Basic ARM template

.gitignore

@@ -171,3 +171,5 @@ studio/dist
 .env-dev
 .env-prod
 dump.sql
+*.parameters.json
+*.bicepparam

deployments/bicep/README.md

@@ -0,0 +1,5 @@
+```bash
+az deployment group create --name ExampleDeployment --resource-group jb-studio-test --parameters storage.bicepparam
+
+az deployment group create --resource-group jbstudiotest1 --template-file ./main.bicep --parameters main.bicepparam
+```

deployments/bicep/main.bicep

@@ -0,0 +1,160 @@
+// create bicep version of the stuff above
+
+param resourceNamePrefix string
+param location string
+param postgresAdminUser string
+
+@secure()
+param postgresAdminPassword string
+
+param postgresDatabaseName string
+param cpu string = '0.5'
+param memory string = '1Gi'
+
+@secure()
+param AZURE_OPENAI_API_KEY string
+param AZURE_OPENAI_API_VERSION string
+param AZURE_OPENAI_ENDPOINT string
+param FAST_MODEL string = 'gpt-4-turbo'
+param SLOW_MODEL string = 'gpt-4-turbo'
+
+param pwrEngineImageName string
+param pwrServerImageName string
+@secure()
+param imagePassword string
+param imageRegistryLoginServer string
+param imageUsername string
+
+param AAD_APP_CLIENT_ID string
+param AAD_APP_TENANT_ID string
+param ISSUER string
+
+param SERVER_HOST string
+
+param keyVaultName string
+
+@description('The secret url for the certificate in Azure Key Vault.')
+@secure()
+param keyVaultSecretId string
+
+// deploy ./vnet.bicep
+
+module vnet './modules/vnet.bicep' = {
+  name: '${resourceNamePrefix}-vnet'
+  params: {
+    vnetName: '${resourceNamePrefix}-vnet'
+  }
+}
+
+// deploy the files ./eventhub.bicep and postgres.bicep
+
+module eventhub './modules/eventhub.bicep' = {
+  name: '${resourceNamePrefix}-eventhub'
+  params: {
+    eventHubNamespace: '${resourceNamePrefix}-eventhub-namespace'
+    location: location
+  }
+}
+
+module postgres './modules/postgres.bicep' = {
+  name: '${resourceNamePrefix}-postgres'
+  params: {
+    resourceNamePrefix: resourceNamePrefix
+    location: location
+    postgresAdminUser: postgresAdminUser
+    postgresAdminPassword: postgresAdminPassword
+    postgresDatabaseName: postgresDatabaseName
+  }
+}
+
+module storage './modules/storage.bicep' = {
+  name: '${resourceNamePrefix}-storage'
+  params: {
+    location: location
+    resourceNamePrefix: resourceNamePrefix
+  }
+}
+
+
+// create a public ip that will later be used for a load balancer
+
+resource publicIp 'Microsoft.Network/publicIPAddresses@2020-11-01' = {
+  name: '${resourceNamePrefix}-public-ip'
+  location: location
+  properties: {
+    publicIPAllocationMethod: 'Dynamic'
+  }
+}
+
+// deploy the files ./server.bicep and ./engine.bicep
+
+module engine './modules/containers/engine.bicep' = {
+  name: '${resourceNamePrefix}-engine'
+  params: {
+    location: location
+    AZURE_OPENAI_API_KEY: AZURE_OPENAI_API_KEY
+    AZURE_OPENAI_API_VERSION: AZURE_OPENAI_API_VERSION
+    AZURE_OPENAI_ENDPOINT: AZURE_OPENAI_ENDPOINT
+    FAST_MODEL: FAST_MODEL
+    SLOW_MODEL: SLOW_MODEL
+
+    containerName: '${resourceNamePrefix}-pwr-engine'
+    imageName: pwrEngineImageName
+    imagePassword: imagePassword
+    imageRegistryLoginServer: imageRegistryLoginServer
+    imageUsername: imageUsername
+    KAFKA_BROKER: eventhub.outputs.kafkaBroker
+    KAFKA_CONSUMER_PASSWORD: eventhub.outputs.kafkaConnectionPassword
+    KAFKA_CONSUMER_USERNAME: eventhub.outputs.kafkaConnectionUsername
+    memory: memory
+    numberCpuCores: cpu
+  }
+}
+
+
+
+module server './modules/containers/server.bicep' = {
+  name: '${resourceNamePrefix}-server'
+  params: {
+    location: location
+
+    containerName: '${resourceNamePrefix}-pwr-server'
+    AAD_APP_CLIENT_ID: AAD_APP_CLIENT_ID
+    AAD_APP_TENANT_ID: AAD_APP_TENANT_ID
+    ISSUER: ISSUER
+    // construct a full db string using the postgress params and the output server ip
+    dbConnectionString: 'postgresql://${postgresAdminUser}:${postgresAdminPassword}@${postgres.outputs.postgresqlServerIP}:5432/${postgresDatabaseName}'
+    SERVER_HOST: SERVER_HOST
+
+    imageName: pwrServerImageName
+    imagePassword: imagePassword
+    imageRegistryLoginServer: imageRegistryLoginServer
+    imageUsername: imageUsername
+    KAFKA_BROKER: eventhub.outputs.kafkaBroker
+    KAFKA_PRODUCER_PASSWORD: eventhub.outputs.kafkaConnectionPassword
+    KAFKA_PRODUCER_USERNAME: eventhub.outputs.kafkaConnectionUsername
+    memory: memory
+    numberCpuCores: cpu
+    subnetId: vnet.outputs.defaultSubnetId
+
+  }
+}
+
+
+// create a load balancer that will be used to route traffic to the containers
+// module gateway './modules/gateway.bicep' = {
+//   name: '${resourceNamePrefix}-gateway'
+//   params: {
+//     resourceNamePrefix: resourceNamePrefix
+//     location: location
+//     subnetId: vnet.outputs.gatewaySubnetId
+//     publicIpId: publicIp.id
+//     backendIPAddress: server.outputs.containerIP
+//     keyVaultName: keyVaultName
+//     keyVaultSecretId: keyVaultSecretId
+//   }
+// }
+
+output eventhubNamespace string = eventhub.outputs.kafkaBroker
+output postgresqlServerName string = postgres.outputs.postgresqlServerIP
+

