# Virtual Network resource "azurerm_virtual_network" "default" { name = "vnet-${var.name}-${var.environment}" address_space = var.vnet_address_space location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name } resource "azurerm_subnet" "snet-training" { name = "snet-training" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name address_prefixes = var.training_subnet_address_space enforce_private_link_endpoint_network_policies = true } resource "azurerm_subnet" "snet-aks" { name = "snet-aks" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name address_prefixes = var.aks_subnet_address_space enforce_private_link_endpoint_network_policies = true } resource "azurerm_subnet" "snet-workspace" { name = "snet-workspace" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name address_prefixes = var.ml_subnet_address_space enforce_private_link_endpoint_network_policies = true } resource "azurerm_subnet" "snet-dsvm" { name = "snet-dsvm" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name address_prefixes = var.dsvm_subnet_address_space enforce_private_link_endpoint_network_policies = true } resource "azurerm_subnet" "azure_bastion" { name = "AzureBastionSubnet" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name address_prefixes = var.bastion_subnet_address_space } # Private DNS Zones resource "azurerm_private_dns_zone" "dnsvault" { name = "privatelink.vaultcore.azure.net" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { name = "dnsvaultlink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name virtual_network_id = azurerm_virtual_network.default.id } resource "azurerm_private_dns_zone" "dnsstorageblob" { name = "privatelink.blob.core.windows.net" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { name = "dnsblobstoragelink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name virtual_network_id = azurerm_virtual_network.default.id } resource "azurerm_private_dns_zone" "dnsstoragefile" { name = "privatelink.file.core.windows.net" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { name = "dnsfilestoragelink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name virtual_network_id = azurerm_virtual_network.default.id } resource "azurerm_private_dns_zone" "dnscontainerregistry" { name = "privatelink.azurecr.io" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { name = "dnscrlink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name virtual_network_id = azurerm_virtual_network.default.id } resource "azurerm_private_dns_zone" "dnsazureml" { name = "privatelink.api.azureml.ms" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { name = "dnsazuremllink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name virtual_network_id = azurerm_virtual_network.default.id } resource "azurerm_private_dns_zone" "dnsnotebooks" { name = "privatelink.notebooks.azure.net" resource_group_name = azurerm_resource_group.default.name } resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { name = "dnsnotebookslink" resource_group_name = azurerm_resource_group.default.name private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name virtual_network_id = azurerm_virtual_network.default.id } # Network Security Groups resource "azurerm_network_security_group" "nsg-training" { name = "nsg-training" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name security_rule { name = "BatchNodeManagement" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "29876-29877" source_address_prefix = "BatchNodeManagement" destination_address_prefix = "*" } security_rule { name = "AzureMachineLearning" priority = 110 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "44224" source_address_prefix = "AzureMachineLearning" destination_address_prefix = "*" } } resource "azurerm_subnet_network_security_group_association" "nsg-training-link" { subnet_id = azurerm_subnet.snet-training.id network_security_group_id = azurerm_network_security_group.nsg-training.id } resource "azurerm_network_security_group" "nsg-aks" { name = "nsg-aks" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name } resource "azurerm_subnet_network_security_group_association" "nsg-aks-link" { subnet_id = azurerm_subnet.snet-aks.id network_security_group_id = azurerm_network_security_group.nsg-aks.id } # User Defined Routes # UDR for compute instance and compute clusters resource "azurerm_route_table" "rt-training" { name = "rt-training" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name } resource "azurerm_route" "training-Internet-Route" { name = "Internet" resource_group_name = azurerm_resource_group.default.name route_table_name = azurerm_route_table.rt-training.name address_prefix = "0.0.0.0/0" next_hop_type = "Internet" } resource "azurerm_route" "training-AzureMLRoute" { name = "AzureMLRoute" resource_group_name = azurerm_resource_group.default.name route_table_name = azurerm_route_table.rt-training.name address_prefix = "AzureMachineLearning" next_hop_type = "Internet" } resource "azurerm_route" "training-BatchRoute" { name = "BatchRoute" resource_group_name = azurerm_resource_group.default.name route_table_name = azurerm_route_table.rt-training.name address_prefix = "BatchNodeManagement" next_hop_type = "Internet" } resource "azurerm_subnet_route_table_association" "rt-training-link" { subnet_id = azurerm_subnet.snet-training.id route_table_id = azurerm_route_table.rt-training.id } # Inferencing (AKS) Route resource "azurerm_route_table" "rt-aks" { name = "rt-aks" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name } resource "azurerm_route" "aks-Internet-Route" { name = "Internet" resource_group_name = azurerm_resource_group.default.name route_table_name = azurerm_route_table.rt-aks.name address_prefix = "0.0.0.0/0" next_hop_type = "Internet" } resource "azurerm_subnet_route_table_association" "rt-aks-link" { subnet_id = azurerm_subnet.snet-aks.id route_table_id = azurerm_route_table.rt-aks.id }