diff --git a/.gitignore b/.gitignore index 0d4f356..4df96e2 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,39 @@ public/ resources/ node_modules/ package-lock.json -.hugo_build.lock \ No newline at end of file +.hugo_build.lock + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/docs/content/en/docs/Deploy the Architecture/_index.md b/docs/content/en/docs/Deploy the Architecture/_index.md index fcf6221..73bb64d 100644 --- a/docs/content/en/docs/Deploy the Architecture/_index.md +++ b/docs/content/en/docs/Deploy the Architecture/_index.md @@ -4,9 +4,15 @@ weight: 3 description: This guide provides details and instructions to help you deploy the Activate GenAI with Azure Accelerator for your customer. --- +{{% pageinfo %}} +Work in progress. There are still some manual steps to be automated. Check [here](https://github.com/Azure/activate-genai/blob/main/infra/README.md) for the latest updates. +{{% /pageinfo %}} + + Run the following command to deploy the **Activate GenAI with Azure** Accelerator: ```bash cd infra +terraform init terraform apply ``` \ No newline at end of file diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl new file mode 100644 index 0000000..9030951 --- /dev/null +++ b/infra/.terraform.lock.hcl @@ -0,0 +1,60 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/azure/azapi" { + version = "1.9.0" + hashes = [ + "h1:yIJQVdnmGZdvS3yrw0M8ke9KiB/c0tjZ7KUXC46Hjx0=", + "zh:349569471fbf387feaaf8b88da1690669e201147c342f905e5eb03df42b3cf87", + "zh:54346d5fb78cbad3eb7cfd96e1dd7ce4f78666cabaaccfec6ee9437476330018", + "zh:64b799da915ea3a9a58ac7a926c6a31c59fd0d911687804d8e815eda88c5580b", + "zh:9336ed9e112555e0fda8af6be9ba21478e30117d79ba662233311d9560d2b7c6", + "zh:a8aace9897b28ea0b2dbd7a3be3df033e158af40412c9c7670be0956f216ed7e", + "zh:ab23df7de700d9e785009a4ca9ceb38ae1ab894a13f5788847f15d018556f415", + "zh:b4f13f0b13560a67d427c71c85246f8920f98987120341830071df4535842053", + "zh:e58377bf36d8a14d28178a002657865ee17446182dac03525fd43435e41a1b5c", + "zh:ea5db4acc6413fd0fe6b35981e58cdc9850f5f3118031cc3d2581de511aee6aa", + "zh:f0b32c06c6bd4e4af2c02a62be07b947766aeeb09289a03f21aba16c2fd3c60f", + "zh:f1518e766a90c257d7eb36d360dafaf311593a4a9352ff8db0bcfe0ed8cf45ae", + "zh:fa89e84cff0776b5b61ff27049b1d8ed52040bd58c81c4628890d644a6fb2989", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.72.0" + constraints = "3.72.0" + hashes = [ + "h1:xogMjHMWY7pwV6ZB8CSmZi0YJ8PLQrE+maLnQQv5x5g=", + "zh:0750326f82dc0765cd9dc0e142b4c325be7918beeacc0b887510274f15d76311", + "zh:10ba452905de646181bfbbb9555c7b8fb96138ddc4bb42227521c402c3b12213", + "zh:25c8198603cffa0920e6ae39a87a5bb4af75bbe1fba36156e8077ae50261a7ca", + "zh:5c294fff683c2fc292f502da43f41bf4b68a20bf60a2e92723768a0ce7fe2c7a", + "zh:84449a0e7d5bd4a3fda9a4c9ad287c4c7ebcc5ede406d3ab7593f073d40abdfc", + "zh:89f3fc2b3e84e45776fce547ed9fa3dbdba65fe243094fe308c5cef273b4d980", + "zh:a8cdfc816fbf14a230c3bb4ccdf70d19069186de78008e49dc9dfaa8aaf0208e", + "zh:d6e1d86f2d6d0e09d3961f10f9e26e24a25d39e98ecaf93d5cb089ddb4fea5b6", + "zh:e74f0e6c3904da8ff10bdb90be1fd8b20f1d3f14d62d24ffb76b61c623ee0e3c", + "zh:e9fb32ef48450b8109e30e47280053ca7d5307190bf6f516e1bebaf556dc8d81", + "zh:ee8c9bb7aa318a3d8a313eb032b3fc1a332114fe112723ba7b0c8cb4a5947476", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + hashes = [ + "h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} diff --git a/infra/README.md b/infra/README.md index e69de29..366638a 100644 --- a/infra/README.md +++ b/infra/README.md @@ -0,0 +1,50 @@ +# Deploying the Solution + +## Deploying the infrastructure + +Run the following commands to deploy the infrastructure: + +```bash +cd infra +terraform init +terraform apply +``` + +## Manual steps + +> This is temporal + +Clone the GitHub repository [cmendible/azure-search-openai-demo](https://github.com/cmendible/azure-search-openai-demo) and run the following commands to deploy the Azure Search Index and upload the sample documents: + +```bash +git clone https://github.com/cmendible/azure-search-openai-demo.git +cd azure-search-openai-demo +git checkout k8s + +export AZURE_PRINCIPAL_ID="" +export AZURE_RESOURCE_GROUP="" +export AZURE_SUBSCRIPTION_ID="" +export AZURE_TENANT_ID="" +export AZURE_STORAGE_ACCOUNT="" +export AZURE_STORAGE_CONTAINER="content" +export AZURE_SEARCH_SERVICE="" +export OPENAI_HOST="azure" +export AZURE_OPENAI_SERVICE="" +export OPENAI_API_KEY="" +export OPENAI_ORGANIZATION="" +export AZURE_OPENAI_EMB_DEPLOYMENT="text-embedding-ada-002" +export AZURE_OPENAI_EMB_MODEL_NAME="text-embedding-ada-002" +export AZURE_SEARCH_INDEX="gptkbindex" +``` + +Login to Azure: + +```bash +azd auth login --client-id --client-secret --tenant-id +``` + +Deploy the Azure Search Index and upload the sample documents: + +```bash +./scripts/prepdocs.sh +``` \ No newline at end of file diff --git a/infra/main.tf