Fixes

Author: aamini7

scenarios/AksOpenAiTerraform/README.md

@@ -24,6 +24,12 @@ Terraform uses the ARM_SUBSCRIPTION_ID environment variable to authenticate whil
 export ARM_SUBSCRIPTION_ID="0c8875c7-e423-4caa-827a-1f0350bd8dd3"
 ```
 
+## Init Terraform
+
+```bash
+terraform init
+```
+
 ## Run Terraform
 
 ```bash

scenarios/AksOpenAiTerraform/terraform/main.tf

@@ -14,8 +14,18 @@ provider "azurerm" {
 data "azurerm_client_config" "current" {
 }
 
+resource "random_string" "rg_suffix" {
+  length  = 6
+  special = false
+  lower   = false
+  upper   = false
+  numeric = true
+}
+
 locals {
   tenant_id = data.azurerm_client_config.current.tenant_id
+  subscription_id = data.azurerm_client_config.current.subscription_id
+  random_id = random_string.rg_suffix.result
 
   vm_subnet_name               = "VmSubnet"
   system_node_pool_subnet_name = "SystemSubnet"
@@ -29,14 +39,6 @@ locals {
   log_analytics_retention_days = 30
 }
 
-resource "random_string" "rg_suffix" {
-  length  = 6
-  special = false
-  lower   = false
-  upper   = false
-  numeric = true
-}
-
 resource "random_string" "storage_account_suffix" {
   length  = 8
   special = false
@@ -46,16 +48,20 @@ resource "random_string" "storage_account_suffix" {
 }
 
 resource "azurerm_resource_group" "rg" {
-  name     = "${var.name_prefix}-${random_string.rg_suffix.result}-rg"
+  name     = "${var.resource_group_name_prefix}-${local.random_id}-rg"
   location = var.location
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
 }
 
 ###############################################################################
 # Application
 ###############################################################################
 module "openai" {
   source              = "./modules/openai"
-  name                = "${var.name_prefix}OpenAi"
+  name                = "OpenAi-${local.random_id}"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -69,16 +75,16 @@ module "openai" {
       }
     }
   ]
-  custom_subdomain_name         = lower("${var.name_prefix}OpenAi")
+  custom_subdomain_name         = "magic8ball"
   public_network_access_enabled = true
-  
-  log_analytics_workspace_id    = module.log_analytics_workspace.id
-  log_analytics_retention_days  = local.log_analytics_retention_days
+
+  log_analytics_workspace_id   = module.log_analytics_workspace.id
+  log_analytics_retention_days = local.log_analytics_retention_days
 }
 
 module "aks_cluster" {
   source              = "./modules/aks"
-  name                = "${var.name_prefix}AksCluster"
+  name                = "AksCluster"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
   resource_group_id   = azurerm_resource_group.rg.id
@@ -103,7 +109,7 @@ module "aks_cluster" {
 
 module "container_registry" {
   source              = "./modules/container_registry"
-  name                = "${var.name_prefix}Acr"
+  name                = "azure-container-registry"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -127,7 +133,7 @@ module "storage_account" {
 
 module "key_vault" {
   source              = "./modules/key_vault"
-  name                = "${var.name_prefix}Vault"
+  name                = "KeyVault-${local.random_id}"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -147,20 +153,21 @@ module "key_vault" {
 
 module "deployment_script" {
   source              = "./modules/deployment_script"
-  name                = "${var.name_prefix}BashScript"
+  name                = "DeployBashScript"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
-  azure_cli_version                   = "2.68.0"
-  managed_identity_name               = "${var.name_prefix}ScriptManagedIdentity"
+  azure_cli_version                   = "2.64.0"
+  aks_cluster_id = module.aks_cluster.id
+  managed_identity_name               = "ScriptManagedIdentity"
   aks_cluster_name                    = module.aks_cluster.name
   hostname                            = "magic8ball.contoso.com"
   namespace                           = local.namespace
   service_account_name                = local.service_account_name
   email                               = var.email
   primary_script_uri                  = "https://paolosalvatori.blob.core.windows.net/scripts/install-nginx-via-helm-and-create-sa.sh"
   tenant_id                           = local.tenant_id
-  subscription_id                     = data.azurerm_client_config.current.subscription_id
+  subscription_id                     = local.subscription_id
   workload_managed_identity_client_id = azurerm_user_assigned_identity.aks_workload_identity.client_id
 
