Fixes

Author: aamini7

scenarios/AksOpenAiTerraform/terraform/.terraform.lock.hcl

@@ -15,57 +15,24 @@ data "azurerm_client_config" "current" {
 }
 
 locals {
-  log_analytics_workspace_name = "Workspace"
-  log_analytics_retention_days = 30
-
+  vm_subnet_name               = "VmSubnet"
   system_node_pool_subnet_name = "SystemSubnet"
   user_node_pool_subnet_name   = "UserSubnet"
   pod_subnet_name              = "PodSubnet"
-  vm_subnet_name               = "VmSubnet"
 
   namespace            = "magic8ball"
   service_account_name = "magic8ball-sa"
 
-  subnets = [
-    {
-      name : local.system_node_pool_subnet_name
-      address_prefixes : ["10.240.0.0/16"]
-      delegation = null
-    },
-    {
-      name : local.user_node_pool_subnet_name
-      address_prefixes : ["10.241.0.0/16"]
-      delegation = null
-    },
-    {
-      name : local.vm_subnet_name
-      address_prefixes : ["10.243.1.0/24"]
-      delegation = null
-    },
-    {
-      name : "AzureBastionSubnet"
-      address_prefixes : ["10.243.2.0/24"]
-      delegation = null
-    },
-    {
-      name : local.pod_subnet_name
-      address_prefixes : ["10.242.0.0/16"]
-      delegation = {
-        name = "delegation"
-        service_delegation = {
-          name    = "Microsoft.ContainerService/managedClusters"
-          actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
-        }
-      }
-    },
-  ]
+  log_analytics_workspace_name = "Workspace"
+  log_analytics_retention_days = 30
 }
 
 resource "random_string" "rg_suffix" {
   length  = 6
   special = false
+  lower   = false
   upper   = false
-  numeric = false
+  numeric = true
 }
 
 resource "random_string" "storage_account_suffix" {
@@ -77,7 +44,7 @@ resource "random_string" "storage_account_suffix" {
 }
 
 resource "azurerm_resource_group" "rg" {
-  name     = "${var.name_prefix}-${random_string.rg_suffix}-rg"
+  name     = "${var.name_prefix}-${random_string.rg_suffix.result}-rg"
   location = var.location
 }
 
@@ -115,11 +82,12 @@ module "aks_cluster" {
   resource_group_id   = azurerm_resource_group.rg.id
   tenant_id           = data.azurerm_client_config.current.tenant_id
 
-  kubernetes_version           = "1.32"
-  sku_tier                     = "Free"
-  user_node_pool_subnet_name   = local.user_node_pool_subnet_name
-  system_node_pool_subnet_name = local.system_node_pool_subnet_name
-  pod_subnet_name              = local.pod_subnet_name
+  kubernetes_version = "1.30.7"
+  sku_tier           = "Free"
+
+  system_node_pool_subnet_id = module.virtual_network.subnet_ids[local.system_node_pool_subnet_name]
+  user_node_pool_subnet_id   = module.virtual_network.subnet_ids[local.user_node_pool_subnet_name]
+  pod_subnet_id              = module.virtual_network.subnet_ids[local.pod_subnet_name]
 
   log_analytics_workspace_id = module.log_analytics_workspace.id
 
@@ -154,7 +122,7 @@ module "storage_account" {
 
 module "key_vault" {
   source              = "./modules/key_vault"
-  name                = "${var.name_prefix}KeyVault"
+  name                = "${var.name_prefix}Vault"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -221,7 +189,39 @@ module "virtual_network" {
   log_analytics_workspace_id = module.log_analytics_workspace.id
 
   address_space = ["10.0.0.0/8"]
-  subnets       = local.subnets
+  subnets = [
+    {
+      name : local.system_node_pool_subnet_name
+      address_prefixes : ["10.240.0.0/16"]
+      delegation = null
+    },
+    {
+      name : local.user_node_pool_subnet_name
+      address_prefixes : ["10.241.0.0/16"]
+      delegation = null
+    },
+    {
+      name : local.vm_subnet_name
+      address_prefixes : ["10.243.1.0/24"]
+      delegation = null
+    },
+    {
+      name : "AzureBastionSubnet"
+      address_prefixes : ["10.243.2.0/24"]
+      delegation = null
+    },
+    {
+      name : local.pod_subnet_name
+      address_prefixes : ["10.242.0.0/16"]
+      delegation = {
+        name = "delegation"
+        service_delegation = {
+          name    = "Microsoft.ContainerService/managedClusters"
+          actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
+        }
+      }
+    },
+  ]
 }
 
 module "nat_gateway" {
@@ -230,7 +230,7 @@ module "nat_gateway" {
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
-  subnet_ids = module.virtual_network.subnet_ids[local.system_node_pool_subnet_name]
+  subnet_ids = module.virtual_network.subnet_ids
 }
 