b/infra/main.tf index e69de29..9047fe3 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -0,0 +1,157 @@ +data "azurerm_subscription" "current" {} + +resource "random_id" "random" { + byte_length = 8 +} + +resource "azurerm_resource_group" "rg" { + name = var.resource_group_name + location = var.location +} + +locals { + name_sufix = substr(lower(random_id.random.hex), 1, 4) + storage_account_name = "${var.storage_account_name}${local.name_sufix}" +} + +module "vnet" { + source = "./modules/vnet" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = var.virtual_network_name +} + +module "apim" { + source = "./modules/apim" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + apim_name = var.apim_name + apim_subnet_id = module.vnet.apim_subnet_id + publisher_name = var.publisher_name + publisher_email = var.publisher_email +} + +module "mi" { + source = "./modules/mi" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + managed_identity_name = var.managed_identity_name +} + +resource "azurerm_role_assignment" "id_reader" { + scope = azurerm_resource_group.rg.id + role_definition_name = "Reader" + principal_id = module.mi.principal_id +} + +module "search" { + source = "./modules/search" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + search_name = var.search_name + principal_id = module.mi.principal_id +} + +module "form_recognizer" { + source = "./modules/form" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + form_recognizer_name = var.form_recognizer_name +} + +module "log" { + source = "./modules/log" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + log_name = var.log_name +} + +module "appi" { + source = "./modules/appi" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + appi_name = var.apim_name + log_id = module.log.log_id +} + +module "st" { + source = "./modules/st" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + storage_account_name = local.storage_account_name + principal_id = module.mi.principal_id +} + +module "openai" { + source = "./modules/openai" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + secondary_location = var.secondary_location + azopenai_name = var.azopenai_name + principal_id = module.mi.principal_id +} + +module "cae" { + source = "./modules/cae" + location = azurerm_resource_group.rg.location + resource_group_id = azurerm_resource_group.rg.id + cae_name = var.cae_name + cae_subnet_id = module.vnet.cae_subnet_id + log_workspace_id = module.log.log_workspace_id + log_key = module.log.log_key + appi_key = module.appi.appi_key +} + +module "ca_back" { + source = "./modules/ca-back" + location = azurerm_resource_group.rg.location + resource_group_id = azurerm_resource_group.rg.id + ca_name = var.ca_back_name + cae_id = module.cae.cae_id + managed_identity_id = module.mi.mi_id + chat_gpt_deployment = module.openai.gpt_deployment_name + chat_gpt_model = module.openai.gpt_deployment_name + embeddings_deployment = module.openai.embedding_deployment_name + embeddings_model = module.openai.embedding_deployment_name + storage_account_name = module.st.storage_account_name + storage_container_name = module.st.storage_container_name + search_service_name = module.search.search_service_name + search_index_name = module.search.search_index_name + openai_service_name = module.openai.openai_service_name + tenant_id = data.azurerm_subscription.current.tenant_id + managed_identity_client_id = module.mi.client_id +} + +# module "ca_webapi" { +# source = "./modules/ca-webapi" +# location = azurerm_resource_group.rg.location +# resource_group_id = azurerm_resource_group.rg.id +# ca_name = var.ca_webapi_name +# cae_id = module.cae.cae_id +# cae_default_domain = module.cae.defaultDomain +# ca_webapp_name = var.ca_webapp_name +# managed_identity_id = module.mi.mi_id +# chat_gpt_deployment = module.openai.gpt_deployment_name +# chat_gpt_model = module.openai.gpt_deployment_name +# embeddings_deployment = module.openai.embedding_deployment_name +# embeddings_model = module.openai.embedding_deployment_name +# storage_account_name = module.st.storage_account_name +# storage_container_name = module.st.storage_container_name +# search_service_name = module.search.search_service_name +# search_index_name = module.search.search_index_name +# openai_service_name = module.openai.openai_service_name +# tenant_id = data.azurerm_subscription.current.tenant_id +# managed_identity_client_id = module.mi.client_id +# } + +# module "ca_webapp" { +# source = "./modules/ca-webapp" +# location = azurerm_resource_group.rg.location +# resource_group_id = azurerm_resource_group.rg.id +# ca_name = var.ca_webapp_name +# cae_id = module.cae.cae_id +# managed_identity_id = module.mi.mi_id +# tenant_id = data.azurerm_subscription.current.tenant_id +# managed_identity_client_id = module.mi.client_id +# backend_url = module.ca_webapi.fqdn +# } diff --git a/infra/modules/apim/main.tf b/infra/modules/apim/main.tf new file mode 100644 index 0000000..ed9922b --- /dev/null +++ b/infra/modules/apim/main.tf @@ -0,0 +1,13 @@ +resource "azurerm_api_management" "apim" { + name = var.apim_name + location = var.location + resource_group_name = var.resource_group_name + publisher_name = var.publisher_name + publisher_email = var.publisher_email + sku_name = "Developer_1" + virtual_network_type = "External" # Use "Internal" for a fully private APIM + + virtual_network_configuration { + subnet_id = var.apim_subnet_id + } +} diff --git a/infra/modules/apim/outputs.tf b/infra/modules/apim/outputs.tf new file mode 100644 index 0000000..65238b5 --- /dev/null +++ b/infra/modules/apim/outputs.tf @@ -0,0 +1,3 @@ +output "apim_name" { + value = azurerm_api_management.apim.name +} diff --git a/infra/modules/apim/variables.tf b/infra/modules/apim/variables.tf new file mode 100644 index 0000000..9f703d1 --- /dev/null +++ b/infra/modules/apim/variables.tf @@ -0,0 +1,6 @@ +variable "resource_group_name" {} +variable "location" {} +variable "apim_name" {} +variable "publisher_name" {} +variable "publisher_email" {} +variable "apim_subnet_id" {} diff --git a/infra/modules/appi/main.tf b/infra/modules/appi/main.tf new file mode 100644 index 0000000..58a28cc --- /dev/null +++ b/infra/modules/appi/main.tf @@ -0,0 +1,7 @@ +resource "azurerm_application_insights" "appinsights" { + name = var.appi_name + location = var.location + resource_group_name = var.resource_group_name + application_type = "web" + workspace_id = var.log_id +} diff --git a/infra/modules/appi/outputs.tf b/infra/modules/appi/outputs.tf new file mode 100644 index 0000000..7ddb725 --- /dev/null +++ b/infra/modules/appi/outputs.tf @@ -0,0 +1,7 @@ +output "appi_id" { + value = azurerm_application_insights.appinsights.id +} + +output "appi_key" { + value = azurerm_application_insights.appinsights.instrumentation_key +} diff --git a/infra/modules/appi/variables.tf b/infra/modules/appi/variables.tf new file mode 100644 index 0000000..b2601b7 --- /dev/null +++ b/infra/modules/appi/variables.tf @@ -0,0 +1,4 @@ +variable "resource_group_name" {} +variable "location" {} +variable "appi_name" {} +variable "log_id" {} \ No newline at end of file diff --git a/infra/modules/ca-back/main.tf b/infra/modules/ca-back/main.tf new file mode 100644 index 0000000..3812604 --- /dev/null +++ b/infra/modules/ca-back/main.tf @@ -0,0 +1,103 @@ +resource "azapi_resource" "ca_back" { + name = var.ca_name + location = var.location + parent_id = var.resource_group_id + type = "Microsoft.App/containerApps@2022-11-01-preview" + identity { + type = "UserAssigned" + identity_ids = [ + var.managed_identity_id + ] + } + + body = jsonencode({ + properties : { + managedEnvironmentId = "${var.cae_id}" + configuration = { + secrets = [] + ingress = { + external = true + targetPort = 50505 + transport = "Http" + + traffic = [ + { + latestRevision = true + weight = 100 + } + ] + } + dapr = { + enabled = false + } + } + template = { + containers = [ + { + name = "azseachopenai" + image = "cmendibl3/azseachopenai" + resources = { + cpu = 0.5 + memory = "1Gi" + } + env = [ + { + name = "AZURE_STORAGE_ACCOUNT" + value = "${var.storage_account_name}" + }, + { + name = "AZURE_STORAGE_CONTAINER" + value = "${var.storage_container_name}" + }, + { + name = "AZURE_SEARCH_SERVICE" + value = "${var.search_service_name}" + }, + { + name = "AZURE_SEARCH_INDEX" + value = "${var.search_index_name}" + }, + { + name = "AZURE_OPENAI_CHATGPT_MODEL" + value = "${var.chat_gpt_model}" + }, + { + name = "AZURE_OPENAI_CHATGPT_DEPLOYMENT" + value = "${var.chat_gpt_deployment}" + }, + { + name = "AZURE_OPENAI_EMB_MODEL_NAME" + value = "${var.embeddings_model}" + }, + { + name = "AZURE_OPENAI_EMB_DEPLOYMENT" + value = "${var.embeddings_deployment}" + }, + { + name = "AZURE_OPENAI_SERVICE" + value = "${var.openai_service_name}" + }, + { + name = "AZURE_TENANT_ID" + value = "${var.tenant_id}" + }, + { + name = "AZURE_CLIENT_ID" + value = "${var.managed_identity_client_id}" + }, + { + name = "APP_LOG_LEVEL" + value = "DEBUG" + } + ], + }, + ] + scale = { + minReplicas = 1 + maxReplicas = 1 + } + } + } + }) + response_export_values = ["properties.configuration.ingress.fqdn"] +} diff --git a/infra/modules/ca-back/outputs.tf b/infra/modules/ca-back/outputs.tf new file mode 100644 index 0000000..c0e0a25 --- /dev/null +++ b/infra/modules/ca-back/outputs.tf @@ -0,0 +1,4 @@ +output "fqdn" { + value = jsondecode(azapi_resource.ca_back.output).properties.configuration.ingress.fqdn +} + diff --git a/infra/modules/ca-back/providers.tf b/infra/modules/ca-back/providers.tf new file mode 100644 index 0000000..30260c4 --- /dev/null +++ b/infra/modules/ca-back/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.1.8" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.72.0" + } + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azurerm" { + features { + cognitive_account { + purge_soft_delete_on_destroy = true + } + } +} \ No newline at end of file diff --git a/infra/modules/ca-back/variables.tf b/infra/modules/ca-back/variables.tf new file mode 100644 index 0000000..aba8d67 --- /dev/null +++ b/infra/modules/ca-back/variables.tf @@ -0,0 +1,17 @@ +variable "resource_group_id" {} +variable "location" {} +variable "ca_name" {} +variable "cae_id" {} +variable "managed_identity_id" {} +variable "managed_identity_client_id" {} +variable "tenant_id" {} + +variable "storage_account_name" {} +variable "storage_container_name" {} +variable "search_service_name" {} +variable "search_index_name" {} +variable "chat_gpt_deployment" {} +variable "chat_gpt_model" {} +variable "embeddings_deployment" {} +variable "embeddings_model" {} +variable "openai_service_name" {} diff --git a/infra/modules/ca-webapi/main.tf b/infra/modules/ca-webapi/main.tf new file mode 100644 index 0000000..0386e29 --- /dev/null +++ b/infra/modules/ca-webapi/main.tf @@ -0,0 +1,102 @@ +resource "azapi_resource" "ca_webapi" { + name = var.ca_name + location = var.location + parent_id = var.resource_group_id + type = "Microsoft.App/containerApps@2022-11-01-preview" + identity { + type = "UserAssigned" + identity_ids = [ + var.managed_identity_id + ] + } + + body = jsonencode({ + properties : { + managedEnvironmentId = "${var.cae_id}" + configuration = { + secrets = [] + ingress = { + external = true + targetPort = 8080 + transport = "Http" + + traffic = [ + { + latestRevision = true + weight = 100 + } + ] + corsPolicy = { + allowedOrigins = [ + "https://${var.ca_webapp_name}.${var.cae_default_domain}" + ] + allowedHeaders = ["*"] + allowCredentials = false + } + } + dapr = { + enabled = false + } + } + template = { + containers = [ + { + name = "chat-copilot-webapi" + image = "cmendibl3/chat-copilot-webapi:0.1.0" + resources = { + cpu = 0.5 + memory = "1Gi" + } + env = [ + { + name = "Authentication__Type" + value = "None" + }, + { + name = "Planner__Model" + value = "${var.chat_gpt_model}" + }, + { + name = "SemanticMemory__Services__AzureOpenAIText__Endpoint" + value = "https://${var.openai_service_name}.openai.azure.com/" + }, + { + name = "SemanticMemory__Services__AzureOpenAIText__Deployment" + value = "${var.chat_gpt_model}" + }, + { + name = "SemanticMemory__Services__AzureOpenAIText__Auth" + value = "AzureIdentity" + }, + { + name = "SemanticMemory__Services__AzureOpenAIEmbedding__Endpoint" + value = "https://${var.openai_service_name}.openai.azure.com/" + }, + { + name = "SemanticMemory__Services__AzureOpenAIEmbedding__Deployment" + value = "${var.embeddings_model}" + }, + { + name = "SemanticMemory__Services__AzureOpenAIEmbedding__Auth" + value = "AzureIdentity" + }, + { + name = "AZURE_TENANT_ID" + value = "${var.tenant_id}" + }, + { + name = "AZURE_CLIENT_ID" + value = "${var.managed_identity_client_id}" + }, + ], + }, + ] + scale = { + minReplicas = 1 + maxReplicas = 1 + } + } + } + }) + response_export_values = ["properties.configuration.ingress.fqdn"] +} diff --git a/infra/modules/ca-webapi/outputs.tf b/infra/modules/ca-webapi/outputs.tf new file mode 100644 index 0000000..6266cdb --- /dev/null +++ b/infra/modules/ca-webapi/outputs.tf @@ -0,0 +1,4 @@ +output "fqdn" { + value = jsondecode(azapi_resource.ca_webapi.output).properties.configuration.ingress.fqdn +} + diff --git a/infra/modules/ca-webapi/providers.tf b/infra/modules/ca-webapi/providers.tf new file mode 100644 index 0000000..30260c4 --- /dev/null +++ b/infra/modules/ca-webapi/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.1.8" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.72.0" + } + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azurerm" { + features { + cognitive_account { + purge_soft_delete_on_destroy = true + } + } +} \ No newline at end of file diff --git a/infra/modules/ca-webapi/variables.tf b/infra/modules/ca-webapi/variables.tf new file mode 100644 index 0000000..54e5b95 --- /dev/null +++ b/infra/modules/ca-webapi/variables.tf @@ -0,0 +1,20 @@ +variable "resource_group_id" {} +variable "location" {} +variable "ca_name" {} +variable "cae_id" {} +variable "cae_default_domain" {} +variable "managed_identity_id" {} +variable "managed_identity_client_id" {} +variable "tenant_id" {} + +variable "ca_webapp_name" {} + +variable "storage_account_name" {} +variable "storage_container_name" {} +variable "search_service_name" {} +variable "search_index_name" {} +variable "chat_gpt_deployment" {} +variable "chat_gpt_model" {} +variable "embeddings_deployment" {} +variable "embeddings_model" {} +variable "openai_service_name" {} diff --git a/infra/modules/ca-webapp/main.tf b/infra/modules/ca-webapp/main.tf new file mode 100644 index 