Skip to content

Commit

Permalink
feat: resource suffix
Browse files Browse the repository at this point in the history
  • Loading branch information
Telemaco019 committed Dec 2, 2024
1 parent dd1a3b0 commit 469e46e
Show file tree
Hide file tree
Showing 4 changed files with 116 additions and 75 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## v0.7.0

- Allow resource suffix for custom resource names

## v0.6.0

- Support network in different resource groups
Expand Down
110 changes: 55 additions & 55 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,6 @@ You can find examples of code that uses this Terraform module in the [examples](
| <a name="input_azure_openai_deployment_gpt4o"></a> [azure\_openai\_deployment\_gpt4o](#input\_azure\_openai\_deployment\_gpt4o) | ------ Azure OpenAI ------ # | <pre>object({<br/> name : optional(string, "gpt-4o")<br/> version : optional(string, "2024-08-06")<br/> rate_limit : optional(number, 80)<br/> enabled : optional(bool, true)<br/> })</pre> | `{}` | no |
| <a name="input_azure_openai_deployment_gpt4o_mini"></a> [azure\_openai\_deployment\_gpt4o\_mini](#input\_azure\_openai\_deployment\_gpt4o\_mini) | n/a | <pre>object({<br/> name : optional(string, "gpt-4o-mini")<br/> version : optional(string, "2024-07-18")<br/> rate_limit : optional(number, 80)<br/> enabled : optional(bool, true)<br/> })</pre> | `{}` | no |
| <a name="input_azure_openai_location"></a> [azure\_openai\_location](#input\_azure\_openai\_location) | The Azure region where to deploy the Azure OpenAI models. <br/> Note that the models required by Nebuly are supported only in few specific regions. For more information, you can refer to Azure documentation:<br/> https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#standard-deployment-model-availability | `string` | `"EastUS"` | no |
| <a name="input_azuread_identity_override_name"></a> [azuread\_identity\_override\_name](#input\_azuread\_identity\_override\_name) | Override the name of the Service Account representing the platform identity. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no |
| <a name="input_k8s_image_pull_secret_name"></a> [k8s\_image\_pull\_secret\_name](#input\_k8s\_image\_pull\_secret\_name) | The name of the Kubernetes Image Pull Secret to use. <br/> This value will be used to auto-generate the values.yaml file for installing the Nebuly Platform Helm chart. | `string` | `"nebuly-docker-pull"` | no |
| <a name="input_key_vault_public_network_access_enabled"></a> [key\_vault\_public\_network\_access\_enabled](#input\_key\_vault\_public\_network\_access\_enabled) | Can the Key Vault be accessed from the Internet, according to the firewall rules?<br/> Default to true to to allow the Terraform module to be executed even outside the private virtual network. <br/> When set to true, firewall rules are applied, and all connections are denied by default. | `bool` | `true` | no |
| <a name="input_key_vault_purge_protection_enabled"></a> [key\_vault\_purge\_protection\_enabled](#input\_key\_vault\_purge\_protection\_enabled) | Is purge protection enabled for the Key Vault? | `bool` | `false` | no |
Expand All @@ -181,6 +180,7 @@ You can find examples of code that uses this Terraform module in the [examples](
| <a name="input_private_dns_zones"></a> [private\_dns\_zones](#input\_private\_dns\_zones) | Private DNS zones to use for Private Endpoint connections. If not provided, a new DNS Zone <br/> is created and linked to the respective subnet. | <pre>object({<br/> flexible_postgres = optional(object({<br/> name : string<br/> resource_group_name : string<br/> }), null)<br/> key_vault = optional(object({<br/> name : string<br/> resource_group_name : string<br/> }), null)<br/> })</pre> | `{}` | no |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where to provision the resources. | `string` | n/a | yes |
| <a name="input_resource_prefix"></a> [resource\_prefix](#input\_resource\_prefix) | The prefix that is used for generating resource names. | `string` | n/a | yes |
| <a name="input_resource_suffix"></a> [resource\_suffix](#input\_resource\_suffix) | The suffix that is used for generating resource names. | `string` | `null` | no |
| <a name="input_storage_account_override_name"></a> [storage\_account\_override\_name](#input\_storage\_account\_override\_name) | Override the name of the Storage Account. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no |
| <a name="input_subnet_address_space_aks_nodes"></a> [subnet\_address\_space\_aks\_nodes](#input\_subnet\_address\_space\_aks\_nodes) | Address space of the new subnet in which to create the nodes of the AKS cluster. <br/> If `subnet_name_aks_nodes` is provided, the existing subnet is used and this variable is ignored. | `list(string)` | <pre>[<br/> "10.0.0.0/22"<br/>]</pre> | no |
| <a name="input_subnet_address_space_flexible_postgres"></a> [subnet\_address\_space\_flexible\_postgres](#input\_subnet\_address\_space\_flexible\_postgres) | Address space of the new subnet delgated to Flexible PostgreSQL Server service. <br/> If `subnet_name_flexible_postgres` is provided, the existing subnet is used and this variable is ignored. | `list(string)` | <pre>[<br/> "10.0.12.0/26"<br/>]</pre> | no |
Expand All @@ -196,57 +196,57 @@ You can find examples of code that uses this Terraform module in the [examples](
## Resources


