Skip to content

Commit 1bd0a3b

Browse files
author
Larry Franks
committed
added advanced template
1 parent 90c7a93 commit 1bd0a3b

File tree

1 file changed

+203
-25
lines changed

1 file changed

+203
-25
lines changed

articles/machine-learning/how-to-create-workspace-template.md

Lines changed: 203 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,209 @@ For more information on templates, see the following articles:
6565
* [Deploy an application with Azure Resource Manager templates](../azure-resource-manager/templates/deploy-powershell.md)
6666
* [Microsoft.MachineLearningServices resource types](https://docs.microsoft.com/azure/templates/microsoft.machinelearningservices/allversions)
6767

68+
### Advanced template
69+
70+
The following example template demonstrates how you to create a workspace with the following settings:
71+
72+
* Enable high confidentiality settings for the workspace
73+
* Enable encryption for the workspace
74+
* Uses an existing Azure KeyVault
75+
76+
```json
77+
{
78+
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
79+
"contentVersion": "1.0.0.0",
80+
"parameters": {
81+
"workspaceName": {
82+
"type": "string",
83+
"metadata": {
84+
"description": "Specifies the name of the Azure Machine Learning workspace."
85+
}
86+
},
87+
"location": {
88+
"type": "string",
89+
"defaultValue": "southcentralus",
90+
"allowedValues": [
91+
"eastus",
92+
"eastus2",
93+
"southcentralus",
94+
"southeastasia",
95+
"westcentralus",
96+
"westeurope",
97+
"westus2"
98+
],
99+
"metadata": {
100+
"description": "Specifies the location for all resources."
101+
}
102+
},
103+
"sku":{
104+
"type": "string",
105+
"defaultValue": "basic",
106+
"allowedValues": [
107+
"basic",
108+
"enterprise"
109+
],
110+
"metadata": {
111+
"description": "Specifies the sku, also referred as 'edition' of the Azure Machine Learning workspace."
112+
}
113+
},
114+
"hbi_workspace":{
115+
"type": "string",
116+
"defaultValue": "false",
117+
"allowedValues": [
118+
"false",
119+
"true"
120+
],
121+
"metadata": {
122+
"description": "Specifies that the Azure Machine Learning workspace holds highly confidential data."
123+
}
124+
},
125+
"encryption_status":{
126+
"type": "string",
127+
"defaultValue": "Disabled",
128+
"allowedValues": [
129+
"Enabled",
130+
"Disabled"
131+
],
132+
"metadata": {
133+
"description": "Specifies if the Azure Machine Learning workspace should be encrypted with customer managed key."
134+
}
135+
},
136+
"cmk_keyvault":{
137+
"type": "string",
138+
"metadata": {
139+
"description": "Specifies the customer managed keyVault arm id."
140+
}
141+
},
142+
"resource_cmk_uri":{
143+
"type": "string",
144+
"metadata": {
145+
"description": "Specifies if the customer managed keyvault key uri."
146+
}
147+
}
148+
},
149+
"variables": {
150+
"storageAccountName": "[concat('sa',uniqueString(resourceGroup().id))]",
151+
"storageAccountType": "Standard_LRS",
152+
"keyVaultName": "[concat('kv',uniqueString(resourceGroup().id))]",
153+
"tenantId": "[subscription().tenantId]",
154+
"applicationInsightsName": "[concat('ai',uniqueString(resourceGroup().id))]",
155+
"containerRegistryName": "[concat('cr',uniqueString(resourceGroup().id))]"
156+
},
157+
"resources": [
158+
{
159+
"type": "Microsoft.Storage/storageAccounts",
160+
"apiVersion": "2018-07-01",
161+
"name": "[variables('storageAccountName')]",
162+
"location": "[parameters('location')]",
163+
"sku": {
164+
"name": "[variables('storageAccountType')]"
165+
},
166+
"kind": "StorageV2",
167+
"properties": {
168+
"encryption": {
169+
"services": {
170+
"blob": {
171+
"enabled": true
172+
},
173+
"file": {
174+
"enabled": true
175+
}
176+
},
177+
"keySource": "Microsoft.Storage"
178+
},
179+
"supportsHttpsTrafficOnly": true
180+
}
181+
},
182+
{
183+
"type": "Microsoft.KeyVault/vaults",
184+
"apiVersion": "2018-02-14",
185+
"name": "[variables('keyVaultName')]",
186+
"location": "[parameters('location')]",
187+
"properties": {
188+
"tenantId": "[variables('tenantId')]",
189+
"sku": {
190+
"name": "standard",
191+
"family": "A"
192+
},
193+
"accessPolicies": []
194+
}
195+
},
196+
{
197+
"type": "Microsoft.Insights/components",
198+
"apiVersion": "2015-05-01",
199+
"name": "[variables('applicationInsightsName')]",
200+
"location": "[if(or(equals(parameters('location'),'eastus2'),equals(parameters('location'),'westcentralus')),'southcentralus',parameters('location'))]",
201+
"kind": "web",
202+
"properties": {
203+
"Application_Type": "web"
204+
}
205+
},
206+
{
207+
"type": "Microsoft.ContainerRegistry/registries",
208+
"apiVersion": "2017-10-01",
209+
"name": "[variables('containerRegistryName')]",
210+
"location": "[parameters('location')]",
211+
"sku": {
212+
"name": "Standard"
213+
},
214+
"properties": {
215+
"adminUserEnabled": true
216+
}
217+
},
218+
{
219+
"type": "Microsoft.MachineLearningServices/workspaces",
220+
"apiVersion": "2020-01-01",
221+
"name": "[parameters('workspaceName')]",
222+
"location": "[parameters('location')]",
223+
"dependsOn": [
224+
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
225+
"[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
226+
"[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
227+
"[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
228+
],
229+
"identity": {
230+
"type": "systemAssigned"
231+
},
232+
"sku": {
233+
"tier": "[parameters('sku')]",
234+
"name": "[parameters('sku')]"
235+
},
236+
"properties": {
237+
"friendlyName": "[parameters('workspaceName')]",
238+
"keyVault": "[resourceId('Microsoft.KeyVault/vaults',variables('keyVaultName'))]",
239+
"applicationInsights": "[resourceId('Microsoft.Insights/components',variables('applicationInsightsName'))]",
240+
"containerRegistry": "[resourceId('Microsoft.ContainerRegistry/registries',variables('containerRegistryName'))]",
241+
"storageAccount": "[resourceId('Microsoft.Storage/storageAccounts/',variables('storageAccountName'))]",
242+
"encryption": {
243+
"status": "[parameters('encryption_status')]",
244+
"keyVaultProperties": {
245+
"keyVaultArmId": "[parameters('cmk_keyvault')]",
246+
"keyIdentifier": "[parameters('resource_cmk_uri')]"
247+
}
248+
},
249+
"hbi_workspace": "[parameters('hbi_workspace')]"
250+
}
251+
}
252+
]
253+
}
254+
```
255+
256+
To get the ID of the Key Vault, and the key URI needed by this template, you can use the Azure CLI. The following command is an example of using the Azure CLI to get the Key Vault resource ID and URI:
257+
258+
```azurecli-interactive
259+
az keyvault show --name mykeyvault --resource-group myresourcegroup --query "[id, properties.vaultUri]"
260+
```
261+
262+
This command returns a value similar to the following text. The first value is the ID and the second is the URI:
263+
264+
```text
265+
[
266+
"/subscriptions/{subscription-guid}/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault",
267+
"https://mykeyvault.vault.azure.net/"
268+
]
269+
```
270+
68271
## Use the Azure portal
69272

