ManagedAPP

Author: harjitdotsingh

infra/README.md

@@ -39,3 +39,7 @@ In the Azure Portal, go to Marketplace and create a `Service Catalog Managed App
 ### 6. Deploy the managed app
 
 In the Azure Portal, find and click on the managed app definition resource that was created in the previous step. A button option to `Deploy from definition` will be available. Click on it and proceed through the setup steps (defined by the `createUiDefinitions.json` file) that a consumer would experience when installing the managed app.
+
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https%3A%2F%2Fgithub.com%2FAzure-Samples%2Fgraphrag-accelerator%2Fblob%2Fharjit-managed-app%2Finfra%2FmainTemplate.json)
+

infra/core/aks/aks.bicep

@@ -65,7 +65,7 @@ resource aks 'Microsoft.ContainerService/managedClusters@2024-09-02-preview' = {
   }
   properties: {
     enableRBAC: true
-    disableLocalAccounts: true
+    disableLocalAccounts: false
     dnsPrefix: !empty(dnsPrefix) ? dnsPrefix : toLower(clusterName)
     aadProfile: {
       managed: true

infra/core/aoai/aoai.bicep

@@ -17,10 +17,10 @@ param embeddingModelName string = 'text-embedding-ada-002'
 param embeddingModelVersion string
 
 @description('TPM quota for llm model deployment (x1000)')
-param llmTpmQuota int = 10
+param llmTpmQuota int = 1
 
 @description('TPM quota for embedding model deployment (x1000)')
-param embeddingTpmQuota int = 10
+param embeddingTpmQuota int = 1
 
 resource aoai 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
   name: openAiName

infra/core/apim/apim.graphrag-servicedef.bicep

@@ -5,6 +5,9 @@ param backendUrl string
 param name string
 param apimname string
 
+
+
+
 resource api 'Microsoft.ApiManagement/service/apis@2023-09-01-preview' = {
   name: '${apimname}/${name}'
   properties: {

infra/core/scripts/deployment-script.bicep

@@ -16,10 +16,9 @@ param azure_apim_name string
 param managed_identity_aks string
 param ai_search_name string
 
-@description('Specifies the primary script URI.')
-param primaryScriptUri string
 param imagename string
 param imageversion string
+param script_file string
 
 
 param azure_aoai_endpoint string
@@ -47,6 +46,8 @@ param azure_workload_identity_client_id string
 param azure_workload_identity_principal_id string
 param  azure_workload_identity_name string
 param cognitive_services_audience string = 'https://cognitiveservices.azure.com/default'
+param public_storage_account_name string
+param public_storage_account_key string
 
 var clusterAdminRoleDefinitionId = resourceId('Microsoft.Authorization/roleDefinitions', '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8')
 
@@ -55,13 +56,18 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@2022-11-02-previ
   name: azure_aks_name
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: uniqueString(resourceGroup().id)
+  location: location
+}
+
 
 resource clusterAdminContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name:  guid(managed_identity_aks, aksCluster.id, clusterAdminRoleDefinitionId)
   scope: aksCluster
   properties: {
     roleDefinitionId: clusterAdminRoleDefinitionId
-    principalId: managed_identity_aks
+    principalId: managedIdentity.properties.principalId
     principalType: 'ServicePrincipal'
   }
 }
@@ -73,10 +79,14 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'= {
   identity: {
     type: 'UserAssigned'
     userAssignedIdentities: {
-      '${managed_identity_aks}': {}
+      '${managedIdentity.id}': {}
     }
   }
   properties: {
+    storageAccountSettings: {
+      storageAccountName: public_storage_account_name
+      storageAccountKey: public_storage_account_key
+    }
     forceUpdateTag: utcValue
     azCliVersion: '2.7.0'
     timeout: 'PT1H'
@@ -219,12 +229,19 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'= {
 
     value: azure_aoai_endpoint 
   }
+
+  {   
+    name: 'AZURE_RESOURCE_GROUP'
+  
+    value: resourceGroup().name 
+  }
 
 
       ]
     cleanupPreference: 'OnSuccess'
     retentionInterval: 'P1D'
-    primaryScriptUri: primaryScriptUri
+    //primaryScriptUri: primaryScriptUri
+    scriptContent:script_file
     }
     dependsOn: [
       aksCluster

infra/main.bicep

@@ -67,15 +67,19 @@ param llmModelName string = 'gpt-4o'
 param llmModelVersion string = '2024-08-06'
 @description('Quota of the AOAI LLM model to use.')
 @minValue(1)
-param llmModelQuota int = 10
+param llmModelQuota int = 1
 