- resource.azuread_application.main (/terraform-docs/main.tf#286)
- resource.azuread_group.aks_admins (/terraform-docs/main.tf#610)
- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#614)
- resource.azuread_service_principal.main (/terraform-docs/main.tf#292)
- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#297)
- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#504)
- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#524)
- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#541)
- resource.azurerm_key_vault.main (/terraform-docs/main.tf#219)
- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#558)
- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#301)
- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#310)
- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#748)
- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#323)
- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#332)
- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#760)
- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#771)
- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#487)
- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#478)
- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#705)
- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#421)
- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#429)
- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#351)
- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#402)
- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#395)
- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#415)
- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#409)
- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#181)
- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#199)
- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#187)
- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#204)
- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#245)
- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#700)
- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#276)
- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#268)
- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#596)
- resource.azurerm_storage_account.main (/terraform-docs/main.tf#572)
- resource.azurerm_storage_container.models (/terraform-docs/main.tf#592)
- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#137)
- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#159)
- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#151)
- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#129)
- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#346)
- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#687)
- resource.tls_private_key.aks (/terraform-docs/main.tf#606)
- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#744)
- data source.azuread_user.aks_admins (/terraform-docs/main.tf#81)
- data source.azurerm_client_config.current (/terraform-docs/main.tf#73)
- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#114)
- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#120)
- data source.azurerm_resource_group.main (/terraform-docs/main.tf#70)
- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#86)
- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#100)
- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#75)
- resource.azuread_application.main (/terraform-docs/main.tf#305)
- resource.azuread_group.aks_admins (/terraform-docs/main.tf#650)
- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#654)
- resource.azuread_service_principal.main (/terraform-docs/main.tf#315)
- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#320)
- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#531)
- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#551)
- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#568)
- resource.azurerm_key_vault.main (/terraform-docs/main.tf#238)
- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#585)
- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#324)
- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#333)
- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#788)
- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#346)
- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#355)
- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#800)
- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#811)
- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#510)
- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#501)
- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#745)
- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#444)
- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#452)
- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#374)
- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#425)
- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#418)
- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#438)
- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#432)
- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#200)
- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#218)
- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#206)
- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#223)
- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#264)
- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#740)
- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#295)
- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#287)
- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#636)
- resource.azurerm_storage_account.main (/terraform-docs/main.tf#612)
- resource.azurerm_storage_container.models (/terraform-docs/main.tf#632)
- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#156)
- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#178)
- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#170)
- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#144)
- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#369)
- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#727)
- resource.tls_private_key.aks (/terraform-docs/main.tf#646)
- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#784)
- data source.azuread_user.aks_admins (/terraform-docs/main.tf#96)
- data source.azurerm_client_config.current (/terraform-docs/main.tf#88)
- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#129)
- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#135)
- data source.azurerm_resource_group.main (/terraform-docs/main.tf#85)
- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#101)
- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#115)
- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#90)
54 changes: 47 additions & 7 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,32 @@ terraform {

