diff --git a/CHANGELOG.md b/CHANGELOG.md index fd037a4..1085b0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.7.0 + +- Allow resource suffix for custom resource names + ## v0.6.0 - Support network in different resource groups diff --git a/README.md b/README.md index c13687d..26f7b5a 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,6 @@ You can find examples of code that uses this Terraform module in the [examples]( | [azure\_openai\_deployment\_gpt4o](#input\_azure\_openai\_deployment\_gpt4o) | ------ Azure OpenAI ------ # |
object({
name : optional(string, "gpt-4o")
version : optional(string, "2024-08-06")
rate_limit : optional(number, 80)
enabled : optional(bool, true)
})
| `{}` | no | | [azure\_openai\_deployment\_gpt4o\_mini](#input\_azure\_openai\_deployment\_gpt4o\_mini) | n/a |
object({
name : optional(string, "gpt-4o-mini")
version : optional(string, "2024-07-18")
rate_limit : optional(number, 80)
enabled : optional(bool, true)
})
| `{}` | no | | [azure\_openai\_location](#input\_azure\_openai\_location) | The Azure region where to deploy the Azure OpenAI models.
Note that the models required by Nebuly are supported only in few specific regions. For more information, you can refer to Azure documentation:
https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#standard-deployment-model-availability | `string` | `"EastUS"` | no | -| [azuread\_identity\_override\_name](#input\_azuread\_identity\_override\_name) | Override the name of the Service Account representing the platform identity. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no | | [k8s\_image\_pull\_secret\_name](#input\_k8s\_image\_pull\_secret\_name) | The name of the Kubernetes Image Pull Secret to use.
This value will be used to auto-generate the values.yaml file for installing the Nebuly Platform Helm chart. | `string` | `"nebuly-docker-pull"` | no | | [key\_vault\_public\_network\_access\_enabled](#input\_key\_vault\_public\_network\_access\_enabled) | Can the Key Vault be accessed from the Internet, according to the firewall rules?
Default to true to to allow the Terraform module to be executed even outside the private virtual network.
When set to true, firewall rules are applied, and all connections are denied by default. | `bool` | `true` | no | | [key\_vault\_purge\_protection\_enabled](#input\_key\_vault\_purge\_protection\_enabled) | Is purge protection enabled for the Key Vault? | `bool` | `false` | no | @@ -181,6 +180,7 @@ You can find examples of code that uses this Terraform module in the [examples]( | [private\_dns\_zones](#input\_private\_dns\_zones) | Private DNS zones to use for Private Endpoint connections. If not provided, a new DNS Zone
is created and linked to the respective subnet. |
object({
flexible_postgres = optional(object({
name : string
resource_group_name : string
}), null)
key_vault = optional(object({
name : string
resource_group_name : string
}), null)
})
| `{}` | no | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where to provision the resources. | `string` | n/a | yes | | [resource\_prefix](#input\_resource\_prefix) | The prefix that is used for generating resource names. | `string` | n/a | yes | +| [resource\_suffix](#input\_resource\_suffix) | The suffix that is used for generating resource names. | `string` | `null` | no | | [storage\_account\_override\_name](#input\_storage\_account\_override\_name) | Override the name of the Storage Account. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no | | [subnet\_address\_space\_aks\_nodes](#input\_subnet\_address\_space\_aks\_nodes) | Address space of the new subnet in which to create the nodes of the AKS cluster.
If `subnet_name_aks_nodes` is provided, the existing subnet is used and this variable is ignored. | `list(string)` |
[
"10.0.0.0/22"
]
| no | | [subnet\_address\_space\_flexible\_postgres](#input\_subnet\_address\_space\_flexible\_postgres) | Address space of the new subnet delgated to Flexible PostgreSQL Server service.
