Merge pull request #1376 from solliancenet/mg-cherry-pick-pr1291

Cherry pick from PR 1291 into Release 0.8.0

deploy/standard/azd-hooks/utility/Generate-Config.ps1

@@ -377,7 +377,7 @@ $vnetName = Invoke-AndRequireSuccess "Get VNet Name" {
 
 $subnetBackend = Invoke-AndRequireSuccess "Get Backend Subnet CIDR" {
     az network vnet subnet show `
-        --name "FLLMBackend" `
+        --name "aks-backend" `
         --query addressPrefix `
         --resource-group $resourceGroups.net `
         --vnet-name $vnetName `
@@ -387,7 +387,7 @@ $tokens.privateIpIngressBackend = Get-CIDRHost -baseCidr $subnetBackend -hostNum
 
 $subnetFrontend = Invoke-AndRequireSuccess "Get Frontend Subnet CIDR" {
     az network vnet subnet show `
-        --name "FLLMFrontend" `
+        --name "aks-frontend" `
         --query addressPrefix `
         --resource-group $resourceGroups.net `
         --vnet-name $vnetName `

deploy/standard/config/appconfig.template.json

@@ -289,7 +289,7 @@
         },
         {
             "key": "FoundationaLLM:APIEndpoints:GatekeeperIntegrationAPI:Essentials:APIKey",
-            "value": "{\"uri\":\"{{keyvaultUri}}secrets/foundationallm-apiendpoints-gatekeeperintergrationapi-apikey\"}",
+            "value": "{\"uri\":\"{{keyvaultUri}}secrets/foundationallm-apiendpoints-gatekeeperintegrationapi-apikey\"}",
             "label": null,
             "content_type": "application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8",
             "tags": {}
@@ -457,14 +457,14 @@
         },
         {
             "key": "FoundationaLLM:APIEndpoints:StateAPI:Essentials:APIUrl",
-            "value": "http://state-api/state",
+            "value": "http://state-api",
             "label": null,
             "content_type": "",
             "tags": {}
         },
         {
             "key": "FoundationaLLM:APIEndpoints:StateAPI:Essentials:APIKey",
-            "value": "{\"uri\":\"{{keyvaultUri}}secrets/foundationallm-apinedpoints-stateapi-apikey\"}",
+            "value": "{\"uri\":\"{{keyvaultUri}}secrets/foundationallm-apiendpoints-stateapi-apikey\"}",
             "label": null,
             "content_type": "application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8",
             "tags": {}

deploy/standard/data/resource-provider/FoundationaLLM.Agent/FoundationaLLM.template.json

@@ -15,17 +15,8 @@
   },
   "orchestration_settings": {
     "orchestrator": "LangChain",
-    "agent_parameters": null,
-    "endpoint_configuration": {
-      "auth_type": "token",
-      "provider": "microsoft",
-      "endpoint": "{{openAiEndpointUri}}",
-      "api_version": "2024-02-01"
-    },
-    "model_parameters": {
-      "temperature": 0,
-      "deployment_name": "completions"
-    }
+    "agent_parameters": null
   },
+  "ai_model_object_id": "/instances/{{instanceId}}/providers/FoundationaLLM.AIModel/aiModels/DefaultCompletionAIModel",
   "prompt_object_id": "/instances/{{instanceId}}/providers/FoundationaLLM.Prompt/prompts/FoundationaLLM"
 }

deploy/standard/infra/app-rg.bicep

@@ -106,9 +106,9 @@ module network 'modules/utility/virtualNetworkData.bicep' = {
   params: {
     vnetName: vnetName
     subnetNames: [
-      'FLLMBackend'
-      'FLLMFrontend'
-      'FLLMServices'
+      'aks-backend'
+      'aks-frontend'
+      'services'
     ]
   }
 }
@@ -141,8 +141,8 @@ module aksBackend 'modules/aks.bicep' = {
     opsResourceGroupName: opsResourceGroupName
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => contains([ 'aks' ], zone.key))
     resourceSuffix: '${resourceSuffix}-backend'
-    subnetId: subnets.FLLMBackend.id
-    subnetIdPrivateEndpoint: subnets.FLLMServices.id
+    subnetId: subnets['aks-backend'].id
+    subnetIdPrivateEndpoint: subnets.services.id
     tags: tags
   }
 }
@@ -161,8 +161,8 @@ module aksFrontend 'modules/aks.bicep' = {
     opsResourceGroupName: opsResourceGroupName
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => contains([ 'aks' ], zone.key))
     resourceSuffix: '${resourceSuffix}-frontend'
-    subnetId: subnets.FLLMFrontend.id
-    subnetIdPrivateEndpoint: subnets.FLLMServices.id
+    subnetId: subnets['aks-frontend'].id
+    subnetIdPrivateEndpoint: subnets.services.id
     tags: tags
   }
 }