 @description('Name of the AOAI embedding model to use. Must match official model id. For more information: https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models')
 @allowed(['text-embedding-ada-002', 'text-embedding-3-large'])
 param embeddingModelName string = 'text-embedding-ada-002'
 param embeddingModelVersion string = '2'
 @description('Quota of the AOAI embedding model to use.')
 @minValue(1)
-param embeddingModelQuota int = 10
+param embeddingModelQuota int = 1
+
+
+param publicStorageAccountName string =''
+param publicStorageAccountKey string =''
 
 var abbrs = loadJsonContent('abbreviations.json')
 var tags = { 'azd-env-name': resourceGroup }
@@ -372,7 +376,7 @@ module deploymentScript 'core/scripts/deployment-script.bicep' ={
     utcValue: utcString
     name:'graphragscript'
     location:location
-    subscriptionId:subscription().subscriptionId
+    subscriptionId:subscription().id
     tenantid:tenant().tenantId
     acrserver:'graphrag.azure.acr.io'
     azure_location:location
@@ -387,7 +391,7 @@ module deploymentScript 'core/scripts/deployment-script.bicep' ={
     azure_apim_gateway_url:apim.outputs.apimGatewayUrl
     azure_apim_name :apim.outputs.name
     managed_identity_aks:aks.outputs.systemIdentity
-    primaryScriptUri:'file://./scripts/deployment-script.sh'
+    script_file:loadTextContent('managed-app/artifacts/scripts/updategraphrag.sh')
     ai_search_name:aiSearch.name
     azure_aoai_endpoint:aoai.outputs.openAiEndpoint
     azure_aoai_llm_model : aoai.outputs.llmModel
@@ -396,26 +400,30 @@ module deploymentScript 'core/scripts/deployment-script.bicep' ={
     azure_aoai_embedding_model:aoai.outputs.textEmbeddingModel
     azure_aoai_embedding_model_deployment_name:aoai.outputs.textEmbeddingModelDeploymentName
     azure_aoai_embedding_model_api_version:aoai.outputs.textEmbeddingModelApiVersion
-
     azure_app_hostname:appHostname
     azure_app_url:appUrl
     azure_app_insights_connection_string:appInsights.outputs.connectionString
-
     azure_cosmosdb_endpoint :cosmosdb.outputs.endpoint
     azure_cosmosdb_name:cosmosdb.outputs.name
     azure_cosmosdb_id:cosmosdb.outputs.id
-
     azure_dns_zone_name:privateDnsZone.outputs.name
-
-
     azure_storage_account:storage.outputs.name
     azure_storage_account_blob_url:storage.outputs.primaryEndpoints.blob
-
     azure_workload_identity_client_id:workloadIdentity.outputs.clientId
     azure_workload_identity_principal_id:workloadIdentity.outputs.principalId
     azure_workload_identity_name:workloadIdentity.outputs.name
-    
+    public_storage_account_name: publicStorageAccountName
+    public_storage_account_key: publicStorageAccountKey
+  
+  }
+}
 
+module apimgraphragservicedef  'core/apim/apim.graphrag-servicedef.bicep'={
+  name: 'graphragservicedef-deployment'
+  params:{
+    name:'GraphRag'
+    apimname:apim.outputs.name
+    backendUrl:appUrl
   }
 }
 

infra/managed-app/artifacts/scripts/updategraphrag.sh

@@ -1,14 +1,15 @@
 #!/bin/bash
 # Install kubectl
+set -e
 az aks install-cli --only-show-errors
 
+az login --identity
+
 # Get AKS credentials
 az aks get-credentials \
   --admin \
-  --name $clusterName \
-  --resource-group $resourceGroupName \
-  --subscription $subscriptionId \
-  --only-show-errors
+  --name $AZURE_AKS_NAME  \
+  --resource-group $AZURE_RESOURCE_GROUP --only-show-errors
 
 # Check if the cluster is private or not
 
@@ -27,37 +28,27 @@ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
 # Update Helm repos
 helm repo update
 
-helm pull  oci://graphrag.azurecr.io/graphrag --generate-name
-
-tar -xvf graphrag-0.1.0.tgz
-
+helm pull  oci://graphrag.azurecr.io/graphrag --untar
 
-
-  # Log whether the cluster is public or private
-  echo "$clusterName AKS cluster is public"
-
-  # Install Prometheus
 