If `subnet_name_flexible_postgres` is provided, the existing subnet is used and this variable is ignored. | `list(string)` |
[
"10.0.12.0/26"
]
| no | @@ -196,57 +196,57 @@ You can find examples of code that uses this Terraform module in the [examples]( ## Resources -- resource.azuread_application.main (/terraform-docs/main.tf#286) -- resource.azuread_group.aks_admins (/terraform-docs/main.tf#610) -- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#614) -- resource.azuread_service_principal.main (/terraform-docs/main.tf#292) -- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#297) -- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#504) -- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#524) -- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#541) -- resource.azurerm_key_vault.main (/terraform-docs/main.tf#219) -- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#558) -- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#301) -- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#310) -- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#748) -- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#323) -- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#332) -- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#760) -- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#771) -- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#487) -- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#478) -- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#705) -- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#421) -- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#429) -- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#351) -- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#402) -- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#395) -- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#415) -- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#409) -- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#181) -- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#199) -- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#187) -- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#204) -- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#245) -- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#700) -- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#276) -- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#268) -- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#596) -- resource.azurerm_storage_account.main (/terraform-docs/main.tf#572) -- resource.azurerm_storage_container.models (/terraform-docs/main.tf#592) -- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#137) -- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#159) -- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#151) -- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#129) -- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#346) -- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#687) -- resource.tls_private_key.aks (/terraform-docs/main.tf#606) -- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#744) -- data source.azuread_user.aks_admins (/terraform-docs/main.tf#81) -- data source.azurerm_client_config.current (/terraform-docs/main.tf#73) -- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#114) -- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#120) -- data source.azurerm_resource_group.main (/terraform-docs/main.tf#70) -- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#86) -- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#100) -- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#75) +- resource.azuread_application.main (/terraform-docs/main.tf#305) +- resource.azuread_group.aks_admins (/terraform-docs/main.tf#650) +- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#654) +- resource.azuread_service_principal.main (/terraform-docs/main.tf#315) +- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#320) +- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#531) +- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#551) +- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#568) +- resource.azurerm_key_vault.main (/terraform-docs/main.tf#238) +- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#585) +- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#324) +- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#333) +- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#788) +- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#346) +- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#355) +- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#800) +- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#811) +- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#510) +- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#501) +- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#745) +- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#444) +- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#452) +- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#374) +- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#425) +- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#418) +- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#438) +- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#432) +- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#200) +- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#218) +- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#206) +- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#223) +- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#264) +- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#740) +- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#295) +- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#287) +- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#636) +- resource.azurerm_storage_account.main (/terraform-docs/main.tf#612) +- resource.azurerm_storage_container.models (/terraform-docs/main.tf#632) +- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#156) +- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#178) +- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#170) +- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#144) +- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#369) +- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#727) +- resource.tls_private_key.aks (/terraform-docs/main.tf#646) +- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#784) +- data source.azuread_user.aks_admins (/terraform-docs/main.tf#96) +- data source.azurerm_client_config.current (/terraform-docs/main.tf#88) +- data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#129) +- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#135) +- data source.azurerm_resource_group.main (/terraform-docs/main.tf#85) +- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#101) +- data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#115) +- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#90) diff --git a/main.tf b/main.tf index 2faaf4b..49dbffa 100644 --- a/main.tf +++ b/main.tf @@ -29,17 +29,32 @@ terraform { # ------ Locals ------ # locals { - aks_cluster_name = format("%snebuly", var.resource_prefix) + aks_cluster_name = ( + var.resource_suffix == null ? + format("%snebuly", var.resource_prefix) : + format("%snebuly%s", var.resource_suffix) + ) whitelisted_ips = var.whitelisted_ips - postgres_server_name = var.postgres_override_name == null ? format("%snebulydb", var.resource_prefix) : var.postgres_override_name + postgres_server_generated_name = ( + var.resource_suffix == null ? + format("%snebulydb", var.resource_prefix) : + format("%snebulydb%s", var.resource_prefix, var.resource_suffix) + ) + postgres_server_name = ( + var.postgres_override_name == null ? local.postgres_server_generated_name : var.postgres_override_name + ) postgres_server_configurations = { "azure.extensions" : "vector,pgaudit", "shared_preload_libraries" : "pgaudit", } - key_vault_name = format("%snebulykv", var.resource_prefix) + key_vault_name = ( + var.resource_suffix == null ? + format("%snebulykv", var.resource_prefix) : + format("%snebulykv%s", var.resource_prefix, var.resource_suffix) + ) use_existing_virtual_network = var.virtual_network != null use_existing_aks_nodes_subnet = var.subnet_name_aks_nodes != null @@ -129,7 +144,11 @@ data "azurerm_private_dns_zone" "key_vault" { resource "azurerm_virtual_network" "main" { count = local.use_existing_virtual_network ? 0 : 1 - name = format("%s-nebuly-vnet", var.resource_prefix) + name = ( + var.resource_suffix == null ? + format("%s-nebuly-vnet", var.resource_prefix) : + format("%s-nebuly-%s-vnet", var.resource_prefix, var.resource_suffix) + ) resource_group_name = data.azurerm_resource_group.main.name location = var.location address_space = var.virtual_network_address_space @@ -284,7 +303,11 @@ resource "azurerm_role_assignment" "key_vault_secret_officer__current" { # ------ Identity ------ # resource "azuread_application" "main" { - display_name = var.azuread_identity_override_name == null ? format("%s.nebuly.platform", var.resource_prefix) : var.azuread_identity_override_name + display_name = ( + var.resource_suffix == null ? + format("%s.nebuly.platform", var.resource_prefix) : + format("%s.nebuly.platform.%s", var.resource_prefix, var.resource_suffix) + ) owners = [data.azurerm_client_config.current.object_id] sign_in_audience = "AzureADMyOrg" # default identifier_uris = [] @@ -499,7 +522,11 @@ resource "azurerm_key_vault_secret" "postgres_password" { # ------ Azure OpenAI ------ # locals { - azure_openai_account_name = format("%snebuly", var.resource_prefix) + azure_openai_account_name = ( + var.resource_suffix == null ? + format("%snebuly", var.resource_prefix) : + format("%snebuly%s", var.resource_prefix, var.resource_suffix) + ) } resource "azurerm_cognitive_account" "main" { name = local.azure_openai_account_name @@ -569,8 +596,21 @@ resource "azurerm_key_vault_secret" "azure_openai_api_key" { # ------ Model Registry ------ # +locals { + storage_account_generated_name = ( + var.resource_suffix == null ? + format("%smodels", var.resource_prefix) : + format("%smodels%s", var.resource_suffix) + + ) + storage_account_name = ( + var.storage_account_override_name == null ? + local.storage_account_generated_name : + var.storage_account_override_name + ) +} resource "azurerm_storage_account" "main" { - name = var.storage_account_override_name == null ? format("%smodels", var.resource_prefix) : var.storage_account_override_name + name = local.storage_account_name resource_group_name = data.azurerm_resource_group.main.name location = var.location diff --git a/variables.tf b/variables.tf index 0782438..8792904 100644 --- a/variables.tf +++ b/variables.tf @@ -3,6 +3,11 @@ variable "resource_prefix" { type = string description = "The prefix that is used for generating resource names." } +variable "resource_suffix" { + type = string + description = "The suffix that is used for generating resource names." + default = null +} variable "tags" { type = map(string) default = {} @@ -83,6 +88,11 @@ variable "postgres_server_high_availability" { mode = "SameZone" } } +variable "postgres_override_name" { + type = string + default = null + description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix." +} variable "postgres_server_maintenance_window" { type = object({ day_of_week : number @@ -208,19 +218,6 @@ variable "storage_account_override_name" { } -# ------ Override Names ------ # -variable "postgres_override_name" { - type = string - default = null - description = "Override the name of the PostgreSQL Server. If not provided, the name is generated based on the resource_prefix." -} -variable "azuread_identity_override_name" { - type = string - default = null - description = "Override the name of the Service Account representing the platform identity. If not provided, the name is generated based on the resource_prefix." -} - - # ------ Networking ------ # variable "whitelisted_ips" { description = <