deploy/standard/infra/auth-rg.bicep

@@ -113,7 +113,7 @@ module authStore 'modules/storageAccount.bicep' = {
     logAnalyticWorkspaceId: logAnalyticsWorkspaceId
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => contains(['blob', 'dfs'], zone.key))
     resourceSuffix: resourceToken
-    subnetId: '${vnetId}/subnets/FLLMAuth'
+    subnetId: '${vnetId}/subnets/auth'
     tags: tags
     containers: [
       'role-assignments'
@@ -132,7 +132,7 @@ module authKeyvault 'modules/keyVault.bicep' = {
     logAnalyticWorkspaceId: logAnalyticsWorkspaceId
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => zone.key == 'vault')
     resourceSuffix: resourceSuffix
-    subnetId: '${vnetId}/subnets/FLLMAuth'
+    subnetId: '${vnetId}/subnets/auth'
     tags: tags
   }
 }

deploy/standard/infra/main.bicep

@@ -247,7 +247,7 @@ output FLLM_MGMT_API_HOSTNAME string = managementApiHostname
 
 output FOUNDATIONALLM_VNET_NAME string = networking.outputs.vnetName
 output FOUNDATIONALLM_VNET_ID string = networking.outputs.vnetId
-output FOUNDATIONALLM_HUB_VNET_NAME string = networking.outputs.hubVnetId
+output FOUNDATIONALLM_HUB_VNET_ID string = networking.outputs.hubVnetId
 
 output SERVICE_GATEKEEPER_API_ENDPOINT_URL string = 'http://gatekeeper-api/gatekeeper/'
 output SERVICE_GATEKEEPER_INTEGRATION_API_ENDPOINT_URL string = 'http://gatekeeper-integration-api/gatekeeperintegration'

deploy/standard/infra/modules/vnet-peering.bicep

@@ -10,7 +10,7 @@ resource main 'Microsoft.Network/virtualNetworks@2024-01-01' existing = {
 }
 
 resource destinationToSourcePeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2024-01-01' = {
-  name: 'hub-to-vnet'
+  name: vnetName
   parent: main
   properties: {
     allowVirtualNetworkAccess: allowVirtualNetworkAccess

deploy/standard/infra/networking-rg.bicep

@@ -1,5 +1,5 @@
 // Inputs
-param cidrVnet string = '10.220.128.0/21'
+param cidrVnet string = '10.220.128.0/20'
 param environmentName string
 param hubResourceGroup string
 param hubSubscriptionId string = subscription().subscriptionId
@@ -36,20 +36,21 @@ var privateDnsZone = {
   vault: 'privatelink.vaultcore.azure.net'
 }
 
-var cidrFllmAuth = cidrSubnet(cidrVnet, 26, 17) // 10.220.132.64/26
-var cidrFllmBackend = cidrSubnet(cidrVnet, 24, 1) // 10.220.129.0/24
-var cidrFllmFrontend = cidrSubnet(cidrVnet, 24, 2) // 10.220.130.0/24
-var cidrFllmOpenAi = cidrSubnet(cidrVnet, 26, 12) // 10.220.131.0/26
-var cidrFllmOps = cidrSubnet(cidrVnet, 26, 15) // 10.220.131.192/26
-var cidrFllmVec = cidrSubnet(cidrVnet, 26, 16) // 10.220.132.0/26
-var cidrNetSvc = cidrSubnet(cidrVnet, 24, 6) // 10.220.134.0/24
+var opsSubnetCidr = cidrSubnet(cidrVnet, 26, 0) // 10.220.128.0/26
+var servicesSubnetCidr = cidrSubnet(cidrVnet, 26, 1) // 10.220.128.64/26
+var authSubnetCidr = cidrSubnet(cidrVnet, 26, 2) // 10.220.128.128/26
+var openAiSubnetCidr = cidrSubnet(cidrVnet, 26, 3) // 10.220.128.192/26
+var storageSubnetCidr = cidrSubnet(cidrVnet, 26, 4) // 10.220.129.0/26
+var vectorizationSubnetCidr = cidrSubnet(cidrVnet, 26, 5) // 10.220.129.64/26
+var backendAksSubnetCidr = cidrSubnet(cidrVnet, 22, 1) // 10.220.132.0/22
+var frontendAksSubnetCidr = cidrSubnet(cidrVnet, 22, 2) // 10.220.140.0/22
 // TODO: Use Namer FUnction from main.bicep
 var name = networkName == '' ? 'vnet-${environmentName}-${location}-net' : networkName
 
