.net-core · Architecture · Azure · Azure CLI · Azure Cognitive Services · Azure Open Ai · AzureDevOps · Bicep · C# · managed-identity · Private DNS Zone · Private Endpoint · Private Link · Uncategorized

Streamline Azure Lifecycle Management with AI Solutions

Moim Hossain

Introduction

A while ago, I created a proof-of-concept application. It helps LCM (Life Cycle Management for Azure Resources) for a friend of mine. The POC was using all Azure Open AI, Storage Account etc. But the resources where exposed to the internet. Recently, I wanted to update them. I aimed to protect all traffic staying in a virtual network. This included using private endpoints and private DNS zones.

Usage

The scripts can be used to create, update, delete, and list Azure services. The scripts are designed to be used in a CI/CD pipeline to automate the deployment of Azure services. You start with build-infra.sh script.

The environment variables that need to be set are:

export resourceGroupName=$resourceGroupName
export location=$location
export workloadName=$workloadName
export workloadEnv=$workloadEnv

The scripts can be run using the following commands:

./infra/build-infra.sh

This will produce the following Azure Resources:

  • Resource Group
  • User Assigned Managed Identity
  • Log Analytics Workspace
  • Virtual Network
    • Subnet – Delegated to Azure Container Group
    • Subnet – To host Private Endpoints
  • Storage Account
    • Role Assignments
    • Blob Storage
      • Private DNS Zone
      • Private Endpoint
      • Private Link
    • Table Storage
      • Private DNS Zone
      • Private Endpoint
      • Private Link
  • Key Vault
    • Role Assignments
    • Private DNS Zone
    • Private Endpoint
    • Private Link
  • Azure Open AI
    • Model GPT 4o will be deployed
    • Private DNS Zone
    • Private Endpoint
    • Private Link
    • Keep Secret in Key Vault (endpoint and key)
  • Container Registry (Not using Private Container Registry – so Azure Pipeline can reach to it)

Building Docker image

The script build-container.sh will build the Docker image and push it to the Azure Container Registry.

Running container instance

The script execute-job.sh will run the container instance in Azure Container Instance.

Note: The script execute-job.sh As it is now, will try to create containers into the Blob storage, which will not work because the storage account is only accepting traffic from vnet. Hence, you need to create the container as one-time process while keep the storage account’s – allow traffic from anywhere – and then change it back to vnet only.

Conclusion

The source code (Bicep files) can be found in here.

Unknown's avatar

Published by Moim Hossain

I develop software that solve problems! All opinions are my own!

Leave a comment