WIP

Author: aamini7

scenarios/AksOpenAiTerraform/scripts/build-image.sh

@@ -1,3 +1,15 @@
+# Variables
+SUBSCRIPTION_ID=$(az account show --query id --output tsv)
+TENANT_ID=$(az account show --query tenantId --output tsv)
+RESOURCE_GROUP=$(terraform output resource_group_name)
+LOCATION="westus3"
+
+# Build/Push App's Docker image
+ACR_NAME=$(terraform output resource_group_name)
+az acr login --name $ACR_NAME
+ACR_URL=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
+docker build -t $ACR_URL/$ACR_NAME.azurecr.io/magic8ball:v1 ./app --push
+
 # Get AKS credentials
 az aks get-credentials \
   --admin \
@@ -11,7 +23,7 @@ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -o get_
 chmod 700 get_helm.sh
 ./get_helm.sh &>/dev/null
 
-# NGINX ingress controller
+# Install NGINX ingress controller
 helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
 helm install nginx-ingress ingress-nginx/ingress-nginx \
   --create-namespace \
@@ -24,23 +36,42 @@ helm install nginx-ingress ingress-nginx/ingress-nginx \
   --set controller.metrics.serviceMonitor.enabled=true \
   --set controller.metrics.serviceMonitor.additionalLabels.release="prometheus" \
 
-# Cert manager
+# Install Cert manager
 helm repo add jetstack https://charts.jetstack.io
 helm install cert-manager jetstack/cert-manager \
   --create-namespace \
   --namespace "cert-manager" \
   --set installCRDs=true \
   --set nodeSelector."kubernetes\.io/os"=linux
 
-# Prometheus
+# Install Prometheus
 helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
 helm install prometheus prometheus-community/kube-prometheus-stack \
     --create-namespace \
     --namespace prometheus \
     --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
     --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
 
-kubectl create namespace $namespace # Create workload namespace
+NAMESPACE="magic8ball"
+kubectl create namespace $NAMESPACE
 kubectl apply -f cluster-issuer.yml
 kubectl apply -f service-account.yml
-kubectl apply -n $namespace -f ingress.yml
+kubectl apply -n $NAMESPACE -f ingress.yml
+kubectl apply -n $NAMESPACE -f config-map.yml
+kubectl apply -n $NAMESPACE -f deployment.yml
+kubectl apply -f "service.yml" -n $NAMESPACE
+
+# Add DNS Record
+ingressName="magic8ball-ingress"
+publicIpAddress=$(kubectl get ingress $ingressName -n $namespace -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+if [ -n $publicIpAddress ]; then
+  echo "[$publicIpAddress] external IP address of the application gateway ingress controller successfully retrieved from the [$ingressName] ingress"
+else
+  echo "Failed to retrieve the external IP address of the application gateway ingress controller from the [$ingressName] ingress"
+  exit
+fi
+az network dns record-set a add-record \
+  --zone-name "contoso.com" \
+  --resource-group $RESOURCE_GROUP \
+  --record-set-name magic8ball \
+  --ipv4-address $publicIpAddress

scenarios/AksOpenAiTerraform/scripts/deploy-app.sh

@@ -75,49 +75,6 @@ spec:
           initialDelaySeconds: 60
           periodSeconds: 30
           timeoutSeconds: 5
-        env:
-        - name: TITLE
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: TITLE
-        - name: IMAGE_WIDTH
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: IMAGE_WIDTH
-        - name: LABEL
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: LABEL
-        - name: TEMPERATURE
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: TEMPERATURE
-        - name: AZURE_OPENAI_TYPE
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: AZURE_OPENAI_TYPE
-        - name: AZURE_OPENAI_BASE
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: AZURE_OPENAI_BASE
-        - name: AZURE_OPENAI_KEY
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: AZURE_OPENAI_KEY
-        - name: AZURE_OPENAI_MODEL
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: AZURE_OPENAI_MODEL
-        - name: AZURE_OPENAI_DEPLOYMENT
-          valueFrom:
-            configMapKeyRef:
-                name: magic8ball-configmap
-                key: AZURE_OPENAI_DEPLOYMENT
+        envFrom:
+          - configMapKeyRef: 
+            name: magic8ball-configmap

…os/AksOpenAiTerraform/scripts/install.sh …ios/AksOpenAiTerraform/scripts/deploy.shscenarios/AksOpenAiTerraform/scripts/install.sh renamed to scenarios/AksOpenAiTerraform/scripts/deploy.sh scenarios/AksOpenAiTerraform/scripts/install.sh renamed to scenarios/AksOpenAiTerraform/scripts/deploy.sh

@@ -20,6 +20,9 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   image_cleaner_enabled            = true
   image_cleaner_interval_hours     = 72
 
+  workload_identity_enabled        = true
+  oidc_issuer_enabled              = true
+
   default_node_pool {
     name           = "system"
     node_count     = 1

scenarios/AksOpenAiTerraform/scripts/dns.sh

@@ -7,7 +7,7 @@ output "id" {
 }
 
 output "aks_identity_principal_id" {
-  value = azurerm_user_assigned_identity.aks.id
+  value = azurerm_user_assigned_identity.aks.principal_id
 }
 
 output "kubelet_identity_object_id" {