70273
1. Follow the steps in [Deploy resources from custom template](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-template-deploy-portal#deploy-resources-from-custom-template). When you arrive at the __Edit template__ screen, paste in the template from this document.
@@ -105,31 +308,6 @@ az group deployment create \
105308

106309
For more information, see [Deploy resources with Resource Manager templates and Azure CLI](../azure-resource-manager/templates/deploy-cli.md) and [Deploy private Resource Manager template with SAS token and Azure CLI](../azure-resource-manager/templates/secure-template-with-sas-token.md).
107310

108-
## Advanced template
109-
110-
The following example template demonstrates how you to create a workspace with the following settings:
111-
112-
* Enable HBI for the workspace
113-
* Enable encryption for the workspace
114-
* Uses an existing Azure KeyVault
115-
116-
[TBD - reference template here]
117-
118-
To get the ID of the Key Vault, and the key URI needed by this template, you can use the Azure CLI. The following command is an example of using the Azure CLI to get the Key Vault resource ID and URI:
119-
120-
```azurecli-interactive
121-
az keyvault show --name mykeyvault --resource-group myresourcegroup --query "[id, properties.vaultUri]"
122-
```
123-
124-
This command returns a value similar to the following text. The first value is the ID and the second is the URI:
125-
126-
```text
127-
[
128-
"/subscriptions/{subscription-guid}/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault",
129-
"https://mykeyvault.vault.azure.net/"
130-
]
131-
```
132-
133311
## Troubleshooting
134312

135313
### Resource provider errors

0 commit comments

Comments
 (0)