Fixes

Author: aamini7

scenarios/AksOpenAiTerraform/README.md

@@ -8,8 +8,6 @@ ms.author: ariaamini
 ms.custom: innovation-engine, linux-related-content 
 ---
 
-<!-- TODO: PARAMETERIZE REGION AND SUB IDS  -->
-
 ## Install AKS extension
 
 Run commands below to set up AKS extensions for Azure.
@@ -18,30 +16,16 @@ Run commands below to set up AKS extensions for Azure.
 ./terraform/register-preview-features.sh
 ```
 
-## Set up service principal
-
-A Service Principal is an application within Azure Active Directory with the authentication tokens Terraform needs to perform actions on your behalf.
-
-```bash
-# TODO: fix
-# az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$ARM_SUBSCRIPTION_ID"
-```
+## Set up Subscription ID to authenticate for Terraform
 
-## Setup Infra
+Terraform uses the ARM_SUBSCRIPTION_ID environment variable to authenticate while using CLI.
 
 ```bash
 export ARM_SUBSCRIPTION_ID="0c8875c7-e423-4caa-827a-1f0350bd8dd3"
-# For debugging in powershell
-# $env:ARM_SUBSCRIPTION_ID = "0c8875c7-e423-4caa-827a-1f0350bd8dd3"
-
-terraform apply
 ```
 
-## Set up environment
+## Run Terraform
 
 ```bash
-export ARM_CLIENT_ID=""
-export ARM_CLIENT_SECRET=""
-export ARM_SUBSCRIPTION_ID=""
-export ARM_TENANT_ID=""
+terraform apply
 ```

scenarios/AksOpenAiTerraform/terraform/main.tf

@@ -82,8 +82,10 @@ module "aks_cluster" {
   resource_group_id   = azurerm_resource_group.rg.id
   tenant_id           = data.azurerm_client_config.current.tenant_id
 
-  kubernetes_version = "1.30.7"
-  sku_tier           = "Free"
+  kubernetes_version       = var.kubernetes_version
+  sku_tier                 = "Free"
+  system_node_pool_vm_size = var.system_node_pool_vm_size
+  user_node_pool_vm_size   = var.user_node_pool_vm_size
 
   system_node_pool_subnet_id = module.virtual_network.subnet_ids[local.system_node_pool_subnet_name]
   user_node_pool_subnet_id   = module.virtual_network.subnet_ids[local.user_node_pool_subnet_name]
@@ -103,10 +105,10 @@ module "container_registry" {
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
-  log_analytics_workspace_id = module.log_analytics_workspace.id
-
-  sku           = "Basic"
+  sku           = "Premium"
   admin_enabled = true
+
+  log_analytics_workspace_id = module.log_analytics_workspace.id
 }
 
 module "storage_account" {
@@ -306,7 +308,6 @@ module "openai_private_endpoint" {
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
   private_connection_resource_id = module.openai.id
-  is_manual_connection           = false
   subresource_name               = "account"
   private_dns_zone_group_name    = "AcrPrivateDnsZoneGroup"
   private_dns_zone_group_ids     = [module.openai_private_dns_zone.id]
@@ -319,7 +320,6 @@ module "acr_private_endpoint" {
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
   private_connection_resource_id = module.container_registry.id
-  is_manual_connection           = false
   subresource_name               = "registry"
   private_dns_zone_group_name    = "AcrPrivateDnsZoneGroup"
   private_dns_zone_group_ids     = [module.acr_private_dns_zone.id]
@@ -332,7 +332,6 @@ module "key_vault_private_endpoint" {
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
   private_connection_resource_id = module.key_vault.id
-  is_manual_connection           = false
   subresource_name               = "vault"
   private_dns_zone_group_name    = "KeyVaultPrivateDnsZoneGroup"
   private_dns_zone_group_ids     = [module.key_vault_private_dns_zone.id]
@@ -345,7 +344,6 @@ module "blob_private_endpoint" {
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
   private_connection_resource_id = module.storage_account.id
-  is_manual_connection           = false
   subresource_name               = "blob"
   private_dns_zone_group_name    = "BlobPrivateDnsZoneGroup"
   private_dns_zone_group_ids     = [module.blob_private_dns_zone.id]

scenarios/AksOpenAiTerraform/terraform/modules/aks/variables.tf

@@ -27,13 +27,11 @@ variable "sku_tier" {
 }
 
 variable "system_node_pool_vm_size" {
-  default = "Standard_D8ds_v5"
-  type    = string
+  type = string
 }
 
 variable "user_node_pool_vm_size" {
-  default = "Standard_D8ds_v5"
-  type    = string
+  type = string
 }
 
 variable "log_analytics_workspace_id" {

scenarios/AksOpenAiTerraform/terraform/modules/private_endpoint/main.tf

@@ -7,9 +7,8 @@ resource "azurerm_private_endpoint" "private_endpoint" {
   private_service_connection {
     name                           = "${var.name}Connection"
     private_connection_resource_id = var.private_connection_resource_id
-    is_manual_connection           = var.is_manual_connection
-    subresource_names              = try([var.subresource_name], null)
-    request_message                = try(var.request_message, null)
+    is_manual_connection           = false
+    subresource_names              = [var.subresource_name]
   }
 
   private_dns_zone_group {

scenarios/AksOpenAiTerraform/terraform/modules/private_endpoint/variables.tf

@@ -1,61 +1,31 @@
 variable "name" {
-  description = "(Required) Specifies the name of the private endpoint. Changing this forces a new resource to be created."
-  type        = string
+  type = string
 }
 
 variable "resource_group_name" {
-  description = "(Required) The name of the resource group. Changing this forces a new resource to be created."
-  type        = string
+  type = string
 }
 
 variable "private_connection_resource_id" {
-  description = "(Required) Specifies the resource id of the private link service"
-  type        = string
+  type = string
 }
 
 variable "location" {
-  description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created."
-  type        = string
+  type = string
 }
 
 variable "subnet_id" {
-  description = "(Required) Specifies the resource id of the subnet"
-  type        = string
-}
-
-variable "is_manual_connection" {
-  description = "(Optional) Specifies whether the private endpoint connection requires manual approval from the remote resource owner."
-  type        = string
-  default     = false
+  type = string
 }
 
 variable "subresource_name" {
-  description = "(Optional) Specifies a subresource name which the Private Endpoint is able to connect to."
-  type        = string
-  default     = null
-}
-
-variable "request_message" {
-  description = "(Optional) Specifies a message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource."
-  type        = string
-  default     = null
+  type = string
 }
 
 variable "private_dns_zone_group_name" {
-  description = "(Required) Specifies the Name of the Private DNS Zone Group. Changing this forces a new private_dns_zone_group resource to be created."
-  type        = string
+  type = string
 }
 
 variable "private_dns_zone_group_ids" {
-  description = "(Required) Specifies the list of Private DNS Zones to include within the private_dns_zone_group."
-  type        = list(string)
-}
-
-variable "tags" {
-  description = "(Optional) Specifies the tags of the network security group"
-  default     = {}
-}
-
-variable "private_dns" {
-  default = {}
+  type = list(string)
 }