0000000..52c491d --- /dev/null +++ b/infra/modules/ca-webapp/main.tf @@ -0,0 +1,59 @@ +resource "azapi_resource" "ca_webapp" { + name = var.ca_name + location = var.location + parent_id = var.resource_group_id + type = "Microsoft.App/containerApps@2022-11-01-preview" + identity { + type = "UserAssigned" + identity_ids = [ + var.managed_identity_id + ] + } + + body = jsonencode({ + properties : { + managedEnvironmentId = "${var.cae_id}" + configuration = { + secrets = [] + ingress = { + external = true + targetPort = 3000 + transport = "Http" + + traffic = [ + { + latestRevision = true + weight = 100 + } + ] + } + dapr = { + enabled = false + } + } + template = { + containers = [ + { + name = "chat-copilot-webapp" + image = "cmendibl3/chat-copilot-webapp:0.1.0" + resources = { + cpu = 0.5 + memory = "1Gi" + } + env = [ + { + name = "REACT_APP_BACKEND_URI" + value = "${var.backend_url}" + }, + ], + }, + ] + scale = { + minReplicas = 1 + maxReplicas = 1 + } + } + } + }) + response_export_values = ["properties.configuration.ingress.fqdn"] +} diff --git a/infra/modules/ca-webapp/outputs.tf b/infra/modules/ca-webapp/outputs.tf new file mode 100644 index 0000000..83b5bbb --- /dev/null +++ b/infra/modules/ca-webapp/outputs.tf @@ -0,0 +1,3 @@ +output "fqdn" { + value = jsondecode(azapi_resource.ca_webapp.output).properties.configuration.ingress.fqdn +} diff --git a/infra/modules/ca-webapp/providers.tf b/infra/modules/ca-webapp/providers.tf new file mode 100644 index 0000000..30260c4 --- /dev/null +++ b/infra/modules/ca-webapp/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.1.8" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.72.0" + } + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azurerm" { + features { + cognitive_account { + purge_soft_delete_on_destroy = true + } + } +} \ No newline at end of file diff --git a/infra/modules/ca-webapp/variables.tf b/infra/modules/ca-webapp/variables.tf new file mode 100644 index 0000000..d2c65e3 --- /dev/null +++ b/infra/modules/ca-webapp/variables.tf @@ -0,0 +1,9 @@ +variable "resource_group_id" {} +variable "location" {} +variable "ca_name" {} +variable "cae_id" {} +variable "managed_identity_id" {} +variable "managed_identity_client_id" {} +variable "tenant_id" {} + +variable "backend_url" {} \ No newline at end of file diff --git a/infra/modules/cae/main.tf b/infra/modules/cae/main.tf new file mode 100644 index 0000000..1aa91fb --- /dev/null +++ b/infra/modules/cae/main.tf @@ -0,0 +1,30 @@ +resource "azapi_resource" "cae" { + name = var.cae_name + location = var.location + parent_id = var.resource_group_id + type = "Microsoft.App/managedEnvironments@2022-11-01-preview" + + body = jsonencode({ + properties : { + daprAIInstrumentationKey = "${var.appi_key}" + appLogsConfiguration = { + destination = "log-analytics" + logAnalyticsConfiguration = { + customerId = "${var.log_workspace_id}" + sharedKey = "${var.log_key}" + } + } + vnetConfiguration = { + internal = false + infrastructureSubnetId = "${var.cae_subnet_id}" + } + workloadProfiles = [ + { + workloadProfileType = "Consumption" + name = "Consumption" + }, + ] + } + }) + response_export_values = ["properties.defaultDomain"] +} diff --git a/infra/modules/cae/outputs.tf b/infra/modules/cae/outputs.tf new file mode 100644 index 0000000..a5cfcf5 --- /dev/null +++ b/infra/modules/cae/outputs.tf @@ -0,0 +1,8 @@ +output "cae_id" { + value = azapi_resource.cae.id +} + +output "defaultDomain" { + value = jsondecode(azapi_resource.cae.output).properties.defaultDomain +} + diff --git a/infra/modules/cae/providers.tf b/infra/modules/cae/providers.tf new file mode 100644 index 0000000..30260c4 --- /dev/null +++ b/infra/modules/cae/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.1.8" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.72.0" + } + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azurerm" { + features { + cognitive_account { + purge_soft_delete_on_destroy = true + } + } +} \ No newline at end of file diff --git a/infra/modules/cae/variables.tf b/infra/modules/cae/variables.tf new file mode 100644 index 0000000..b6abfd2 --- /dev/null +++ b/infra/modules/cae/variables.tf @@ -0,0 +1,7 @@ +variable "resource_group_id" {} +variable "location" {} +variable "cae_name" {} +variable "cae_subnet_id" {} +variable "log_workspace_id" {} +variable "log_key" {} +variable "appi_key" {} diff --git a/infra/modules/form/main.tf b/infra/modules/form/main.tf new file mode 100644 index 0000000..515189c --- /dev/null +++ b/infra/modules/form/main.tf @@ -0,0 +1,9 @@ +resource "azurerm_cognitive_account" "form" { + name = var.form_recognizer_name + location = var.location + resource_group_name = var.resource_group_name + kind = "FormRecognizer" + sku_name = "S0" + public_network_access_enabled = true + custom_subdomain_name = var.form_recognizer_name +} diff --git