 var subnets = [
   {
-    name: 'FLLMBackend'
-    addressPrefix: cidrFllmBackend
+    name: 'aks-backend'
+    addressPrefix: backendAksSubnetCidr
     inbound: [
       {
         access: 'Allow'
@@ -70,8 +71,8 @@ var subnets = [
     ]
   }
   {
-    name: 'FLLMFrontEnd'
-    addressPrefix: cidrFllmFrontend
+    name: 'aks-frontend'
+    addressPrefix: frontendAksSubnetCidr
     inbound: [
       {
         access: 'Allow'
@@ -92,34 +93,8 @@ var subnets = [
     ]
   }
   {
-    name: 'FLLMNetSvc'
-    addressPrefix: cidrNetSvc
-    rules: {
-      inbound: [
-        {
-          access: 'Allow'
-          destinationAddressPrefix: 'VirtualNetwork'
-          destinationPortRange: '*'
-          name: 'allow-vpn'
-          priority: 256
-          protocol: '*'
-          sourcePortRange: '*'
-          sourceAddressPrefixes: [allowedExternalCidr]
-        }
-      ]
-    }
-    delegations: [
-      {
-        name: 'Microsoft.Network/dnsResolvers'
-        properties: {
-          serviceName: 'Microsoft.Network/dnsResolvers'
-        }
-      }
-    ]
-  }
-  {
-    name: 'FLLMOpenAI'
-    addressPrefix: cidrFllmOpenAi
+    name: 'openai'
+    addressPrefix: openAiSubnetCidr
     rules: {
       inbound: [
         {
@@ -151,7 +126,7 @@ var subnets = [
           protocol: '*'
           sourcePortRange: '*'
           sourceAddressPrefixes: [
-            cidrFllmBackend
+            backendAksSubnetCidr
           ]
         }
         {
@@ -236,8 +211,8 @@ var subnets = [
     ]
   }
   {
-    name: 'FLLMServices'
-    addressPrefix: cidrSubnet(cidrVnet, 26, 13)
+    name: 'services'
+    addressPrefix: servicesSubnetCidr
     rules: {
       inbound: [
         {
@@ -248,7 +223,7 @@ var subnets = [
           priority: 256
           protocol: '*'
           sourcePortRange: '*'
-          sourceAddressPrefixes: [cidrFllmBackend]
+          sourceAddressPrefixes: [backendAksSubnetCidr]
         }
         {
           access: 'Allow'
@@ -280,8 +255,8 @@ var subnets = [
     ]
   }
   {
-    name: 'FLLMStorage'
-    addressPrefix: cidrSubnet(cidrVnet, 26, 14)
+    name: 'storage'
+    addressPrefix: storageSubnetCidr
     rules: {
       inbound: [
         {
@@ -292,7 +267,7 @@ var subnets = [
           priority: 128
           protocol: '*'
           sourcePortRange: '*'
-          sourceAddressPrefixes: [cidrFllmOps]
+          sourceAddressPrefixes: [opsSubnetCidr]
         }
         {
           access: 'Allow'
@@ -312,7 +287,7 @@ var subnets = [
           name: 'allow-aks-inbound'
           priority: 256
           protocol: '*'
-          sourceAddressPrefixes: [cidrFllmBackend]
+          sourceAddressPrefixes: [backendAksSubnetCidr]
           sourcePortRange: '*'
         }
         {
@@ -347,8 +322,8 @@ var subnets = [
     ]
   }
   {
-    name: 'ops' // TODO: PLEs.  Maybe put these in FLLMServices?
-    addressPrefix: cidrFllmOps
+    name: 'ops' // TODO: PLEs.  Maybe put these in services?
+    addressPrefix: opsSubnetCidr
     rules: {
       inbound: [
         {
@@ -359,7 +334,7 @@ var subnets = [
           priority: 128
           protocol: '*'
           sourcePortRange: '*'
-          sourceAddressPrefixes: [cidrFllmOps]
+          sourceAddressPrefixes: [opsSubnetCidr]
         }
         {
           access: 'Allow'
@@ -380,8 +355,8 @@ var subnets = [
           protocol: '*'
           sourcePortRange: '*'
           sourceAddressPrefixes: [
-            cidrFllmFrontend
-            cidrFllmBackend
+            frontendAksSubnetCidr
+            backendAksSubnetCidr
           ]
         }
         {
@@ -404,8 +379,8 @@ var subnets = [
     ]
   }
   {
-    name: 'Vectorization'
-    addressPrefix: cidrFllmVec
+    name: 'vectorization'
+    addressPrefix: vectorizationSubnetCidr
     rules: {
       inbound: [
         {
@@ -425,7 +400,7 @@ var subnets = [
           name: 'allow-aks-inbound'
           priority: 256
           protocol: '*'
-          sourceAddressPrefixes: [cidrFllmBackend]
+          sourceAddressPrefixes: [backendAksSubnetCidr]
           sourcePortRange: '*'
         }
         {
@@ -461,8 +436,8 @@ var subnets = [
     ]
   }
   {
-    name: 'FLLMAuth'
-    addressPrefix: cidrFllmAuth
+    name: 'auth'
+    addressPrefix: authSubnetCidr
     rules: {
       inbound: [
         {
@@ -473,7 +448,7 @@ var subnets = [
           priority: 128
           protocol: '*'
           sourcePortRange: '*'
-          sourceAddressPrefixes: [cidrFllmOps]
+          sourceAddressPrefixes: [opsSubnetCidr]
         }
         {
           access: 'Allow'
@@ -493,7 +468,7 @@ var subnets = [
           name: 'allow-aks-inbound'
           priority: 256
           protocol: '*'
-          sourceAddressPrefixes: [cidrFllmBackend]
+          sourceAddressPrefixes: [backendAksSubnetCidr]
           sourcePortRange: '*'
         }
         {