-
-  # Install NGINX ingress controller using the internal load balancer
-    helm upgrade -i graphrag ./graphrag -f ./graphrag/values.yaml \
-        --namespace $aksNamespace --create-namespace \
-        --set "serviceAccount.name=$AZURE_AKS_SERVICE_ACCOUNT_NAME" \
-        --set "serviceAccount.annotations.azure\.workload\.identity/client-id=$AZURE_WORKLOAD_IDENTITY_CLIENT_ID" \
-        --set "master.image.repository=graphrag.azurecr.io/$IMAGE_NAME" \
-        --set "master.image.tag=$IMAGE_VERSION" \
-        --set "ingress.host=$AZURE_APP_HOSTNAME" \
-        --set "graphragConfig.APP_INSIGHTS_CONNECTION_STRING=$APP_INSIGHTS_CONNECTION_STRING" \
-        --set "graphragConfig.AI_SEARCH_URL=https://$AI_SEARCH_NAME.search.windows.net" \
-        --set "graphragConfig.COSMOS_URI_ENDPOINT=$AZURE_COSMOSDB_ENDPOINT" \
-        --set "graphragConfig.GRAPHRAG_API_BASE=$AZURE_OPENAI_ENDPOINT" \
-        --set "graphragConfig.GRAPHRAG_API_VERSION=$AZURE_AOAI_LLM_MODEL_API_VERSION" \
-        --set "graphragConfig.GRAPHRAG_LLM_MODEL=$AZURE_AOAI_LLM_MODEL"\
-        --set "graphragConfig.GRAPHRAG_LLM_DEPLOYMENT_NAME=$AZURE_AOAI_LLM_MODEL_DEPLOYMENT_NAME" \
-        --set "graphragConfig.GRAPHRAG_EMBEDDING_MODEL=$AZURE_AOAI_EMBEDDING_MODEL" \
-        --set "graphragConfig.GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME=$AZURE_AOAI_EMBEDDING_MODEL_DEPLOYMENT_NAME" \
-        --set "graphragConfig.COGNITIVE_SERVICES_AUDIENCE=$COGNITIVE_SERVICES_AUDIENCE" \
-        --set "graphragConfig.STORAGE_ACCOUNT_BLOB_URL=$AZURE_STORAGE_ACCOUNT_BLOB_URL"
+helm upgrade -i graphrag ./graphrag -f ./graphrag/values.yaml \
+    --namespace $aksNamespace --create-namespace \
+    --set "serviceAccount.name=$AZURE_AKS_SERVICE_ACCOUNT_NAME" \
+    --set "serviceAccount.annotations.azure\.workload\.identity/client-id=$AZURE_WORKLOAD_IDENTITY_CLIENT_ID" \
+    --set "master.image.repository=graphrag.azurecr.io/$IMAGE_NAME" \
+    --set "master.image.tag=$IMAGE_VERSION" \
+    --set "ingress.host=$AZURE_APP_HOSTNAME" \
+    --set "graphragConfig.APPLICATIONINSIGHTS_CONNECTION_STRING=$APP_INSIGHTS_CONNECTION_STRING" \
+    --set "graphragConfig.AI_SEARCH_URL=https://$AI_SEARCH_NAME.search.windows.net" \
+    --set "graphragConfig.COSMOS_URI_ENDPOINT=$AZURE_COSMOSDB_ENDPOINT" \
+    --set "graphragConfig.GRAPHRAG_API_BASE=$AZURE_OPENAI_ENDPOINT" \
+    --set "graphragConfig.GRAPHRAG_API_VERSION=$AZURE_AOAI_LLM_MODEL_API_VERSION" \
+    --set "graphragConfig.GRAPHRAG_LLM_MODEL=$AZURE_AOAI_LLM_MODEL"\
+    --set "graphragConfig.GRAPHRAG_LLM_DEPLOYMENT_NAME=$AZURE_AOAI_LLM_MODEL_DEPLOYMENT_NAME" \
+    --set "graphragConfig.GRAPHRAG_EMBEDDING_MODEL=$AZURE_AOAI_EMBEDDING_MODEL" \
+    --set "graphragConfig.GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME=$AZURE_AOAI_EMBEDDING_MODEL_DEPLOYMENT_NAME" \
+    --set "graphragConfig.COGNITIVE_SERVICES_AUDIENCE=$COGNITIVE_SERVICES_AUDIENCE" \
+    --set "graphragConfig.STORAGE_ACCOUNT_BLOB_URL=$AZURE_STORAGE_ACCOUNT_BLOB_URL"
 
 
 

infra/managed-app/createUiDefinition.json

@@ -159,7 +159,43 @@
             "visible": true
           }
         ]
+      },
+      {
+        "name": "StorageaccountSettings",
+        "label": "StorageAccount Settings",
+        "subLabel": {
+          "preValidation": "Configure the graphrag settings",
+          "postValidation": "Completed"
+        },
+        "elements": [
+          {
+            "name": "StorageAccountName",
+            "type": "Microsoft.Common.TextBox",
+            "label": "Storage Account",
+            "defaultValue": "",
+            "toolTip": "StorageAccountName to use",
+            "visible": true,
+            "constraints": {
+              "required": true
+            }
+          },
+          {
+          "name": "StorageAccountKey",
+          "type": "Microsoft.Common.PasswordBox",
+          "label": {
+            "password": "Storage Account Key",
+            "confirmPassword": "Confirm Storage Account Key"
+          },
+          "constraints": {
+            "required": true
+          },
+          "visible": true
+    
+        }
+
+        ]
       }
+
     ],
     "outputs": {
       "resourceGroup": "[resourceGroup().name]",
@@ -170,7 +206,9 @@
       "embeddingModelName": "[steps('aoaiSettings').embeddingModel]",
       "embeddingModelQuota": "[int(steps('aoaiSettings').embeddingModelQuota)]",
       "llmModelVersion": "[steps('aoaiSettings').llmModelVersion]",
-      "embeddingModelVersion": "[steps('aoaiSettings').embeddingModelVersion]"
+      "embeddingModelVersion": "[steps('aoaiSettings').embeddingModelVersion]",
+      "publicStorageAccountName": "[steps('StorageaccountSettings').StorageAccountName]",
+      "publicStorageAccountKey": "[steps('StorageaccountSettings').StorageAccountKey]"
     }
   }
 }