   depends_on = [
@@ -170,7 +177,7 @@ module "deployment_script" {
 
 module "log_analytics_workspace" {
   source              = "./modules/log_analytics"
-  name                = "${var.name_prefix}${local.log_analytics_workspace_name}"
+  name                = "${local.log_analytics_workspace_name}"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -231,7 +238,7 @@ module "virtual_network" {
 
 module "nat_gateway" {
   source              = "./modules/nat_gateway"
-  name                = "${var.name_prefix}NatGateway"
+  name                = "NatGateway"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -240,7 +247,7 @@ module "nat_gateway" {
 
 module "bastion_host" {
   source              = "./modules/bastion_host"
-  name                = "${var.name_prefix}BastionHost"
+  name                = "BastionHost"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
 
@@ -259,7 +266,7 @@ module "acr_private_dns_zone" {
   resource_group_name = azurerm_resource_group.rg.name
   virtual_networks_to_link = {
     (module.virtual_network.name) = {
-      subscription_id     = data.azurerm_client_config.current.subscription_id
+      subscription_id     = local.subscription_id
       resource_group_name = azurerm_resource_group.rg.name
     }
   }
@@ -271,7 +278,7 @@ module "openai_private_dns_zone" {
   resource_group_name = azurerm_resource_group.rg.name
   virtual_networks_to_link = {
     (module.virtual_network.name) = {
-      subscription_id     = data.azurerm_client_config.current.subscription_id
+      subscription_id     = local.subscription_id
       resource_group_name = azurerm_resource_group.rg.name
     }
   }
@@ -283,7 +290,7 @@ module "key_vault_private_dns_zone" {
   resource_group_name = azurerm_resource_group.rg.name
   virtual_networks_to_link = {
     (module.virtual_network.name) = {
-      subscription_id     = data.azurerm_client_config.current.subscription_id
+      subscription_id     = local.subscription_id
       resource_group_name = azurerm_resource_group.rg.name
     }
   }
@@ -295,7 +302,7 @@ module "blob_private_dns_zone" {
   resource_group_name = azurerm_resource_group.rg.name
   virtual_networks_to_link = {
     (module.virtual_network.name) = {
-      subscription_id     = data.azurerm_client_config.current.subscription_id
+      subscription_id     = local.subscription_id
       resource_group_name = azurerm_resource_group.rg.name
     }
   }
@@ -306,7 +313,7 @@ module "blob_private_dns_zone" {
 ###############################################################################
 module "openai_private_endpoint" {
   source                         = "./modules/private_endpoint"
-  name                           = "${module.openai.name}PrivateEndpoint"
+  name                           = "OpenAiPrivateEndpoint"
   location                       = var.location
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
@@ -318,7 +325,7 @@ module "openai_private_endpoint" {
 
 module "acr_private_endpoint" {
   source                         = "./modules/private_endpoint"
-  name                           = "${module.container_registry.name}PrivateEndpoint"
+  name                           = "AcrPrivateEndpoint"
   location                       = var.location
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
@@ -330,7 +337,7 @@ module "acr_private_endpoint" {
 
 module "key_vault_private_endpoint" {
   source                         = "./modules/private_endpoint"
-  name                           = "${module.key_vault.name}PrivateEndpoint"
+  name                           = "VaultPrivateEndpoint"
   location                       = var.location
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
@@ -342,7 +349,7 @@ module "key_vault_private_endpoint" {
 
 module "blob_private_endpoint" {
   source                         = "./modules/private_endpoint"
-  name                           = "${var.name_prefix}BlobStoragePrivateEndpoint"
+  name                           = "BlobStoragePrivateEndpoint"
   location                       = var.location
   resource_group_name            = azurerm_resource_group.rg.name
   subnet_id                      = module.virtual_network.subnet_ids[local.vm_subnet_name]
@@ -356,7 +363,7 @@ module "blob_private_endpoint" {
 # Identities/Roles
 ###############################################################################
 resource "azurerm_user_assigned_identity" "aks_workload_identity" {
-  name                = "${var.name_prefix}WorkloadManagedIdentity"
+  name                = "WorkloadManagedIdentity"
   resource_group_name = azurerm_resource_group.rg.name
   location            = var.location
 }

