + +module app 'core/host/container-app-upsert.bicep' = { + name: '${serviceName}-container-app-module' + params: { + name: name + location: location + tags: union(tags, { 'azd-service-name': serviceName }) + identityName: acaIdentity.name + exists: exists + containerAppsEnvironmentName: containerAppsEnvironmentName + containerRegistryName: containerRegistryName + env: env + targetPort: 50505 + } +} + +output identityPrincipalId string = acaIdentity.properties.principalId +output name string = app.outputs.name +output uri string = app.outputs.uri +output imageName string = app.outputs.imageName diff --git a/infra/main.bicep b/infra/main.bicep index 52c52d4..64c93d4 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,158 +1,151 @@ -targetScope = 'subscription' - -@minLength(1) -@maxLength(64) -@description('Name which is used to generate a short unique hash for each resource') -param name string - -@minLength(1) -@description('Primary location for all resources') -param location string - -@description('Id of the user or app to assign application roles') -param principalId string = '' - -param acaExists bool = false - -// Parameters for the Azure AI resource: -param aiServicesResourceGroupName string = '' -@minLength(1) -@description('Location for the Azure AI resource') -// https://learn.microsoft.com/azure/ai-studio/how-to/deploy-models-serverless-availability#deepseek-models-from-microsoft -@allowed([ - 'eastus' - 'eastus2' - 'northcentralus' - 'southcentralus' - 'westus' - 'westus3' -]) -@metadata({ - azd: { - type: 'location' - } -}) -param aiServicesResourceLocation string -param disableKeyBasedAuth bool = true - -// Parameters for the specific Azure AI deployment: -param aiServicesDeploymentName string = 'DeepSeek-R1' - - -var resourceToken = toLower(uniqueString(subscription().id, name, location)) -var tags = { 'azd-env-name': name } - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: '${name}-rg' - location: location - tags: tags -} - -resource aiServicesResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' existing = if (!empty(aiServicesResourceGroupName)) { - name: !empty(aiServicesResourceGroupName) ? aiServicesResourceGroupName : resourceGroup.name -} - -var prefix = '${name}-${resourceToken}' - -var aiServicesNameAndSubdomain = '${resourceToken}-aiservices' -module aiServices 'br/public:avm/res/cognitive-services/account:0.7.2' = { - name: 'deepseek' - scope: resourceGroup - params: { - name: aiServicesNameAndSubdomain - location: aiServicesResourceLocation - tags: tags - kind: 'AIServices' - customSubDomainName: aiServicesNameAndSubdomain - sku: 'S0' - publicNetworkAccess: 'Enabled' - deployments: [ - { - name: aiServicesDeploymentName - model: { - format: 'DeepSeek' - name: 'DeepSeek-R1' - version: '1' - } - sku: { - name: 'GlobalStandard' - capacity: 1 - } - }] - disableLocalAuth: disableKeyBasedAuth - roleAssignments: [ - { - principalId: principalId - principalType: 'User' - roleDefinitionIdOrName: 'Cognitive Services User' - } - ] - } -} - -module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = { - name: 'loganalytics' - scope: resourceGroup - params: { - name: '${prefix}-loganalytics' - location: location - tags: tags - } -} - -// Container apps host (including container registry) -module containerApps 'core/host/container-apps.bicep' = { - name: 'container-apps' - scope: resourceGroup - params: { - name: 'app' - location: location - tags: tags - containerAppsEnvironmentName: '${prefix}-containerapps-env' - containerRegistryName: '${replace(prefix, '-', '')}registry' - logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name - } -} - -// Container app frontend -module aca 'aca.bicep' = { - name: 'aca' - scope: resourceGroup - params: { - name: replace('${take(prefix,19)}-ca', '--', '-') - location: location - tags: tags - identityName: '${prefix}-id-aca' - containerAppsEnvironmentName: containerApps.outputs.environmentName - containerRegistryName: containerApps.outputs.registryName - aiServicesDeploymentName: aiServicesDeploymentName - aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' - exists: acaExists - } -} - - -module aiServicesRoleBackend 'core/security/role.bicep' = { - scope: aiServicesResourceGroup - name: 'aiservices-role-backend' - params: { - principalId: aca.outputs.SERVICE_ACA_IDENTITY_PRINCIPAL_ID - roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' - principalType: 'ServicePrincipal' - } -} - -output AZURE_LOCATION string = location -output AZURE_TENANT_ID string = tenant().tenantId - -output AZURE_DEEPSEEK_DEPLOYMENT string = aiServicesDeploymentName -output AZURE_INFERENCE_ENDPOINT string = 'https://${aiServices.outputs.name}.services.ai.azure.com/models' - -output SERVICE_ACA_IDENTITY_PRINCIPAL_ID string = aca.outputs.SERVICE_ACA_IDENTITY_PRINCIPAL_ID -output SERVICE_ACA_NAME string = aca.outputs.SERVICE_ACA_NAME -output SERVICE_ACA_URI string = aca.outputs.SERVICE_ACA_URI -output SERVICE_ACA_IMAGE_NAME string = aca.outputs.SERVICE_ACA_IMAGE_NAME - -output AZURE_CONTAINER_ENVIRONMENT_NAME string = containerApps.outputs.environmentName -output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerApps.outputs.registryLoginServer -output AZURE_CONTAINER_REGISTRY_NAME string = containerApps.outputs.registryName +targetScope = 'subscription' + +@minLength(1) +@maxLength(64) +@description('Name which is used to generate a short unique hash for each resource') +param name string + +@minLength(1) +@description('Primary location for all resources') +param location string + +@description('Id of the user or app to assign application roles') +param principalId string = '' + +param acaExists bool = false + +@minLength(1) +@description('Location for the Azure AI resource') +// https://learn.microsoft.com/azure/ai-studio/how-to/deploy-models-serverless-availability#deepseek-models-from-microsoft +@allowed([ + 'eastus' + 'eastus2' + 'northcentralus' + 'southcentralus' + 'westus' + 'westus3' +]) +@metadata({ + azd: { + type: 'location' + } +}) +param aiServicesResourceLocation string +param disableKeyBasedAuth bool = true + +// Parameters for the specific Azure AI deployment: +param aiServicesDeploymentName string = 'DeepSeek-R1' + +var resourceToken = toLower(uniqueString(subscription().id, name, location)) +var tags = { 'azd-env-name': name } + +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: '${name}-rg' + location: location + tags: tags +} + +var prefix = '${name}-${resourceToken}' + +var aiServicesNameAndSubdomain = '${resourceToken}-aiservices' +module aiServices 'br/public:avm/res/cognitive-services/account:0.7.2' = { + name: 'deepseek' + scope: resourceGroup + params: { + name: aiServicesNameAndSubdomain + location: aiServicesResourceLocation + tags: tags + kind: 'AIServices' + customSubDomainName: aiServicesNameAndSubdomain + sku: 'S0' + publicNetworkAccess: 'Enabled' + deployments: [ + { + name: aiServicesDeploymentName + model: { + format: 'DeepSeek' + name: 'DeepSeek-R1' + version: '1' + } + sku: { + name: 'GlobalStandard' + capacity: 1 + } + } + ] + disableLocalAuth: disableKeyBasedAuth + roleAssignments: [ + { + principalId: principalId + principalType: 'User' + roleDefinitionIdOrName: 'Cognitive Services User' + } + ] + } +} + +module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = { + name: 'loganalytics' + scope: resourceGroup + params: { + name: '${prefix}-loganalytics' + location: location + tags: tags + } +} + +// Container apps host (including container registry) +module containerApps 'core/host/container-apps.bicep' = { + name: 'container-apps' + scope: resourceGroup + params: { + name: 'app' + location: location + tags: tags + containerAppsEnvironmentName: '${prefix}-containerapps-env' + containerRegistryName: '${replace(prefix, '-', '')}registry' + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + } +} + +// Container app frontend +module aca 'aca.bicep' = { + name: 'aca' + scope: resourceGroup + params: { + name: replace('${take(prefix,19)}-ca', '--', '-') + location: location + tags: tags + identityName: '${prefix}-id-aca' + containerAppsEnvironmentName: containerApps.outputs.environmentName + containerRegistryName: containerApps.outputs.registryName + aiServicesDeploymentName: aiServicesDeploymentName + aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' + exists: acaExists + } +} + +module aiServicesRoleBackend 'core/security/role.bicep' = { + scope: resourceGroup + name: 'aiservices-role-backend' + params: { + principalId: aca.outputs.identityPrincipalId + roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' + principalType: 'ServicePrincipal' + } +} + +output AZURE_LOCATION string = location +output AZURE_TENANT_ID string = tenant().tenantId + +output AZURE_DEEPSEEK_DEPLOYMENT string = aiServicesDeploymentName +output AZURE_INFERENCE_ENDPOINT string = 'https://${aiServices.outputs.name}.services.ai.azure.com/models' + +output SERVICE_ACA_IDENTITY_PRINCIPAL_ID string = aca.outputs.identityPrincipalId +output SERVICE_ACA_NAME string = aca.outputs.name +output SERVICE_ACA_URI string = aca.outputs.uri +output SERVICE_ACA_IMAGE_NAME string = aca.outputs.imageName + +output AZURE_CONTAINER_ENVIRONMENT_NAME string = containerApps.outputs.environmentName +output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerApps.outputs.registryLoginServer +output AZURE_CONTAINER_REGISTRY_NAME string = containerApps.outputs.registryName From 8e1c0a9aedee3ccc4621f7ec42facc038d022788 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Fri, 21 Feb 2025 11:30:28 -0800 Subject: [PATCH 2/4] Remove whitespace change --- infra/aca.bicep | 62 +++++++++--------- infra/main.bicep | 164 +++++++++++++++++++++++------------------------ 2 files changed, 113 insertions(+), 113 deletions(-) diff --git a/infra/aca.bicep b/infra/aca.bicep index 8631a37..e40b3d5 100644 --- a/infra/aca.bicep +++ b/infra/aca.bicep @@ -11,43 +11,43 @@ param aiServicesDeploymentName string param aiServicesEndpoint string resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { - name: identityName - location: location + name: identityName + location: location } var env = [ - { - name: 'AZURE_DEEPSEEK_DEPLOYMENT' - value: aiServicesDeploymentName - } - { - name: 'AZURE_INFERENCE_ENDPOINT' - value: aiServicesEndpoint - } - { - name: 'RUNNING_IN_PRODUCTION' - value: 'true' - } - { - // DefaultAzureCredential will look for an environment variable with this name: - name: 'AZURE_CLIENT_ID' - value: acaIdentity.properties.clientId - } + { + name: 'AZURE_DEEPSEEK_DEPLOYMENT' + value: aiServicesDeploymentName + } + { + name: 'AZURE_INFERENCE_ENDPOINT' + value: aiServicesEndpoint + } + { + name: 'RUNNING_IN_PRODUCTION' + value: 'true' + } + { + // DefaultAzureCredential will look for an environment variable with this name: + name: 'AZURE_CLIENT_ID' + value: acaIdentity.properties.clientId + } ] module app 'core/host/container-app-upsert.bicep' = { - name: '${serviceName}-container-app-module' - params: { - name: name - location: location - tags: union(tags, { 'azd-service-name': serviceName }) - identityName: acaIdentity.name - exists: exists - containerAppsEnvironmentName: containerAppsEnvironmentName - containerRegistryName: containerRegistryName - env: env - targetPort: 50505 - } + name: '${serviceName}-container-app-module' + params: { + name: name + location: location + tags: union(tags, { 'azd-service-name': serviceName }) + identityName: acaIdentity.name + exists: exists + containerAppsEnvironmentName: containerAppsEnvironmentName + containerRegistryName: containerRegistryName + env: env + targetPort: 50505 + } } output identityPrincipalId string = acaIdentity.properties.principalId diff --git a/infra/main.bicep b/infra/main.bicep index 64c93d4..a86e30d 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -18,17 +18,17 @@ param acaExists bool = false @description('Location for the Azure AI resource') // https://learn.microsoft.com/azure/ai-studio/how-to/deploy-models-serverless-availability#deepseek-models-from-microsoft @allowed([ - 'eastus' - 'eastus2' - 'northcentralus' - 'southcentralus' - 'westus' - 'westus3' + 'eastus' + 'eastus2' + 'northcentralus' + 'southcentralus' + 'westus' + 'westus3' ]) @metadata({ - azd: { - type: 'location' - } + azd: { + type: 'location' + } }) param aiServicesResourceLocation string param disableKeyBasedAuth bool = true @@ -40,99 +40,99 @@ var resourceToken = toLower(uniqueString(subscription().id, name, location)) var tags = { 'azd-env-name': name } resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: '${name}-rg' - location: location - tags: tags + name: '${name}-rg' + location: location + tags: tags } var prefix = '${name}-${resourceToken}' var aiServicesNameAndSubdomain = '${resourceToken}-aiservices' module aiServices 'br/public:avm/res/cognitive-services/account:0.7.2' = { - name: 'deepseek' - scope: resourceGroup - params: { - name: aiServicesNameAndSubdomain - location: aiServicesResourceLocation - tags: tags - kind: 'AIServices' - customSubDomainName: aiServicesNameAndSubdomain - sku: 'S0' - publicNetworkAccess: 'Enabled' - deployments: [ - { - name: aiServicesDeploymentName - model: { - format: 'DeepSeek' - name: 'DeepSeek-R1' - version: '1' - } - sku: { - name: 'GlobalStandard' - capacity: 1 - } - } - ] - disableLocalAuth: disableKeyBasedAuth - roleAssignments: [ - { - principalId: principalId - principalType: 'User' - roleDefinitionIdOrName: 'Cognitive Services User' - } - ] - } + name: 'deepseek' + scope: resourceGroup + params: { + name: aiServicesNameAndSubdomain + location: aiServicesResourceLocation + tags: tags + kind: 'AIServices' + customSubDomainName: aiServicesNameAndSubdomain + sku: 'S0' + publicNetworkAccess: 'Enabled' + deployments: [ + { + name: aiServicesDeploymentName + model: { + format: 'DeepSeek' + name: 'DeepSeek-R1' + version: '1' + } + sku: { + name: 'GlobalStandard' + capacity: 1 + } + } + ] + disableLocalAuth: disableKeyBasedAuth + roleAssignments: [ + { + principalId: principalId + principalType: 'User' + roleDefinitionIdOrName: 'Cognitive Services User' + } + ] + } } module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = { - name: 'loganalytics' - scope: resourceGroup - params: { - name: '${prefix}-loganalytics' - location: location - tags: tags - } + name: 'loganalytics' + scope: resourceGroup + params: { + name: '${prefix}-loganalytics' + location: location + tags: tags + } } // Container apps host (including container registry) module containerApps 'core/host/container-apps.bicep' = { - name: 'container-apps' - scope: resourceGroup - params: { - name: 'app' - location: location - tags: tags - containerAppsEnvironmentName: '${prefix}-containerapps-env' - containerRegistryName: '${replace(prefix, '-', '')}registry' - logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name - } + name: 'container-apps' + scope: resourceGroup + params: { + name: 'app' + location: location + tags: tags + containerAppsEnvironmentName: '${prefix}-containerapps-env' + containerRegistryName: '${replace(prefix, '-', '')}registry' + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + } } // Container app frontend module aca 'aca.bicep' = { - name: 'aca' - scope: resourceGroup - params: { - name: replace('${take(prefix,19)}-ca', '--', '-') - location: location - tags: tags - identityName: '${prefix}-id-aca' - containerAppsEnvironmentName: containerApps.outputs.environmentName - containerRegistryName: containerApps.outputs.registryName - aiServicesDeploymentName: aiServicesDeploymentName - aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' - exists: acaExists - } + name: 'aca' + scope: resourceGroup + params: { + name: replace('${take(prefix,19)}-ca', '--', '-') + location: location + tags: tags + identityName: '${prefix}-id-aca' + containerAppsEnvironmentName: containerApps.outputs.environmentName + containerRegistryName: containerApps.outputs.registryName + aiServicesDeploymentName: aiServicesDeploymentName + aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' + exists: acaExists + } } module aiServicesRoleBackend 'core/security/role.bicep' = { - scope: resourceGroup - name: 'aiservices-role-backend' - params: { - principalId: aca.outputs.identityPrincipalId - roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' - principalType: 