deploy/standard/infra/openai-rg.bicep

@@ -61,7 +61,7 @@ module contentSafety 'modules/contentSaftey.bicep' = {
     opsResourceGroupName: opsResourceGroupName
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => zone.key == 'cognitiveservices')
     resourceSuffix: resourceSuffix
-    subnetId: '${vnetId}/subnets/FLLMOpenAI'
+    subnetId: '${vnetId}/subnets/openai'
     tags: tags
   }
 }
@@ -76,7 +76,7 @@ module openai './modules/openai.bicep' = if (deployOpenAi) {
     logAnalyticWorkspaceId: logAnalyticsWorkspaceId
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => zone.key == 'openai')
     resourceSuffix: resourceSuffix
-    subnetId: '${vnetId}/subnets/FLLMOpenAI'
+    subnetId: '${vnetId}/subnets/openai'
     tags: tags
   }
 }

deploy/standard/infra/storage-rg.bicep

@@ -57,7 +57,7 @@ module cosmosdb 'modules/cosmosdb.bicep' = {
     logAnalyticWorkspaceId: logAnalyticsWorkspaceId
     privateDnsZones: filter(dnsZones.outputs.ids, (zone) => zone.key == 'cosmosdb')
     resourceSuffix: resourceSuffix
-    subnetId: '${vnetId}/subnets/FLLMStorage'
+    subnetId: '${vnetId}/subnets/storage'
     tags: tags
   }
 }
@@ -73,7 +73,7 @@ module storage 'modules/storageAccount.bicep' = {
     logAnalyticWorkspaceId: logAnalyticsWorkspaceId
     privateDnsZones: dnsZones.outputs.idsStorage
     resourceSuffix: resourceSuffix
-    subnetId: '${vnetId}/subnets/FLLMStorage'
+    subnetId: '${vnetId}/subnets/storage'
     tags: tags
     containers: [
       'resource-provider'