 module "bastion_host" {
@@ -344,7 +344,7 @@ module "blob_private_endpoint" {
   location                       = var.location
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
-  private_connection_resource_id = module.storage_account.name
+  private_connection_resource_id = module.storage_account.id
   is_manual_connection           = false
   subresource_name               = "blob"
   private_dns_zone_group_name    = "BlobPrivateDnsZoneGroup"

scenarios/AksOpenAiTerraform/terraform/main.tf

@@ -25,8 +25,8 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     name           = "system"
     node_count     = 1
     vm_size        = var.system_node_pool_vm_size
-    vnet_subnet_id = var.system_node_pool_subnet_name
-    pod_subnet_id  = var.pod_subnet_name
+    vnet_subnet_id = var.system_node_pool_subnet_id
+    pod_subnet_id  = var.pod_subnet_id
     zones          = ["1", "2", "3"]
     max_pods       = 50
     os_disk_type   = "Ephemeral"
@@ -50,7 +50,7 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   }
 
   azure_active_directory_role_based_access_control {
-    tenant_id          = data.azurerm_client_config.current.tenant_id
+    tenant_id          = var.tenant_id
     azure_rbac_enabled = true
   }
 
@@ -66,8 +66,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pool" {
   vm_size               = var.user_node_pool_vm_size
   mode                  = "User"
   zones                 = ["1", "2", "3"]
-  vnet_subnet_id        = var.user_node_pool_subnet_name
-  pod_subnet_id         = var.pod_subnet_name
+  vnet_subnet_id        = var.user_node_pool_subnet_id
+  pod_subnet_id         = var.pod_subnet_id
   orchestrator_version  = var.kubernetes_version
   max_pods              = 50
   os_disk_type          = "Ephemeral"

scenarios/AksOpenAiTerraform/terraform/modules/aks/main.tf

@@ -0,0 +1,19 @@
+output "name" {
+  value = azurerm_kubernetes_cluster.aks_cluster.name
+}
+
+output "id" {
+  value = azurerm_kubernetes_cluster.aks_cluster.id
+}
+
+output "aks_identity_principal_id" {
+  value = azurerm_user_assigned_identity.aks_identity.principal_id
+}
+
+output "kubelet_identity_object_id" {
+  value = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
+}
+
+output "oidc_issuer_url" {
+  value = azurerm_kubernetes_cluster.aks_cluster.oidc_issuer_url
+}

scenarios/AksOpenAiTerraform/terraform/modules/aks/outputs.tf

@@ -40,14 +40,14 @@ variable "log_analytics_workspace_id" {
   type = string
 }
 
-variable "user_node_pool_subnet_name" {
+variable "user_node_pool_subnet_id" {
   type = string
 }
 
-variable "system_node_pool_subnet_name" {
+variable "system_node_pool_subnet_id" {
   type = string
 }
 
-variable "pod_subnet_name" {
+variable "pod_subnet_id" {
   type = string
 }

scenarios/AksOpenAiTerraform/terraform/modules/aks/variables.tf

@@ -1,13 +1,6 @@
 resource "azurerm_private_dns_zone" "private_dns_zone" {
   name                = var.name
   resource_group_name = var.resource_group_name
-  tags                = var.tags
-
-  lifecycle {
-    ignore_changes = [
-      tags
-    ]
-  }
 }
 
 resource "azurerm_private_dns_zone_virtual_network_link" "link" {
@@ -17,10 +10,4 @@ resource "azurerm_private_dns_zone_virtual_network_link" "link" {
   resource_group_name   = var.resource_group_name
   private_dns_zone_name = azurerm_private_dns_zone.private_dns_zone.name
   virtual_network_id    = "/subscriptions/${each.value.subscription_id}/resourceGroups/${each.value.resource_group_name}/providers/Microsoft.Network/virtualNetworks/${each.key}"
-
-  lifecycle {
-    ignore_changes = [
-      tags
-    ]
-  }
 }

scenarios/AksOpenAiTerraform/terraform/modules/private_dns_zone/main.tf

@@ -1,3 +1,3 @@
-output "name" {
-  value = azurerm_storage_account.storage_account.name
+output "id" {
+  value = azurerm_storage_account.storage_account.id
 }

scenarios/AksOpenAiTerraform/terraform/modules/storage_account/outputs.tf

@@ -3,5 +3,5 @@ output "name" {
 }
 
 output "subnet_ids" {
-  value = azurerm_subnet.subnet.*.id
+  value = { for subnet in azurerm_subnet.subnet : subnet.name => subnet.id }
 }

scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/outputs.tf

@@ -8,6 +8,21 @@ variable "location" {
   default = "westus2"
 }
 
+variable "kubernetes_version" {
+  type    = string
+  default = "1.30.7"
+}
+
+variable "system_node_pool_vm_size" {
+  type    = string
+  default = "Standard_D8ds_v5"
+}
+
+variable "user_node_pool_vm_size" {
+  type    = string
+  default = "Standard_D8ds_v5"
+}
+
 variable "email" {
   type    = string
   default = "[email protected]"