'ServicePrincipal' - } + scope: resourceGroup + name: 'aiservices-role-backend' + params: { + principalId: aca.outputs.identityPrincipalId + roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' + principalType: 'ServicePrincipal' + } } output AZURE_LOCATION string = location From b2c1f500fc7759f60429d670764a96dad69a6fb5 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Fri, 21 Feb 2025 11:31:14 -0800 Subject: [PATCH 3/4] Remove whitespace change --- infra/aca.bicep | 112 ++++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/infra/aca.bicep b/infra/aca.bicep index e40b3d5..b57c1f4 100644 --- a/infra/aca.bicep +++ b/infra/aca.bicep @@ -1,56 +1,56 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param identityName string -param containerAppsEnvironmentName string -param containerRegistryName string -param serviceName string = 'aca' -param exists bool -param aiServicesDeploymentName string -param aiServicesEndpoint string - -resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { - name: identityName - location: location -} - -var env = [ - { - name: 'AZURE_DEEPSEEK_DEPLOYMENT' - value: aiServicesDeploymentName - } - { - name: 'AZURE_INFERENCE_ENDPOINT' - value: aiServicesEndpoint - } - { - name: 'RUNNING_IN_PRODUCTION' - value: 'true' - } - { - // DefaultAzureCredential will look for an environment variable with this name: - name: 'AZURE_CLIENT_ID' - value: acaIdentity.properties.clientId - } -] - -module app 'core/host/container-app-upsert.bicep' = { - name: '${serviceName}-container-app-module' - params: { - name: name - location: location - tags: union(tags, { 'azd-service-name': serviceName }) - identityName: acaIdentity.name - exists: exists - containerAppsEnvironmentName: containerAppsEnvironmentName - containerRegistryName: containerRegistryName - env: env - targetPort: 50505 - } -} - -output identityPrincipalId string = acaIdentity.properties.principalId -output name string = app.outputs.name -output uri string = app.outputs.uri -output imageName string = app.outputs.imageName +param name string +param location string = resourceGroup().location +param tags object = {} + +param identityName string +param containerAppsEnvironmentName string +param containerRegistryName string +param serviceName string = 'aca' +param exists bool +param aiServicesDeploymentName string +param aiServicesEndpoint string + +resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: identityName + location: location +} + +var env = [ + { + name: 'AZURE_DEEPSEEK_DEPLOYMENT' + value: aiServicesDeploymentName + } + { + name: 'AZURE_INFERENCE_ENDPOINT' + value: aiServicesEndpoint + } + { + name: 'RUNNING_IN_PRODUCTION' + value: 'true' + } + { + // DefaultAzureCredential will look for an environment variable with this name: + name: 'AZURE_CLIENT_ID' + value: acaIdentity.properties.clientId + } +] + +module app 'core/host/container-app-upsert.bicep' = { + name: '${serviceName}-container-app-module' + params: { + name: name + location: location + tags: union(tags, { 'azd-service-name': serviceName }) + identityName: acaIdentity.name + exists: exists + containerAppsEnvironmentName: containerAppsEnvironmentName + containerRegistryName: containerRegistryName + env: env + targetPort: 50505 + } +} + +output identityPrincipalId string = acaIdentity.properties.principalId +output name string = app.outputs.name +output uri string = app.outputs.uri +output imageName string = app.outputs.imageName From b6297494d4fe6ccf48680f03559d05df7161ee68 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Fri, 21 Feb 2025 11:31:51 -0800 Subject: [PATCH 4/4] Remove whitespace change --- infra/main.bicep | 302 +++++++++++++++++++++++------------------------ 1 file changed, 151 insertions(+), 151 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index a86e30d..19a2514 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,151 +1,151 @@ -targetScope = 'subscription' - -@minLength(1) -@maxLength(64) -@description('Name which is used to generate a short unique hash for each resource') -param name string - -@minLength(1) -@description('Primary location for all resources') -param location string - -@description('Id of the user or app to assign application roles') -param principalId string = '' - -param acaExists bool = false - -@minLength(1) -@description('Location for the Azure AI resource') -// https://learn.microsoft.com/azure/ai-studio/how-to/deploy-models-serverless-availability#deepseek-models-from-microsoft -@allowed([ - 'eastus' - 'eastus2' - 'northcentralus' - 'southcentralus' - 'westus' - 'westus3' -]) -@metadata({ - azd: { - type: 'location' - } -}) -param aiServicesResourceLocation string -param disableKeyBasedAuth bool = true - -// Parameters for the specific Azure AI deployment: -param aiServicesDeploymentName string = 'DeepSeek-R1' - -var resourceToken = toLower(uniqueString(subscription().id, name, location)) -var tags = { 'azd-env-name': name } - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: '${name}-rg' - location: location - tags: tags -} - -var prefix = '${name}-${resourceToken}' - -var aiServicesNameAndSubdomain = '${resourceToken}-aiservices' -module aiServices 'br/public:avm/res/cognitive-services/account:0.7.2' = { - name: 'deepseek' - scope: resourceGroup - params: { - name: aiServicesNameAndSubdomain - location: aiServicesResourceLocation - tags: tags - kind: 'AIServices' - customSubDomainName: aiServicesNameAndSubdomain - sku: 'S0' - publicNetworkAccess: 'Enabled' - deployments: [ - { - name: aiServicesDeploymentName - model: { - format: 'DeepSeek' - name: 'DeepSeek-R1' - version: '1' - } - sku: { - name: 'GlobalStandard' - capacity: 1 - } - } - ] - disableLocalAuth: disableKeyBasedAuth - roleAssignments: [ - { - principalId: principalId - principalType: 'User' - roleDefinitionIdOrName: 'Cognitive Services User' - } - ] - } -} - -module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = { - name: 'loganalytics' - scope: resourceGroup - params: { - name: '${prefix}-loganalytics' - location: location - tags: tags - } -} - -// Container apps host (including container registry) -module containerApps 'core/host/container-apps.bicep' = { - name: 'container-apps' - scope: resourceGroup - params: { - name: 'app' - location: location - tags: tags - containerAppsEnvironmentName: '${prefix}-containerapps-env' - containerRegistryName: '${replace(prefix, '-', '')}registry' - logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name - } -} - -// Container app frontend -module aca 'aca.bicep' = { - name: 'aca' - scope: resourceGroup - params: { - name: replace('${take(prefix,19)}-ca', '--', '-') - location: location - tags: tags - identityName: '${prefix}-id-aca' - containerAppsEnvironmentName: containerApps.outputs.environmentName - containerRegistryName: containerApps.outputs.registryName - aiServicesDeploymentName: aiServicesDeploymentName - aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' - exists: acaExists - } -} - -module aiServicesRoleBackend 'core/security/role.bicep' = { - scope: resourceGroup - name: 'aiservices-role-backend' - params: { - principalId: aca.outputs.identityPrincipalId - roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' - principalType: 'ServicePrincipal' - } -} - -output AZURE_LOCATION string = location -output AZURE_TENANT_ID string = tenant().tenantId - -output AZURE_DEEPSEEK_DEPLOYMENT string = aiServicesDeploymentName -output AZURE_INFERENCE_ENDPOINT string = 'https://${aiServices.outputs.name}.services.ai.azure.com/models' - -output SERVICE_ACA_IDENTITY_PRINCIPAL_ID string = aca.outputs.identityPrincipalId -output SERVICE_ACA_NAME string = aca.outputs.name -output SERVICE_ACA_URI string = aca.outputs.uri -output SERVICE_ACA_IMAGE_NAME string = aca.outputs.imageName - -output AZURE_CONTAINER_ENVIRONMENT_NAME string = containerApps.outputs.environmentName -output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerApps.outputs.registryLoginServer -output AZURE_CONTAINER_REGISTRY_NAME string = containerApps.outputs.registryName +targetScope = 'subscription' + +@minLength(1) +@maxLength(64) +@description('Name which is used to