a/infra/modules/form/outputs.tf b/infra/modules/form/outputs.tf new file mode 100644 index 0000000..f083bb8 --- /dev/null +++ b/infra/modules/form/outputs.tf @@ -0,0 +1,3 @@ +output "form_recognizer_name" { + value = azurerm_cognitive_account.form.name +} diff --git a/infra/modules/form/variables.tf b/infra/modules/form/variables.tf new file mode 100644 index 0000000..3ef2359 --- /dev/null +++ b/infra/modules/form/variables.tf @@ -0,0 +1,3 @@ +variable "resource_group_name" {} +variable "location" {} +variable "form_recognizer_name" {} diff --git a/infra/modules/log/main.tf b/infra/modules/log/main.tf new file mode 100644 index 0000000..624f656 --- /dev/null +++ b/infra/modules/log/main.tf @@ -0,0 +1,7 @@ +resource "azurerm_log_analytics_workspace" "logs" { + name = var.log_name + location = var.location + resource_group_name = var.resource_group_name + sku = "PerGB2018" + retention_in_days = 30 +} \ No newline at end of file diff --git a/infra/modules/log/outputs.tf b/infra/modules/log/outputs.tf new file mode 100644 index 0000000..0f9c9b4 --- /dev/null +++ b/infra/modules/log/outputs.tf @@ -0,0 +1,11 @@ +output "log_id" { + value = azurerm_log_analytics_workspace.logs.id +} + +output "log_workspace_id" { + value = azurerm_log_analytics_workspace.logs.workspace_id +} + +output "log_key" { + value = azurerm_log_analytics_workspace.logs.primary_shared_key +} diff --git a/infra/modules/log/variables.tf b/infra/modules/log/variables.tf new file mode 100644 index 0000000..9667290 --- /dev/null +++ b/infra/modules/log/variables.tf @@ -0,0 +1,3 @@ +variable "resource_group_name" {} +variable "location" {} +variable "log_name" {} diff --git a/infra/modules/mi/main.tf b/infra/modules/mi/main.tf new file mode 100644 index 0000000..aa3abab --- /dev/null +++ b/infra/modules/mi/main.tf @@ -0,0 +1,7 @@ +# Create Managed Identity +resource "azurerm_user_assigned_identity" "mi" { + location = var.location + resource_group_name = var.resource_group_name + + name = var.managed_identity_name +} diff --git a/infra/modules/mi/outputs.tf b/infra/modules/mi/outputs.tf new file mode 100644 index 0000000..7e65938 --- /dev/null +++ b/infra/modules/mi/outputs.tf @@ -0,0 +1,11 @@ +output "mi_id" { + value = azurerm_user_assigned_identity.mi.id +} + +output "principal_id" { + value = azurerm_user_assigned_identity.mi.principal_id +} + +output "client_id" { + value = azurerm_user_assigned_identity.mi.client_id +} diff --git a/infra/modules/mi/variables.tf b/infra/modules/mi/variables.tf new file mode 100644 index 0000000..5204f06 --- /dev/null +++ b/infra/modules/mi/variables.tf @@ -0,0 +1,3 @@ +variable "resource_group_name" {} +variable "location" {} +variable "managed_identity_name" {} diff --git a/infra/modules/openai/main.tf b/infra/modules/openai/main.tf new file mode 100644 index 0000000..f26a5a0 --- /dev/null +++ b/infra/modules/openai/main.tf @@ -0,0 +1,89 @@ +resource "azurerm_cognitive_account" "openai" { + name = var.azopenai_name + kind = "OpenAI" + sku_name = "S0" + location = var.location + resource_group_name = var.resource_group_name + public_network_access_enabled = true + custom_subdomain_name = var.azopenai_name +} + +resource "azurerm_cognitive_deployment" "gpt_35_turbo" { + name = "gpt-35-turbo" + cognitive_account_id = azurerm_cognitive_account.openai.id + rai_policy_name = "Microsoft.Default" + model { + format = "OpenAI" + name = "gpt-35-turbo" + version = "0301" + } + + scale { + type = "Standard" + capacity = 120 + } +} + +resource "azurerm_cognitive_deployment" "embedding" { + name = "text-embedding-ada-002" + cognitive_account_id = azurerm_cognitive_account.openai.id + rai_policy_name = "Microsoft.Default" + model { + format = "OpenAI" + name = "text-embedding-ada-002" + version = "2" + } + + scale { + type = "Standard" + capacity = 120 + } +} + +resource "azurerm_role_assignment" "openai_user" { + scope = azurerm_cognitive_account.openai.id + role_definition_name = "Cognitive Services OpenAI User" + principal_id = var.principal_id +} + +# resource "azurerm_cognitive_account" "secondary_openai" { +# name = var.azopenai_name +# kind = "OpenAI" +# sku_name = "S0" +# location = var.secondary_location +# resource_group_name = var.resource_group_name +# public_network_access_enabled = true +# custom_subdomain_name = var.azopenai_name +# } + +# resource "azurerm_cognitive_deployment" "secondary_gpt_35_turbo" { +# name = "gpt-35-turbo" +# cognitive_account_id = azurerm_cognitive_account.secondary_openai.id +# rai_policy_name = "Microsoft.Default" +# model { +# format = "OpenAI" +# name = "gpt-35-turbo" +# version = "0301" +# } + +# scale { +# type = "Standard" +# capacity = 120 +# } +# } + +# resource "azurerm_cognitive_deployment" "secondary_embedding" { +# name = "text-embedding-ada-002" +# cognitive_account_id = azurerm_cognitive_account.secondary_openai.id +# rai_policy_name = "Microsoft.Default" +# model { +# format = "OpenAI" +# name = "text-embedding-ada-002" +# version = "2" +# } + +# scale { +# type = "Standard" +# capacity = 239 +# } +# } diff --git a/infra/modules/openai/outputs.tf b/infra/modules/openai/outputs.tf new file mode 100644 index 0000000..cd69a6b --- /dev/null +++ b/infra/modules/openai/outputs.tf @@ -0,0 +1,19 @@ +output "openai_service_name" { + value = azurerm_cognitive_account.openai.name +} + +output "openai_endpoint" { + value = azurerm_cognitive_account.openai.endpoint +} + +output "gpt_deployment_name" { + value = azurerm_cognitive_deployment.gpt_35_turbo.name +} + +output "embedding_deployment_name" { + value = azurerm_cognitive_deployment.embedding.name +} + +# output "secondary_openai_endpoint" { +# value = azurerm_cognitive_account.secondary_openai.endpoint +# } diff --git a/infra/modules/openai/variables.tf b/infra/modules/openai/variables.tf new file mode 100644 index 0000000..bc34a0a --- /dev/null +++ b/infra/modules/openai/variables.tf @@ -0,0 +1,5 @@ +variable "resource_group_name" {} +variable "location" {} +variable "secondary_location" {} +variable "azopenai_name" {} +variable "principal_id" {} diff --git a/infra/modules/search/main.tf b/infra/modules/search/main.tf new file mode 100644 index 0000000..2d2770b --- /dev/null +++ b/infra/modules/search/main.tf @@ -0,0 +1,26 @@ +resource "azurerm_search_service" "search" { + name = var.search_name + location = var.location + resource_group_name = var.resource_group_name + sku = "standard" + + local_authentication_enabled = false +} + +resource "azurerm_role_assignment" "search_reader" { + scope = azurerm_search_service.search.id + role_definition_name = "Search Index Data Reader" + principal_id = var.principal_id +} + +resource "azurerm_role_assignment" "search_data_contributor" { + scope = azurerm_search_service.search.id + role_definition_name = "Search Index Data Contributor" + principal_id = var.principal_id +} + +resource "azurerm_role_assignment" "search_service_contributor" { + scope = azurerm_search_service.search.id + role_definition_name = "Search Service Contributor" + principal_id = var.principal_id +} \ No newline at end of file diff --git a/infra/modules/search/outputs.tf b/infra/modules/search/outputs.tf new file mode 100644 index 0000000..a034b17 --- /dev/null +++ b/infra/modules/search/outputs.tf @@ -0,0 +1,8 @@ +output "search_service_name" { + value = azurerm_search_service.search.name +} + +output "search_index_name" { + value = "gptkbindex" +} + diff --git a/infra/modules/search/variables.tf b/infra/modules/search/variables.tf new file mode 100644 index 0000000..a993ce9 --- /dev/null +++ b/infra/modules/search/variables.tf @@ -0,0 +1,4 @@ +variable "resource_group_name" {} +variable "location" {} +variable "search_name" {} +variable "principal_id" {} \ No newline at end of file diff --git a/infra/modules/st/main.tf b/infra/modules/st/main.tf new file mode 100644 index 0000000..c655611 --- /dev/null +++ b/infra/modules/st/main.tf @@ -0,0 +1,30 @@ +resource "azurerm_storage_account" "sa" { + name = var.storage_account_name + location = var.location + resource_group_name = var.resource_group_name + account_tier = "Standard" + account_replication_type = "LRS" + enable_https_traffic_only = true + allow_nested_items_to_be_public = false + # We are enabling the firewall only allowing traffic from our PC's public IP. + # network_rules { + # default_action = "Deny" + # virtual_network_subnet_ids = [] + # ip_rules = [ + # jsondecode(data.http.current_public_ip.body).ip + # ] + # } +} + +# Create data container +resource "azurerm_storage_container" "content" { + name = "content" + container_access_type = "private" + storage_account_name = azurerm_storage_account.sa.name +} + +resource "azurerm_role_assignment" "storage_reader" { + scope = azurerm_storage_account.sa.id + role_definition_name = "Storage Blob Data Reader" + principal_id = var.principal_id +} diff --git a/infra/modules/st/outputs.tf b/infra/modules/st/outputs.tf new file mode 100644 index 0000000..4cc981f --- /dev/null +++ b/infra/modules/st/outputs.tf @@ -0,0 +1,7 @@ +output "storage_account_name" { + value = azurerm_storage_account.sa.name +} + +output "storage_container_name" { + value = azurerm_storage_container.content.name +} \ No newline at end of file diff --git a/infra/modules/st/variables.tf b/infra/modules/st/variables.tf new file mode 100644 index 0000000..3bc1d9a --- /dev/null +++ b/infra/modules/st/variables.tf @@ -0,0 +1,4 @@ +variable "resource_group_name" {} +variable "location" {} +variable "storage_account_name" {} +variable "principal_id" {} \ No newline at end of file diff --git a/infra/modules/vnet/main.tf b/infra/modules/vnet/main.tf new file mode 100644 index 0000000..a3c1af1 --- /dev/null +++ b/infra/modules/vnet/main.tf @@ -0,0 +1,39 @@ +resource "azurerm_virtual_network" "vnet" { + name = var.virtual_network_name + address_space = ["10.5.0.0/16"] + location = var.location + resource_group_name = var.resource_group_name +} + +resource "azurerm_subnet" "apim" { + name = "snet-apim" + resource_group_name = var.resource_group_name + virtual_network_name = azurerm_virtual_network.vnet.name + address_prefixes = ["10.5.0.0/29"] +} + +resource "azurerm_subnet" "private_endpoints" { + name = "snet-pe" + resource_group_name = var.resource_group_name + virtual_network_name = azurerm_virtual_network.vnet.name + address_prefixes = ["10.5.1.0/29"] +} + +resource "azurerm_subnet" "cae" { + name = "snet-cae" + resource_group_name = var.resource_group_name + virtual_network_name = azurerm_virtual_network.vnet.name + address_prefixes = ["10.5.2.0/23"] + + # Delegate the subnet to "Microsoft.App/environments" cause of the use of workload profiles + delegation { + name = "cae-delegation" + service_delegation { + name = "Microsoft.App/environments" + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", + ] + } + } +} + diff --git a/infra/modules/vnet/outputs.tf b/infra/modules/vnet/outputs.tf new file mode 100644 index 0000000..c926b19 --- /dev/null +++ b/infra/modules/vnet/outputs.tf @@ -0,0 +1,11 @@ +output "virtual_network_name" { + value = azurerm_virtual_network.vnet.name +} + +output "apim_subnet_id" { + value = azurerm_subnet.apim.id +} + +output "cae_subnet_id" { + value = azurerm_subnet.cae.id +} diff --git a/infra/modules/vnet/variables.tf b/infra/modules/vnet/variables.tf new file mode 100644 index 0000000..81acfae --- /dev/null +++ b/infra/modules/vnet/variables.tf @@ -0,0 +1,3 @@ +variable "resource_group_name" {} +variable "location" {} +variable "virtual_network_name" {} diff --git a/infra/outputs.tf b/infra/outputs.tf new file mode 100644 index 0000000..0abb424 --- /dev/null +++ b/infra/outputs.tf @@ -0,0 +1,44 @@ +output "resource_group_name" { + value = "${azurerm_resource_group.rg.name}" + description = "The name of the resource group" +} + +output "subscription_id" { + value = "${data.azurerm_subscription.current.subscription_id}" + description = "The subscription ID used" +} + +output "tenant_id" { + value = "${data.azurerm_subscription.current.tenant_id}" + description = "The tenant ID used" +} + +output "storage_account_name" { + value = "${module.st.storage_account_name}" + description = "The name of the storage account" +} + +output "storage_container_name" { + value = "${module.st.storage_container_name}" + description = "The name of the storage account" +} + +output "search_service_name" { + value = "${module.search.search_service_name}" + description = "The name of the search service" +} + +output "search_service_index_name" { + value = "${module.search.search_index_name}" + description = "The name of the search service index" +} + +output "openai_service_name" { + value = "${module.openai.openai_service_name}" + description = "The name of the openai service" +} + +output "embedding_deployment_name" { + value = "${module.openai.embedding_deployment_name}" + description = "The name of the embedding deployment" +} \ No newline at end of file diff --git a/infra/providers.tf b/infra/providers.tf index e69de29..30260c4 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.1.8" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.72.0" + } + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azurerm" { + features { + cognitive_account { + purge_soft_delete_on_destroy = true + } + } +} \ No newline at end of file diff --git a/infra/variables.tf b/infra/variables.tf index e69de29..d525240 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -0,0 +1,66 @@ +variable "resource_group_name" { + default = "rg-activate-genai" +} + +variable "location" { + default = "West Europe" +} + +variable "secondary_location" { + default = "North Europe" +} + +variable "log_name" { + default = "log-activate-genai" +} + +variable "azopenai_name" { + default = "cog-openai-activate-genai" +} + +variable "search_name" { + default = "srch-activate-genai" +} + +variable "form_recognizer_name" { + default = "cog-forms-activate-genai" +} + +variable "storage_account_name" { + default = "stgenai" +} + +variable "apim_name" { + default = "apim-activate-genai" +} + +variable "publisher_name" { + default = "contoso" +} +variable "publisher_email" { + default = "admin@contoso.com" +} + +variable "virtual_network_name" { + default = "vnet-activate-genai" +} + +variable "managed_identity_name" { + default = "id-activate-genai" +} + +variable "cae_name" { + default = "cae-activate-genai" +} + +variable "ca_back_name" { + default = "ca-back-activate-genai" +} + +variable "ca_webapi_name" { + default = "ca-webapi-activate-genai" +} + +variable "ca_webapp_name" { + default = "ca-webapp-activate-genai" +}