deployments/bicep/modules/containers/engine.bicep

@@ -0,0 +1,99 @@
+param location string
+param containerName string
+
+param numberCpuCores string
+param memory string
+
+param imageRegistryLoginServer string
+param imageUsername string
+@secure()
+param imagePassword string
+param imageName string
+
+param KAFKA_BROKER string
+param KAFKA_CONSUMER_USERNAME string
+
+@secure()
+param KAFKA_CONSUMER_PASSWORD string
+
+@secure()
+param AZURE_OPENAI_API_KEY string
+param AZURE_OPENAI_API_VERSION string
+param AZURE_OPENAI_ENDPOINT string
+param FAST_MODEL string = 'gpt-4-turbo'
+param SLOW_MODEL string = 'gpt-4-turbo'
+
+resource container 'Microsoft.ContainerInstance/containerGroups@2022-10-01-preview' = {
+  location: location
+  name: containerName
+  properties: {
+    containers: [
+      {
+        name: containerName
+        properties: {
+          image: imageName
+          resources: {
+            requests: {
+              cpu: int(numberCpuCores)
+              memoryInGB: json(memory)
+            }
+          }
+          environmentVariables: [
+            {
+              name: 'KAFKA_BROKER'
+              value: KAFKA_BROKER
+            }
+            {
+              name: 'KAFKA_USE_SASL'
+              value: 'true'
+            }
+            {
+              name: 'KAFKA_CONSUMER_USERNAME'
+              value: KAFKA_CONSUMER_USERNAME
+            }
+            {
+              name: 'KAFKA_CONSUMER_PASSWORD'
+              secureValue: KAFKA_CONSUMER_PASSWORD
+            }
+            {
+              name: 'KAFKA_ENGINE_TOPIC'
+              value: 'pwr_engine'
+            }
+            {
+              name: 'AZURE_OPENAI_API_KEY'
+              value: AZURE_OPENAI_API_KEY
+            }
+            {
+              name: 'AZURE_OPENAI_API_VERSION'
+              value: AZURE_OPENAI_API_VERSION
+            }
+            {
+              name: 'AZURE_OPENAI_ENDPOINT'
+              value: AZURE_OPENAI_ENDPOINT
+            }
+            {
+              name: 'FAST_MODEL'
+              value: FAST_MODEL
+            }
+            {
+              name: 'SLOW_MODEL'
+              value: SLOW_MODEL
+            }
+          ]
+          ports: [{port: 80, protocol: 'TCP'}]
+        }
+      }
+    ]
+    restartPolicy: 'OnFailure'
+    osType: 'Linux'
+    sku: 'Standard'
+    imageRegistryCredentials: [
+      {
+        server: imageRegistryLoginServer
+        username: imageUsername
+        password: imagePassword
+      }
+    ]
+  }
+  tags: {}
+}