# ------ Locals ------ #
locals {
aks_cluster_name = format("%snebuly", var.resource_prefix)
aks_cluster_name = (
var.resource_suffix == null ?
format("%snebuly", var.resource_prefix) :
format("%snebuly%s", var.resource_suffix)
)

whitelisted_ips = var.whitelisted_ips

postgres_server_name = var.postgres_override_name == null ? format("%snebulydb", var.resource_prefix) : var.postgres_override_name
postgres_server_generated_name = (
var.resource_suffix == null ?
format("%snebulydb", var.resource_prefix) :
format("%snebulydb%s", var.resource_prefix, var.resource_suffix)
)
postgres_server_name = (
var.postgres_override_name == null ? local.postgres_server_generated_name : var.postgres_override_name
)
postgres_server_configurations = {
"azure.extensions" : "vector,pgaudit",
"shared_preload_libraries" : "pgaudit",
}

key_vault_name = format("%snebulykv", var.resource_prefix)
key_vault_name = (
var.resource_suffix == null ?
format("%snebulykv", var.resource_prefix) :
format("%snebulykv%s", var.resource_prefix, var.resource_suffix)
)

use_existing_virtual_network = var.virtual_network != null
use_existing_aks_nodes_subnet = var.subnet_name_aks_nodes != null
Expand Down Expand Up @@ -129,7 +144,11 @@ data "azurerm_private_dns_zone" "key_vault" {
resource "azurerm_virtual_network" "main" {
count = local.use_existing_virtual_network ? 0 : 1

name = format("%s-nebuly-vnet", var.resource_prefix)
name = (
var.resource_suffix == null ?
format("%s-nebuly-vnet", var.resource_prefix) :
format("%s-nebuly-%s-vnet", var.resource_prefix, var.resource_suffix)
)
resource_group_name = data.azurerm_resource_group.main.name
location = var.location
address_space = var.virtual_network_address_space
Expand Down Expand Up @@ -284,7 +303,11 @@ resource "azurerm_role_assignment" "key_vault_secret_officer__current" {

# ------ Identity ------ #
resource "azuread_application" "main" {
display_name = var.azuread_identity_override_name == null ? format("%s.nebuly.platform", var.resource_prefix) : var.azuread_identity_override_name
display_name = (
var.resource_suffix == null ?
format("%s.nebuly.platform", var.resource_prefix) :
format("%s.nebuly.platform.%s", var.resource_prefix, var.resource_suffix)
)
owners = [data.azurerm_client_config.current.object_id]
sign_in_audience = "AzureADMyOrg" # default
identifier_uris = []
Expand Down Expand Up @@ -499,7 +522,11 @@ resource "azurerm_key_vault_secret" "postgres_password" {

# ------ Azure OpenAI ------ #
locals {
azure_openai_account_name = format("%snebuly", var.resource_prefix)
azure_openai_account_name = (
var.resource_suffix == null ?
format("%snebuly", var.resource_prefix) :
format("%snebuly%s", var.resource_prefix, var.resource_suffix)
)
}
resource "azurerm_cognitive_account" "main" {
name = local.azure_openai_account_name
Expand Down Expand Up @@ -569,8 +596,21 @@ resource "azurerm_key_vault_secret" "azure_openai_api_key" {


# ------ Model Registry ------ #
locals {
storage_account_generated_name = (
var.resource_suffix == null ?
format("%smodels", var.resource_prefix) :
format("%smodels%s", var.resource_suffix)

)
storage_account_name = (
var.storage_account_override_name == null ?
local.storage_account_generated_name :
var.storage_account_override_name
)
}
resource "azurerm_storage_account" "main" {
name = var.storage_account_override_name == null ? format("%smodels", var.resource_prefix) : var.storage_account_override_name
name = local.storage_account_name
resource_group_name = data.azurerm_resource_group.main.name
location = var.location

Expand Down
23 changes: 10 additions & 13 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ variable "resource_prefix" {
type = string
description = "The prefix that is used for generating resource names."
}
variable "resource_suffix" {
type = string
description = "The suffix that is used for generating resource names."
default = null
}
variable "tags" {
type = map(string)
default = {}
Expand Down Expand Up @@ -83,6 +88,11 @@ variable "postgres_server_high_availability" {
mode = "SameZone"
}
}
variable "postgres_override_name" {
type = string
default = null
description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix."
}
variable "postgres_server_maintenance_window" {
type = object({
day_of_week : number
Expand Down Expand Up @@ -208,19 +218,6 @@ variable "storage_account_override_name" {
}


# ------ Override Names ------ #
variable "postgres_override_name" {
type = string
default = null
description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix."
}
variable "azuread_identity_override_name" {
type = string
default = null
description = "Override the name of the Service Account representing the platform identity. If not provided, the name is generated based on the resource_prefix."
}


# ------ Networking ------ #
variable "whitelisted_ips" {
description = <<EOT
Expand Down

0 comments on commit 469e46e

Please sign in to comment.