Azure
/
data-product-analytics
зеркало из https://github.com/Azure/data-product-analytics.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

initial push

This commit is contained in:
Marvin Buss 2020-08-12 14:52:39 +02:00
Родитель 06711ab03b
Коммит a9ffafa647
7 изменённых файлов: 1236 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

148
.github/workflows/dataProductDeployment.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,148 @@
name: Data Product Deployment
on:
push:
branches: [ main ]
paths:
- 'infra/Storage/**'
- 'infra/KeyVault/**'
- 'infra/PrivateEndpoint/**'
- '.github/workflows/dataProductDeployment.yml'
env:
AZURE_RESOURCE_GROUP: dataproduct001
AZURE_LOCATION: northeurope
jobs:
create-resource-group:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# # Create resource group
# - name: Create resource group
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# echo "Creating resource group ${{ env.AZURE_RESOURCE_GROUP }}"
# az group create --location ${{ env.AZURE_LOCATION }} --name ${{ env.AZURE_RESOURCE_GROUP }}
# # Log out from Azure
# - name: Log out from Azure
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# az logout
# validation:
# needs: [ create-resource-group ]
# runs-on: ubuntu-latest
# # Steps represent a sequence of tasks that will be executed as part of the job
# steps:
# # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
# - name: Check Out Repository
# id: checkout_repository
# uses: actions/checkout@v2
# # Login to Azure
# - name: Azure Login
# id: azure_login
# uses: azure/login@v1
# with:
# creds: ${{ secrets.AZURE_CREDENTIALS }}
# # Deploy key vault - validation
# - name: Deploy key vault - validation
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# echo "Creating deployment in resource group"
# az deployment group validate \
# --mode Incremental \
# --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
# --template-file $GITHUB_WORKSPACE/infra/KeyVault/deploy.keyVault.json \
# --parameters $GITHUB_WORKSPACE/infra/KeyVault/params.keyVault001.json
# # Deploy data factory - validation
# - name: Deploy data factory - validation
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# echo "Creating deployment in resource group"
# az deployment group validate \
# --mode Incremental \
# --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
# --template-file $GITHUB_WORKSPACE/infra/DataFactory/deploy.dataFactory.json \
# --parameters $GITHUB_WORKSPACE/infra/DataFactory/params.dataFactory001.json
# # Log out from Azure
# - name: Log out from Azure
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# az logout
# deployment:
# needs: [ create-resource-group, validation ]
# runs-on: ubuntu-latest
# # Steps represent a sequence of tasks that will be executed as part of the job
# steps:
# # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
# - name: Check Out Repository
# id: checkout_repository
# uses: actions/checkout@v2
# # Login to Azure
# - name: Azure Login
# id: azure_login
# uses: azure/login@v1
# with:
# creds: ${{ secrets.AZURE_CREDENTIALS }}
# # Deploy key vault
# - name: Deploy key vault
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# echo "Creating deployment in resource group"
# az deployment group create \
# --mode Incremental \
# --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
# --template-file $GITHUB_WORKSPACE/infra/KeyVault/deploy.keyVault.json \
# --parameters $GITHUB_WORKSPACE/infra/KeyVault/params.keyVault001.json
# # Deploy data factory
# - name: Deploy data factory
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# echo "Creating deployment in resource group"
# az deployment group create \
# --mode Incremental \
# --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
# --template-file $GITHUB_WORKSPACE/infra/DataFactory/deploy.dataFactory.json \
# --parameters $GITHUB_WORKSPACE/infra/DataFactory/params.dataFactory001.json
# # Log out from Azure
# - name: Log out from Azure
# uses: azure/CLI@v1
# with:
# azcliversion: latest
# inlineScript: |
# az logout

350
.gitignore поставляемый Normal file
Просмотреть файл

@ -0,0 +1,350 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Mono auto generated files
mono_crash.*
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
[Aa][Rr][Mm]/
[Aa][Rr][Mm]64/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
[Ll]ogs/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUnit
*.VisualState.xml
TestResult.xml
nunit-*.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# NuGet Symbol Packages
*.snupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
*.appxbundle
*.appxupload
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!?*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
*- [Bb]ackup.rdl
*- [Bb]ackup ([0-9]).rdl
*- [Bb]ackup ([0-9][0-9]).rdl
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
# BeatPulse healthcheck temp database
healthchecksdb
# Backup folder for Package Reference Convert tool in Visual Studio 2017
MigrationBackup/
# Ionide (cross platform F# VS Code tools) working folder
.ionide/