scenarios/AksOpenAiTerraform/terraform/modules/aks/main.tf

@@ -30,6 +30,12 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     zones          = ["1", "2", "3"]
     max_pods       = 50
     os_disk_type   = "Ephemeral"
+
+    upgrade_settings {
+      drain_timeout_in_minutes      = 0
+      max_surge                     = "10%"
+      node_soak_duration_in_minutes = 0
+    }
   }
 
   identity {

scenarios/AksOpenAiTerraform/terraform/modules/deployment_script/main.tf

@@ -4,30 +4,24 @@ resource "azurerm_user_assigned_identity" "script_identity" {
   resource_group_name = var.resource_group_name
 }
 
-data "azurerm_kubernetes_cluster" "aks_cluster" {
-  name                = var.aks_cluster_name
-  resource_group_name = var.resource_group_name
-}
-
 resource "azurerm_role_assignment" "network_contributor_assignment" {
-  scope                            = data.azurerm_kubernetes_cluster.aks_cluster.id
+  scope                            = var.aks_cluster_id
   role_definition_name             = "Azure Kubernetes Service Cluster Admin Role"
   principal_id                     = azurerm_user_assigned_identity.script_identity.principal_id
-  skip_service_principal_aad_check = true
 }
 
 resource "azurerm_resource_deployment_script_azure_cli" "script" {
   name                = var.name
   resource_group_name = var.resource_group_name
   location            = var.location
+
   version             = var.azure_cli_version
   retention_interval  = "P1D"
   command_line        = "'foo' 'bar'"
   cleanup_preference  = "OnSuccess"
   force_update_tag    = "1"
   timeout             = "PT30M"
   primary_script_uri  = var.primary_script_uri
-  tags                = var.tags
 
   identity {
     type = "UserAssigned"

scenarios/AksOpenAiTerraform/terraform/modules/deployment_script/variables.tf

@@ -1,78 +1,60 @@
 variable "resource_group_name" {
-  description = "(Required) Specifies the resource group name"
   type        = string
 }
 
 variable "location" {
-  description = "(Required) Specifies the location of the Azure OpenAI Service"
   type        = string
 }
 
 variable "name" {
-  description = "(Required) Specifies the name of the Azure OpenAI Service"
   type        = string
-  default     = "BashScript"
+}
+
+variable "aks_cluster_id" {
+  type        = string
 }
 
 variable "azure_cli_version" {
-  description = "(Required) Azure CLI module version to be used."
   type        = string
-  default     = "2.9.1"
 }
 
 variable "managed_identity_name" {
-  description = "Specifies the name of the user-defined managed identity used by the deployment script."
   type        = string
-  default     = "ScriptManagedIdentity"
 }
 
 variable "primary_script_uri" {
-  description = "(Optional) Uri for the script. This is the entry point for the external script. Changing this forces a new Resource Deployment Script to be created."
   type        = string
 }
 
 variable "aks_cluster_name" {
-  description = "Specifies the name of the AKS cluster."
   type        = string
 }
 
 variable "tenant_id" {
-  description = "Specifies the Azure AD tenant id."
   type        = string
 }
 
 variable "subscription_id" {
-  description = "Specifies the Azure subscription id."
   type        = string
 }
 
 variable "hostname" {
-  description = "Specifies the hostname of the application."
   type        = string
 }
 
 variable "namespace" {
-  description = "Specifies the namespace of the application."
   type        = string
 }
 
 variable "service_account_name" {
-  description = "Specifies the service account of the application."
   type        = string
 }
 
 variable "workload_managed_identity_client_id" {
-  description = "Specifies the client id of the workload user-defined managed identity."
   type        = string
 }
 
 variable "email" {
   description = "Specifies the email address for the cert-manager cluster issuer."
   type        = string
-}
-
-variable "tags" {
-  description = "(Optional) Specifies the tags of the Azure OpenAI Service"
-  type        = map(any)
-  default     = {}
 }

scenarios/AksOpenAiTerraform/terraform/modules/openai/main.tf

@@ -2,6 +2,7 @@ resource "azurerm_cognitive_account" "openai" {
   name                          = var.name
   location                      = var.location
   resource_group_name           = var.resource_group_name
+  
   kind                          = "OpenAI"
   custom_subdomain_name         = var.custom_subdomain_name
   sku_name                      = var.sku_name