Fixes

Author: aamini7

scenarios/AksOpenAiTerraform/README.md

@@ -8,44 +8,41 @@ ms.author: ariaamini
 ms.custom: innovation-engine, linux-related-content 
 ---
 
-## Provision Resources (~10 minutes)
-Run terraform to provision all the required Azure resources
+## Provision Resources with Terraform (~8 minutes)
+Run terraform to provision all the Azure resources required to setup your new OpenAI website.
 ```bash
-# Terraform parses TF_VAR_* (Ex: TF_VAR_xname -> xname)
+# Terraform parses TF_VAR_* as vars (Ex: TF_VAR_name -> name)
 export TF_VAR_location="westus3"  
 export TF_VAR_kubernetes_version="1.30.7"
 export TF_VAR_model_name="gpt-4o-mini"
 export TF_VAR_model_version="2024-07-18"
-
-terraform -chdir=infra init
-terraform -chdir=infra apply -auto-approve
+# Terraform consumes sub id as $ARM_SUBSCRIPTION_ID
+export ARM_SUBSCRIPTION_ID=$SUBSCRIPTION_ID
+# Run Terraform
+terraform -chdir=terraform init
+terraform -chdir=terraform apply -auto-approve
 ```
 
 ## Login to Cluster
+In order to use the kubectl to run commands on the newly created cluster, you must first login.
 ```bash
-RESOURCE_GROUP=$(terraform -chdir=infra output -raw resource_group_name)
+RESOURCE_GROUP=$(terraform -chdir=terraform output -raw resource_group_name)
 az aks get-credentials --admin --name AksCluster --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID
 ```
 
 ## Deploy
+Apply/Deploy Manifest File 
 ```bash
-## Build Dockerfile
-ACR_LOGIN_URL=$(terraform -chdir=infra output -raw acr_login_url)
-IMAGE="$ACR_LOGIN_URL/magic8ball:v1"
-az acr login --name $ACR_LOGIN_URL
-docker build -t $IMAGE ./magic8ball --push
-
-# Apply Manifest File
-export IMAGE
-export WORKLOAD_IDENTITY_CLIENT_ID=$(terraform -chdir=infra output -raw workload_identity_client_id)
-export AZURE_OPENAI_DEPLOYMENT=$(terraform -chdir=infra output -raw openai_deployment)
-export AZURE_OPENAI_ENDPOINT=$(terraform -chdir=infra output -raw openai_endpoint)
-envsubst < quickstart-app.yml | kubectl apply -f -```
+export IMAGE="aamini8/magic8ball:v1"
+export WORKLOAD_IDENTITY_CLIENT_ID=$(terraform -chdir=terraform output -raw workload_identity_client_id)
+export AZURE_OPENAI_DEPLOYMENT=$(terraform -chdir=terraform output -raw openai_deployment)
+export AZURE_OPENAI_ENDPOINT=$(terraform -chdir=terraform output -raw openai_endpoint)
+envsubst < quickstart-app.yml | kubectl apply -f -
 ```
 
 ## Wait for public IP
 ```bash
-kubectl wait --for=jsonpath="{.status.loadBalancer.ingress[0].ip}" service/magic8ball-service
-PUBLIC_IP=$(kubectl get service/magic8ball-service -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")
+kubectl wait --for=jsonpath="{.status.loadBalancer.ingress[0].ip}" service/magic8ball
+PUBLIC_IP=$(kubectl get service/magic8ball -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")
 echo "Connect to app: $PUBLIC_IP"
 ```

scenarios/AksOpenAiTerraform/magic8ball/app.py

@@ -3,24 +3,25 @@
 import os
 from openai import AzureOpenAI
 import streamlit as st
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.identity import WorkloadIdentityCredential, get_bearer_token_provider
 
 azure_deployment = os.getenv("AZURE_OPENAI_DEPLOYMENT")
 azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
+workload_identity_client_id = os.getenv("WORKLOAD_IDENTITY_CLIENT_ID")
 
 client = AzureOpenAI(
     api_version="2024-10-21",
     azure_endpoint=azure_endpoint,
     azure_ad_token_provider=get_bearer_token_provider(
-        DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default"
+        WorkloadIdentityCredential(client_id=workload_identity_client_id),
+        "https://cognitiveservices.azure.com/.default",
     ),
 )
 
 
 def call_api(messages):
     completion = client.chat.completions.create(
-        messages=messages,
-        model=azure_deployment
+        messages=messages, model=azure_deployment
     )
     return completion.choices[0].message.content
 

scenarios/AksOpenAiTerraform/quickstart-app.yml

@@ -5,6 +5,7 @@ metadata:
 data:
   AZURE_OPENAI_ENDPOINT: $AZURE_OPENAI_ENDPOINT
   AZURE_OPENAI_DEPLOYMENT: $AZURE_OPENAI_DEPLOYMENT
+  WORKLOAD_IDENTITY_CLIENT_ID: $WORKLOAD_IDENTITY_CLIENT_ID
 ---
 apiVersion: apps/v1
 kind: Deployment

scenarios/AksOpenAiTerraform/terraform/.terraform.lock.hcl

@@ -1,3 +1,20 @@
+###############################################################################
+# Plugin setup
+###############################################################################
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4.20.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+###############################################################################
+
 data "azurerm_client_config" "current" {
 }
 
@@ -161,15 +178,4 @@ resource "azurerm_bastion_host" "this" {
     subnet_id            = azurerm_subnet.this.id
     public_ip_address_id = azurerm_public_ip.this.id
   }
-}
-
-###############################################################################
-# Container Registry
-###############################################################################
-resource "azurerm_container_registry" "this" {
-  name                   = "acr${local.random_id}"
-  resource_group_name    = azurerm_resource_group.main.name
-  location               = var.location
-  sku                    = "Premium"
-  anonymous_pull_enabled = true
 }