87
infra/DataFactory/deploy.dataFactory.json Normal file
Просмотреть файл

@ -0,0 +1,87 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"dataFactoryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the data factory."
}
},
"dataFactoryGitAccount": {
"type": "string",
"metadata": {
"description": "Specifies the account name for the repository connection."
}
},
"dataFactoryGitRepo": {
"type": "string",
"metadata": {
"description": "Specifies the repo name for the repository connection."
}
},
"dataFactoryGitCollaborationBranch": {
"type": "string",
"metadata": {
"description": "Specifies the collaboration branch name for the repository connection."
}
},
"dataFactoryGitRootFolder": {
"type": "string",
"metadata": {
"description": "Specifies the root folder in the branch for the repository connection."
}
},
"dataFactoryGitType": {
"type": "string",
"allowedValues": [
"FactoryGitHubConfiguration",
"FactoryVSTSConfiguration"
],
"metadata": {
"description": "Specifies the type of git connection."
}
}
},
"variables": {
"location": "[parameters('location')]",
"dataFactoryName": "[parameters('dataFactoryName')]",
"dataFactoryGitAccount": "[parameters('dataFactoryGitAccount')]",
"dataFactoryGitRepo": "[parameters('dataFactoryGitRepo')]",
"dataFactoryGitCollaborationBranch": "[parameters('dataFactoryGitCollaborationBranch')]",
"dataFactoryGitRootFolder": "[parameters('dataFactoryGitRootFolder')]",
"dataFactoryGitType": "[parameters('dataFactoryGitType')]"
},
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[variables('dataFactoryName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
// "repoConfiguration": {
// "accountName": "[variables('dataFactoryGitAccount')]",
// "repositoryName": "[variables('dataFactoryGitRepo')]",
// "collaborationBranch": "[variables('dataFactoryGitCollaborationBranch')]",
// "rootFolder": "[variables('dataFactoryGitRootFolder')]",
// "type": "[variables('dataFactoryGitType')]"
// },
"globalParameters": {
}
},
"resources": [
]
}
],
"outputs": {}
}

27
infra/DataFactory/params.dataFactory001.json Normal file
Просмотреть файл

@ -0,0 +1,27 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"dataFactoryName": {
"value": "dataproduct001-datafactory001"
},
"dataFactoryGitAccount": {
"value": ""
},
"dataFactoryGitRepo": {
"value": ""
},
"dataFactoryGitCollaborationBranch": {
"value": ""
},
"dataFactoryGitRootFolder": {
"value": ""
},
"dataFactoryGitType": {
"value": "FactoryGitHubConfiguration"
}
}
}

487
infra/MachineLearning/deploy.mlWorkspace.privateLink.json Normal file
Просмотреть файл

