Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update docs

Browse Source
This commit is contained in:
Dennis Eikelenboom 2021-08-18 08:23:27 -07:00
parent 14b6c7c279
commit 3cb80cebe4
4 changed files with 178 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
quickstart/101-machine-learning/readme.md Normal file
View File

@ -0,0 +1,39 @@
# Azure Machine Learning workspace
This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace),
and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry.
This template describes the minimal set of resources you require to get started with Azure Machine Learning.
## Resources
| Terraform Resource Type | Description |
| - | - |
| `azurerm_resource_group` | The resource group all resources get deployed into |
| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace |
| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace |
| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace |
| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace |
| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance |
## Variables
| Name | Description |
|-|-|
| name | Name of the deployment |
| environment | The deployment environment name (used for pre- and postfixing resource names) |
| location | The Azure region used for deployments |
## Usage
```bash
terraform plan \
-var 'name=azureml999' \
-var 'environment=dev' \
-var 'location=East US' \
-out demo.tfplan
terraform apply demo.tfplan
```
\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks.

90
quickstart/201-machine-learning-private/main.tf
View File

@ -9,93 +9,3 @@ resource "azurerm_resource_group" "default" {
name = "${var.name}-${var.environment}-rgp" name = "${var.name}-${var.environment}-rgp"
location = "${var.location}" location = "${var.location}"
} }
# Virtual network
resource "azurerm_virtual_network" "default" {
name = "${var.name}-${var.environment}-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_subnet" "mlsubnet" {
name = "mlsubnet"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = ["10.0.1.0/24"]
enforce_private_link_endpoint_network_policies = true
}
# DNS zones
resource "azurerm_private_dns_zone" "dnsvault" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
name = "dnsvaultlink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsstorageblob" {
name = "privatelink.blob.core.windows.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
name = "dnsblobstoragelink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsstoragefile" {
name = "privatelink.file.core.windows.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
name = "dnsfilestoragelink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnscontainerregistry" {
name = "privatelink.azurecr.io"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
name = "dnscrlink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsazureml" {
name = "privatelink.api.azureml.ms"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
name = "dnsazuremllink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsnotebooks" {
name = "privatelink.azureml.notebooks.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
name = "dnsnotebookslink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
virtual_network_id = azurerm_virtual_network.default.id
}

89
quickstart/201-machine-learning-private/network.tf Normal file
View File

@ -0,0 +1,89 @@
# Virtual Network resources
resource "azurerm_virtual_network" "default" {
name = "${var.name}-${var.environment}-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_subnet" "mlsubnet" {
name = "mlsubnet"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = ["10.0.1.0/24"]
enforce_private_link_endpoint_network_policies = true
}
# DNS zones
resource "azurerm_private_dns_zone" "dnsvault" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
name = "dnsvaultlink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsstorageblob" {
name = "privatelink.blob.core.windows.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
name = "dnsblobstoragelink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsstoragefile" {
name = "privatelink.file.core.windows.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
name = "dnsfilestoragelink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnscontainerregistry" {
name = "privatelink.azurecr.io"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
name = "dnscrlink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsazureml" {
name = "privatelink.api.azureml.ms"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
name = "dnsazuremllink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_private_dns_zone" "dnsnotebooks" {
name = "privatelink.azureml.notebooks.net"
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
name = "dnsnotebookslink"
resource_group_name = azurerm_resource_group.default.name
private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
virtual_network_id = azurerm_virtual_network.default.id
}

50
quickstart/201-machine-learning-private/readme.md Normal file
View File

@ -0,0 +1,50 @@
# Azure Machine Learning workspace using Azure Private Link
This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace),
and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry.
In addition to these core services, this template deploys any networking components that are required to set up Azure Machine Learning
for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/).
This template describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up.
To learn more about security configurations in Azure Machine Learning, see [Enterprise security and governance for Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security).
## Resources
| Terraform Resource Type | Description |
| - | - |
| `azurerm_resource_group` | The resource group all resources get deployed into |
| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace |
| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace |
| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace |
| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace |
| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance |
| `azurerm_virtual_network` | An Azure Machine Learning workspace instance |
| `azurerm_subnet` | An Azure Machine Learning workspace instance |
| `azurerm_private_dns_zone` | Private DNS Zones for FQDNs required for Azure Machine Learning and associated resources |
| `azurerm_private_dns_zone_virtual_network_link` | Virtual network links of the Private DNS Zones to the virtual network resource |
| `azurerm_private_endpoint` | Private Endpoints for the Azure Machine Learning workspace and associated resources |
## Variables
| Name | Description |
|-|-|
| name | Name of the deployment |
| environment | The deployment environment name (used for pre- and postfixing resource names) |
| location | The Azure region used for deployments |
## Usage
```bash
terraform plan \
-var 'name=azureml999' \
-var 'environment=dev' \
-var 'location=East US' \
-out demo.tfplan
terraform apply demo.tfplan
```
\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks.