chore: updated ip allocation according to current state

[mishraomp]

AI Hub Infra Changes

Summary: 1 to add, 1 to change, 0 to destroy (across 1 stack(s))

Show plan details

Terraform will perform the following actions:

  # module.key_rotation[0].azurerm_container_app_job.rotation will be updated in-place
  ~ resource "azurerm_container_app_job" "rotation" {
        id                           = "/subscriptions/****/resourceGroups/ai-services-hub-test/providers/Microsoft.App/jobs/ai-services-hub-testrotnjob"
        name                         = "ai-services-hub-testrotnjob"
        tags                         = {
            "app_env"     = "test"
            "environment" = "test"
            "repo_name"   = "ai-hub-tracking"
        }
        # (8 unchanged attributes hidden)

      ~ template {
          ~ container {
              ~ image             = "ghcr.io/bcgov/ai-hub-tracking/jobs/apim-key-rotation:v0.10.0" -> "ghcr.io/bcgov/ai-hub-tracking/jobs/apim-key-rotation:latest"
                name              = "key-rotation"
                # (5 unchanged attributes hidden)

              ~ env {
                    name        = "FORCE_IMAGE_PULL"
                  ~ value       = "v0.10.0" -> (known after apply)
                    # (1 unchanged attribute hidden)
                }

                # (12 unchanged blocks hidden)
            }
        }

        # (3 unchanged blocks hidden)
    }

  # module.key_rotation[0].terraform_data.image_refresh[0] will be created
  + resource "terraform_data" "image_refresh" {
      + id     = (known after apply)
      + input  = (known after apply)
      + output = (known after apply)
    }

Plan: 1 to add, 1 to change, 0 to destroy.

Warning: Value for undeclared variable

The root module does not declare a variable named "tenant_tags" but a value
was found in file
"/home/runner/work/ai-hub-tracking/ai-hub-tracking/infra-ai-hub/.tenants-test.auto.tfvars".
If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.

Warning: Value for undeclared variable

The root module does not declare a variable named "defender_enabled" but a
value was found in file
"/home/runner/work/ai-hub-tracking/ai-hub-tracking/infra-ai-hub/params/test/shared.tfvars".
If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.

Warning: Values for undeclared variables

In addition to the other similar warnings shown, 1 other variable(s) defined
without being declared.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...
2026-03-03T07:23:40Z [SUCCESS] terraform plan (key-rotation) (attempt 1/5) completed successfully
2026-03-03T07:23:40Z [SUCCESS] Stack engine finished at 2026-03-03T07:23:40Z — total time: 1m 59s
2026-03-03T07:23:40Z [SUCCESS] Workflow finished at 2026-03-03T07:23:40Z — total time: 2m 1s

---

Updated by CI — plan against test environment (run #238) at 2026-03-03 07:23:49 UTC.

[Copilot]

Pull request overview

Updates the documentation/diagrams to reflect the current network IP allocation model for the AI Hub landing zone, especially around PE subnet capacity and per-tenant private endpoint consumption.

Changes:

• Update PE subnet capacity guidance to account for Cosmos DB consuming 2 PE IPs (raising per-tenant PE IP usage to ~6).
• Refresh diagrams to reflect 3 VNets in the allocation model (prod/test/dev), with tools treated as a separate peered spoke.
• Revise network environment and IP budget diagrams to match current subnet sizing and NSG rule intent.

Reviewed changes

Copilot reviewed 4 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
infra-ai-hub/README.md	Updates runbook guidance for PE subnet capacity and per-tenant PE IP usage.
docs/diagrams.html	Updates published diagrams page text to reflect new capacity assumptions and VNet scope.
docs/_pages/diagrams.html	Updates source diagrams page text to match published content.
docs/assets/whats-included-scope.svg	Adjusts “what’s included” scope diagram to reflect PE/IP budgeting changes.
docs/assets/tenant-resource-group-model.svg	Updates tenant RG/IP budgeting callouts in the tenant model diagram.
docs/assets/network-environments.svg	Major refresh of the network environments diagram (subnet model, NSG notes, capacity callouts).
docs/assets/network-architecture.svg	Tweaks network architecture diagram callouts around PE connectivity/peering.
docs/assets/ip-budget-breakdown.svg	Reworks IP budget math and narrative to align with current PE consumption assumptions.
.github/skills/network/SKILL.md	Updates network skill guidance on PE pool behavior and capacity math for onboarding/changes.