@ -0,0 +1,487 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"workspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning workspace."
}
},
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the key vault."
}
},
"applicationInsightsName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the application insights account."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the storage account."
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_ZRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS",
"Premium_ZRS",
"Standard_GZRS",
"Standard_RAGZRS"
],
"metadata": {
"description": "Specifies the SKU of the storage account."
}
},
"containerRegistryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the container registry that should be used for the Azure Machine Learning workspace."
}
},
"logAnalyticsWorkspaceResourceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the log analytics workspace that should be used for the Azure Machine Learning workspace."
}
},
"privateDnsZoneResourceGroupId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the resource group of the private dns zones."
}
},
"privateLinkSubnetResourceId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet used for private endpoints."
}
},
"serviceEndpointSubnetResourceId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet used for service endpoints."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"workspaceName": "[parameters('workspaceName')]",
"keyVaultName": "[parameters('keyVaultName')]",
"applicationInsightsName": "[parameters('applicationInsightsName')]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountType": "[parameters('storageAccountType')]",
"containerRegistryName": "[parameters('containerRegistryName')]",
"privateDnsZoneResourceGroupId": "[parameters('privateDnsZoneResourceGroupId')]",
"privateDnsZoneResourceGroupName": "[last(split(variables('privateDnsZoneResourceGroupId'), '/'))]",
"logAnalyticsWorkspaceResourceId": "[parameters('logAnalyticsWorkspaceResourceId')]",
"privateLinkSubnetResourceId": "[parameters('privateLinkSubnetResourceId')]",
"serviceEndpointSubnetResourceId": "[parameters('serviceEndpointSubnetResourceId')]",
"templateUri": "https://raw.githubusercontent.com/Azure/aml-enterprise-template/master/infra/PrivateEndpoint/deploy.privateEndpoint.json?token=AIHRGTX4QOF2ICMV3PZPD727GYZ42"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageAccountName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
},
"table": {
"enabled": true,
"keyType": "Service"
},
"queue": {
"enabled": true,
"keyType": "Service"
}
},
"keySource": "Microsoft.Storage"
},
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [
{
"action": "Allow",
"id": "[variables('serviceEndpointSubnetResourceId')]"
}
],
"ipRules": [
],
"defaultAction": "Deny"
},
"accessTier": "Hot",
"supportsHttpsTrafficOnly": true,
"isHnsEnabled": false,
"largeFileSharesState": "Disabled"
// "routingPreference": {
// "routingChoice": "MicrosoftRouting",
// "publishMicrosoftEndpoints": false,
// "publishInternetEndpoints": false
// }
}
},
// {
// "name": "BlobPrivateEndpointDeployment",
// "type": "Microsoft.Resources/deployments",
// "apiVersion": "2019-10-01",
// "dependsOn": [
// "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// ],
// "properties": {
// "mode": "Incremental",
// "templateLink": {
// "uri": "[variables('templateUri')]",
// "contentVersion": "1.0.0.0"
// },
// "parameters": {
// "privateEndpointName": {
// "value": "[concat(variables('storageAccountName'), '-pe')]"
// },
// "privateEndpointLocation": {
// "value": "[variables('location')]"
// },
// "privateLinkServiceResourceId": {
// "value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// },
// "privateLinkServiceGroupId": {
// "value": "blob"
// },
// "subnetResourceId": {
// "value": "[variables('privateLinkSubnetResourceId')]"
// },
// "privateDnsZoneId": {
// "value": "[resourceId(reference(variables('privateDnsZoneResourceGroupId'), '2020-06-01', 'Full').subscriptionId, variables('privateDnsZoneResourceGroupName'), 'Microsoft.Network/privateDnsZones', 'privatelink.blob.core.windows.net')]"
// }
// }
// }
// },
// {
// "name": "FilePrivateEndpointDeployment",
// "type": "Microsoft.Resources/deployments",
// "apiVersion": "2019-10-01",
// "dependsOn": [
// "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// ],
// "properties": {
// "mode": "Incremental",
// "templateLink": {
// "uri": "[variables('templateUri')]",
// "contentVersion": "1.0.0.0"
// },
// "parameters": {
// "privateEndpointName": {
// "value": "[concat(variables('storageAccountName'), '-pe')]"
// },
// "privateEndpointLocation": {
// "value": "[variables('location')]"
// },
// "privateLinkServiceResourceId": {
// "value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// },
// "privateLinkServiceGroupId": {
// "value": "blob"
// },
// "subnetResourceId": {
// "value": "[variables('privateLinkSubnetResourceId')]"
// },
// "privateDnsZoneId": {
// "value": "[resourceId(reference(variables('privateDnsZoneResourceGroupId'), '2020-06-01', 'Full').subscriptionId, variables('privateDnsZoneResourceGroupName'), 'Microsoft.Network/privateDnsZones', 'privatelink.file.core.windows.net')]"
// }
// }
// }
// },
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02-preview",
"name": "[variables('applicationInsightsName')]",
"location": "[variables('location')]",
"kind": "web",
"properties": {
"Application_Type": "web",
"Flow_Type": "Bluefield",
"Request_Source": "rest",
"DisableIpMasking": false,
"WorkspaceResourceId": "[variables('logAnalyticsWorkspaceResourceId')]",
"publicNetworkAccessForIngestion": "Disabled",
"publicNetworkAccessForQuery": "Disabled"
}
},
{
"name": "[variables('keyVaultName')]",
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2019-09-01",
"location": "[variables('location')]",
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enablePurgeProtection": true,
"enableSoftDelete": true,