generate a short unique hash for each resource') +param name string + +@minLength(1) +@description('Primary location for all resources') +param location string + +@description('Id of the user or app to assign application roles') +param principalId string = '' + +param acaExists bool = false + +@minLength(1) +@description('Location for the Azure AI resource') +// https://learn.microsoft.com/azure/ai-studio/how-to/deploy-models-serverless-availability#deepseek-models-from-microsoft +@allowed([ + 'eastus' + 'eastus2' + 'northcentralus' + 'southcentralus' + 'westus' + 'westus3' +]) +@metadata({ + azd: { + type: 'location' + } +}) +param aiServicesResourceLocation string +param disableKeyBasedAuth bool = true + +// Parameters for the specific Azure AI deployment: +param aiServicesDeploymentName string = 'DeepSeek-R1' + +var resourceToken = toLower(uniqueString(subscription().id, name, location)) +var tags = { 'azd-env-name': name } + +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: '${name}-rg' + location: location + tags: tags +} + +var prefix = '${name}-${resourceToken}' + +var aiServicesNameAndSubdomain = '${resourceToken}-aiservices' +module aiServices 'br/public:avm/res/cognitive-services/account:0.7.2' = { + name: 'deepseek' + scope: resourceGroup + params: { + name: aiServicesNameAndSubdomain + location: aiServicesResourceLocation + tags: tags + kind: 'AIServices' + customSubDomainName: aiServicesNameAndSubdomain + sku: 'S0' + publicNetworkAccess: 'Enabled' + deployments: [ + { + name: aiServicesDeploymentName + model: { + format: 'DeepSeek' + name: 'DeepSeek-R1' + version: '1' + } + sku: { + name: 'GlobalStandard' + capacity: 1 + } + } + ] + disableLocalAuth: disableKeyBasedAuth + roleAssignments: [ + { + principalId: principalId + principalType: 'User' + roleDefinitionIdOrName: 'Cognitive Services User' + } + ] + } +} + +module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = { + name: 'loganalytics' + scope: resourceGroup + params: { + name: '${prefix}-loganalytics' + location: location + tags: tags + } +} + +// Container apps host (including container registry) +module containerApps 'core/host/container-apps.bicep' = { + name: 'container-apps' + scope: resourceGroup + params: { + name: 'app' + location: location + tags: tags + containerAppsEnvironmentName: '${prefix}-containerapps-env' + containerRegistryName: '${replace(prefix, '-', '')}registry' + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + } +} + +// Container app frontend +module aca 'aca.bicep' = { + name: 'aca' + scope: resourceGroup + params: { + name: replace('${take(prefix,19)}-ca', '--', '-') + location: location + tags: tags + identityName: '${prefix}-id-aca' + containerAppsEnvironmentName: containerApps.outputs.environmentName + containerRegistryName: containerApps.outputs.registryName + aiServicesDeploymentName: aiServicesDeploymentName + aiServicesEndpoint: 'https://${aiServices.outputs.name}.services.ai.azure.com/models' + exists: acaExists + } +} + +module aiServicesRoleBackend 'core/security/role.bicep' = { + scope: resourceGroup + name: 'aiservices-role-backend' + params: { + principalId: aca.outputs.identityPrincipalId + roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908' + principalType: 'ServicePrincipal' + } +} + +output AZURE_LOCATION string = location +output AZURE_TENANT_ID string = tenant().tenantId + +output AZURE_DEEPSEEK_DEPLOYMENT string = aiServicesDeploymentName +output AZURE_INFERENCE_ENDPOINT string = 'https://${aiServices.outputs.name}.services.ai.azure.com/models' + +output SERVICE_ACA_IDENTITY_PRINCIPAL_ID string = aca.outputs.identityPrincipalId +output SERVICE_ACA_NAME string = aca.outputs.name +output SERVICE_ACA_URI string = aca.outputs.uri +output SERVICE_ACA_IMAGE_NAME string = aca.outputs.imageName + +output AZURE_CONTAINER_ENVIRONMENT_NAME string = containerApps.outputs.environmentName +output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerApps.outputs.registryLoginServer +output AZURE_CONTAINER_REGISTRY_NAME string = containerApps.outputs.registryName