deployments/bicep/modules/containers/server.bicep

@@ -0,0 +1,118 @@
+param location string
+param containerName string
+param subnetId string
+
+param numberCpuCores string
+param memory string
+
+param imageRegistryLoginServer string
+param imageName string
+param imageUsername string
+@secure()
+param imagePassword string
+
+param SERVER_HOST string
+param dbConnectionString string
+
+param AAD_APP_CLIENT_ID string
+param AAD_APP_TENANT_ID string
+param ISSUER string
+
+param KAFKA_BROKER string
+param KAFKA_PRODUCER_USERNAME string
+@secure()
+param KAFKA_PRODUCER_PASSWORD string
+
+
+resource container 'Microsoft.ContainerInstance/containerGroups@2022-10-01-preview' = {
+  location: location
+  name: containerName
+  properties: {
+    containers: [
+      {
+        name: containerName
+        properties: {
+          image: imageName
+          resources: {
+            requests: {
+              cpu: int(numberCpuCores)
+              memoryInGB: json(memory)
+            }
+          }
+          environmentVariables: [
+            {
+              name: 'SERVER_HOST'
+              value: SERVER_HOST
+            }
+            {
+              name: 'DB_CONNECTION_STRING'
+              value: dbConnectionString
+            }
+            {
+              name: 'AAD_APP_CLIENT_ID'
+              value: AAD_APP_CLIENT_ID
+            }
+            {
+              name: 'AAD_APP_TENANT_ID'
+              value: AAD_APP_TENANT_ID
+            }
+            {
+              name: 'ISSUER'
+              value: ISSUER
+            }
+            {
+              name: 'KAFKA_BROKER'
+              value: KAFKA_BROKER
+            }
+            {
+              name: 'KAFKA_USE_SASL'
+              value: 'true'
+            }
+            {
+              name: 'KAFKA_ENGINE_TOPIC'
+              value: 'pwr_engine'
+            }
+            {
+              name: 'KAFKA_PRODUCER_USERNAME'
+              value: KAFKA_PRODUCER_USERNAME
+            }
+            {
+              name: 'KAFKA_PRODUCER_PASSWORD'
+              secureValue: KAFKA_PRODUCER_PASSWORD
+            }
+          ]
+          command: [
+            'uvicorn'
+            'app.main:app'
+            '--workers'
+            '1'
+            '--host'
+            '0.0.0.0'
+            '--port'
+            '80'
+          ]
+          ports: [{port: 80, protocol: 'TCP'}, {port: 3000, protocol: 'TCP'}]
+        }
+      }
+    ]
+    restartPolicy: 'OnFailure'
+    osType: 'Linux'
+    sku: 'Standard'
+    imageRegistryCredentials: [
+      {
+        server: imageRegistryLoginServer
+        username: imageUsername
+        password: imagePassword
+      }
+    ]
+    subnetIds: [
+      {id: subnetId}
+    ]
+  }
+  tags: {}
+}
+
+
+// output the private IP adress assigned to the container group from the subnet
+
+output containerIP string = container.properties.ipAddress.ip