"enableRbacAuthorization": false,
"tenantId": "[subscription().tenantId]",
"createMode": "default",
"accessPolicies": [
],
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"bypass": "None",
"defaultAction": "Deny",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
},
// {
// "name": "KeyVaultPrivateEndpointDeployment",
// "type": "Microsoft.Resources/deployments",
// "apiVersion": "2019-10-01",
// "dependsOn": [
// "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
// ],
// "properties": {
// "mode": "Incremental",
// "templateLink": {
// "uri": "[variables('templateUri')]",
// "contentVersion": "1.0.0.0"
// },
// "parameters": {
// "privateEndpointName": {
// "value": "[concat(variables('storageAccountName'), '-pe')]"
// },
// "privateEndpointLocation": {
// "value": "[variables('location')]"
// },
// "privateLinkServiceResourceId": {
// "value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// },
// "privateLinkServiceGroupId": {
// "value": "blob"
// },
// "subnetResourceId": {
// "value": "[variables('privateLinkSubnetResourceId')]"
// },
// "privateDnsZoneId": {
// "value": "[resourceId(reference(variables('privateDnsZoneResourceGroupId'), '2020-06-01', 'Full').subscriptionId, variables('privateDnsZoneResourceGroupName'), 'Microsoft.Network/privateDnsZones', 'privatelink.vaultcore.azure.net')]"
// }
// }
// }
// },
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2019-12-01-preview",
"name": "[variables('containerRegistryName')]",
"location": "[variables('location')]",
"sku": {
"name": "Premium"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"adminUserEnabled": true,
"networkRuleSet": {
"defaultAction": "Deny",
"virtualNetworkRules": [
],
"ipRules": [
]
},
"policies": {
"quarantinePolicy": {
"status": "disabled"
},
"trustPolicy": {
"type": "Notary",
"status": "disabled"
},
"retentionPolicy": {
"days": 7,
"status": "disabled"
}
},
"dataEndpointEnabled": false,
"publicNetworkAccess": "Disabled"
}
},
// {
// "name": "ContainerRegistryPrivateEndpointDeployment",
// "type": "Microsoft.Resources/deployments",
// "apiVersion": "2019-10-01",
// "dependsOn": [
// "[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
// ],
// "properties": {
// "mode": "Incremental",
// "templateLink": {
// "uri": "[variables('templateUri')]",
// "contentVersion": "1.0.0.0"
// },
// "parameters": {
// "privateEndpointName": {
// "value": "[concat(variables('storageAccountName'), '-pe')]"
// },
// "privateEndpointLocation": {
// "value": "[variables('location')]"
// },
// "privateLinkServiceResourceId": {
// "value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
// },
// "privateLinkServiceGroupId": {
// "value": "blob"
// },
// "subnetResourceId": {
// "value": "[variables('privateLinkSubnetResourceId')]"
// },
// "privateDnsZoneId": {
// "value": "[resourceId(reference(variables('privateDnsZoneResourceGroupId'), '2020-06-01', 'Full').subscriptionId, variables('privateDnsZoneResourceGroupName'), 'Microsoft.Network/privateDnsZones', 'privatelink.azurecr.io')]"
// }
// }
// }
// },
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2020-06-01",
"name": "[variables('workspaceName')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
"[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
// "[resourceId('Microsoft.Resources/deployments', 'ContainerRegistryPrivateEndpointDeployment')]",
// "[resourceId('Microsoft.Resources/deployments', 'KeyVaultPrivateEndpointDeployment')]"
],
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"tier": "enterprise",
"name": "enterprise"
},
"properties": {
"friendlyName": "[variables('workspaceName')]",
"description": "",
"keyVault": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"applicationInsights": "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
"storageAccount": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"containerRegistry": "[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]",
"hbiWorkspace": true,
"allowPublicAccessWhenBehindVnet": false,
"sharedPrivateLinkResources": [
{
"name": "ContainerRegistry",
"properties": {
"groupId": "registry",
"privateLinkResourceId": "[concat(resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName')), '/privateLinkResources/registry')]",
"requestMessage": "Approve",
"status": "Pending"
}
},
{
"name": "KeyVault",
"properties": {
"groupId": "vault",
"privateLinkResourceId": "[concat(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '/privateLinkResources/vault')]",
"requestMessage": "Approve",
"status": "Pending"
}
}
// {
// "name": "BlobStorage",
// "properties": {
// "groupId": "blob",
// "privateLinkResourceId": "[concat(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '/privateLinkResources/blob')]",
// "requestMessage": "Approve",
// "status": "Approved"
// }
// },
// {
// "name": "FileStorage",
// "properties": {
// "groupId": "file",
// "privateLinkResourceId": "[concat(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '/privateLinkResources/file')]",
// "requestMessage": "Approve",
// "status": "Approved"
// }
// }
]
}
},
{
"name": "MlWorkspacePrivateEndpointDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', variables('workspaceName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('templateUri')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"privateEndpointName": {
"value": "[concat(variables('storageAccountName'), '-pe')]"
},
"privateEndpointLocation": {
"value": "[variables('location')]"
},
"privateLinkServiceResourceId": {
"value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
},
"privateLinkServiceGroupId": {
"value": "blob"
},
"subnetResourceId": {
"value": "[variables('privateLinkSubnetResourceId')]"
},
"privateDnsZoneId": {
"value": "[resourceId(reference(variables('privateDnsZoneResourceGroupId'), '2020-06-01', 'Full').subscriptionId, variables('privateDnsZoneResourceGroupName'), 'Microsoft.Network/privateDnsZones', 'privatelink.api.azureml.ms')]"
}
}
}
}
],
"outputs": {}
}

