More fixes

Author: aamini7

scenarios/AksOpenAiTerraform/README.md

@@ -21,8 +21,15 @@ Run commands below to set up AKS extensions for Azure.
 A Service Principal is an application within Azure Active Directory with the authentication tokens Terraform needs to perform actions on your behalf.
 
 ```bash
-export SUBSCRIPTION_ID="0c8875c7-e423-4caa-827a-1f0350bd8dd3"
-az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID"
+# TODO: fix
+# az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$ARM_SUBSCRIPTION_ID"
+```
+
+## Setup Infra
+
+```bash
+export ARM_SUBSCRIPTION_ID="0c8875c7-e423-4caa-827a-1f0350bd8dd3"
+terraform apply
 ```
 
 ## Set up environment

scenarios/AksOpenAiTerraform/terraform/main.tf

@@ -61,21 +61,21 @@ module "virtual_network" {
     {
       name : var.system_node_pool_subnet_name
       address_prefixes : var.system_node_pool_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : var.user_node_pool_subnet_name
       address_prefixes : var.user_node_pool_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : var.pod_subnet_name
       address_prefixes : var.pod_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation = {
         name = "delegation"
@@ -88,14 +88,14 @@ module "virtual_network" {
     {
       name : var.vm_subnet_name
       address_prefixes : var.vm_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : "AzureBastionSubnet"
       address_prefixes : var.bastion_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     }
@@ -137,16 +137,13 @@ module "aks_cluster" {
   kubernetes_version                      = var.kubernetes_version
   dns_prefix                              = lower(var.aks_cluster_name)
   private_cluster_enabled                 = var.private_cluster_enabled
-  automatic_channel_upgrade               = var.automatic_channel_upgrade
   sku_tier                                = var.sku_tier
   system_node_pool_name                   = var.system_node_pool_name
   system_node_pool_vm_size                = var.system_node_pool_vm_size
   vnet_subnet_id                          = module.virtual_network.subnet_ids[var.system_node_pool_subnet_name]
   pod_subnet_id                           = module.virtual_network.subnet_ids[var.pod_subnet_name]
   system_node_pool_availability_zones     = var.system_node_pool_availability_zones
   system_node_pool_node_labels            = var.system_node_pool_node_labels
-  system_node_pool_enable_host_encryption = var.system_node_pool_enable_host_encryption
-  system_node_pool_enable_node_public_ip  = var.system_node_pool_enable_node_public_ip
   system_node_pool_max_pods               = var.system_node_pool_max_pods
   system_node_pool_os_disk_type           = var.system_node_pool_os_disk_type
   tags                                    = var.tags

scenarios/AksOpenAiTerraform/terraform/modules/aks/main.tf

@@ -28,7 +28,7 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   kubernetes_version               = var.kubernetes_version
   dns_prefix                       = var.dns_prefix
   private_cluster_enabled          = var.private_cluster_enabled
-  automatic_channel_upgrade        = var.automatic_channel_upgrade
+  automatic_upgrade_channel        = "stable"
   sku_tier                         = var.sku_tier
   workload_identity_enabled        = var.workload_identity_enabled
   oidc_issuer_enabled              = var.oidc_issuer_enabled
@@ -44,8 +44,6 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     pod_subnet_id           = var.pod_subnet_id
     zones                   = var.system_node_pool_availability_zones
     node_labels             = var.system_node_pool_node_labels
-    enable_host_encryption  = var.system_node_pool_enable_host_encryption
-    enable_node_public_ip   = var.system_node_pool_enable_node_public_ip
     max_pods                = var.system_node_pool_max_pods
     os_disk_type            = var.system_node_pool_os_disk_type
     tags                    = var.tags
@@ -86,7 +84,6 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
   }
 
   azure_active_directory_role_based_access_control {
-    managed                    = true
     tenant_id                  = var.tenant_id
     admin_group_object_ids     = var.admin_group_object_ids
     azure_rbac_enabled         = var.azure_rbac_enabled

scenarios/AksOpenAiTerraform/terraform/modules/aks/variables.tf

@@ -47,17 +47,6 @@ variable "role_based_access_control_enabled" {
   type        = bool
 }
 