39
infra/MachineLearning/params.mlWorkspace.privateLink.json Normal file
Просмотреть файл

@ -0,0 +1,39 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus2"
},
"workspaceName": {
"value": "azuremlpl"
},
"keyVaultName": {
"value": "azuremlplkv0"
},
"applicationInsightsName": {
"value": "azuremlplai"
},
"storageAccountName": {
"value": "azuremlpls"
},
"storageAccountType": {
"value": "Standard_ZRS"
},
"containerRegistryName": {
"value": "azuremlplcr"
},
"logAnalyticsWorkspaceResourceId": {
"value": "/subscriptions/558bd446-4212-46a2-908c-9ab0a628705e/resourcegroups/azureml-privatelink-rg/providers/microsoft.operationalinsights/workspaces/azuremlpllaw"
},
"privateDnsZoneResourceGroupName": {
"value": "azureml-privatelink-rg"
},
"privateLinkSubnetResourceId": {
"value": "/subscriptions/558bd446-4212-46a2-908c-9ab0a628705e/resourceGroups/azureml-privatelink-rg/providers/Microsoft.Network/virtualNetworks/amlVnet/subnets/privateLinkSubnet"
},
"serviceEndpointSubnetResourceId": {
"value": "/subscriptions/558bd446-4212-46a2-908c-9ab0a628705e/resourceGroups/azureml-privatelink-rg/providers/Microsoft.Network/virtualNetworks/amlVnet/subnets/serviceEndpointSubnet"
}
}
}

98
infra/PrivateEndpoint/deploy.privateEndpoint.json Normal file
Просмотреть файл

@ -0,0 +1,98 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"privateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of your private endpoint."
}
},
"privateEndpointLocation": {
"type": "string",
"metadata": {
"description": "Specifies the location of your private endpoint."
}
},
"privateLinkServiceResourceId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the resource to enable private endpoint for."
}
},
"privateLinkServiceGroupId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the sub service to create a link for (e.g. sqlServer, blob, table)."
}
},
"subnetResourceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the subnet that should be used for the private endpoint."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the private DNS zone that should be used for the private endpoint."
}
}
},
"functions": [],
"variables": {
"privateEndpointName": "[parameters('privateEndpointName')]",
"privateEndpointLocation": "[parameters('privateEndpointLocation')]",
"privateLinkServiceResourceId": "[parameters('privateLinkServiceResourceId')]",
"privateLinkServiceGroupId": "[parameters('privateLinkServiceGroupId')]",
"subnetResourceId": "[parameters('subnetResourceId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]"
},
"resources": [
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"location": "[variables('privateEndpointLocation')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[variables('privateLinkServiceResourceId')]",
"groupIds": [
"[variables('privateLinkServiceGroupId')]"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetResourceId')]"
}
}
},
{
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('privateEndpointLocation')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {}
}