-variable "automatic_channel_upgrade" {
-  description = "(Optional) The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, and stable."
-  default     = "stable"
-  type        = string
-
-  validation {
-    condition = contains( ["patch", "rapid", "stable"], var.automatic_channel_upgrade)
-    error_message = "The upgrade mode is invalid."
-  }
-}
-
 variable "sku_tier" {
   description = "(Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free."
   default     = "Free"
@@ -133,18 +122,6 @@ variable "system_node_pool_subnet_address_prefix" {
   type        = list(string)
 }
 
-variable "system_node_pool_enable_host_encryption" {
-  description = "(Optional) Should the nodes in this Node Pool have host encryption enabled? Defaults to false."
-  type          = bool
-  default       = false
-} 
-
-variable "system_node_pool_enable_node_public_ip" {
-  description = "(Optional) Should each node have a Public IP Address? Defaults to false. Changing this forces a new resource to be created."
-  type          = bool
-  default       = false
-} 
-
 variable "system_node_pool_max_pods" {
   description = "(Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created."
   type          = number

scenarios/AksOpenAiTerraform/terraform/modules/node_pool/main.tf

@@ -8,8 +8,6 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pool" {
   zones                        = var.availability_zones
   vnet_subnet_id               = var.vnet_subnet_id
   pod_subnet_id                = var.pod_subnet_id
-  enable_host_encryption       = var.enable_host_encryption
-  enable_node_public_ip        = var.enable_node_public_ip
   proximity_placement_group_id = var.proximity_placement_group_id
   orchestrator_version         = var.orchestrator_version
   max_pods                     = var.max_pods

scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/main.tf

@@ -19,7 +19,7 @@ resource "azurerm_subnet" "subnet" {
   resource_group_name                            = var.resource_group_name
   virtual_network_name                           = azurerm_virtual_network.vnet.name
   address_prefixes                               = each.value.address_prefixes
-  private_endpoint_network_policies              = each.value.private_endpoint_network_policies_enabled
+  private_endpoint_network_policies              = each.value.private_endpoint_network_policies
   private_link_service_network_policies_enabled  = each.value.private_link_service_network_policies_enabled
 
   dynamic "delegation" {
@@ -28,8 +28,8 @@ resource "azurerm_subnet" "subnet" {
       name                                       = "delegation"
 
       service_delegation {
-        name                                     = each.name
-        actions                                  = each.actions
+        name                                     = delegation.value.service_delegation.name
+        actions                                  = delegation.value.service_delegation.actions
       }
     }
   }

scenarios/AksOpenAiTerraform/terraform/variables.tf

@@ -124,17 +124,6 @@ variable "role_based_access_control_enabled" {
   type        = bool
 }
 
-variable "automatic_channel_upgrade" {
-  description = "(Optional) The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, and stable."
-  default     = "stable"
-  type        = string
-
-  validation {
-    condition = contains( ["patch", "rapid", "stable"], var.automatic_channel_upgrade)
-    error_message = "The upgrade mode is invalid."
-  }
-}
-
 variable "admin_group_object_ids" {
   description = "(Optional) A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster."
   default     = []
@@ -200,18 +189,6 @@ variable "system_node_pool_name" {
   type        = string
 }
 
-variable "system_node_pool_enable_host_encryption" {
-  description = "(Optional) Should the nodes in this Node Pool have host encryption enabled? Defaults to false."
-  type          = bool
-  default       = false
-} 
-
-variable "system_node_pool_enable_node_public_ip" {
-  description = "(Optional) Should each node have a Public IP Address? Defaults to false. Changing this forces a new resource to be created."
-  type          = bool
-  default       = false
-} 
-
 variable "system_node_pool_max_pods" {
   description = "(Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created."
   type          = number