Portalbicepalignment#102
Open
briantim16 wants to merge 22 commits into
Open
Conversation
…ference() race condition
…on from agent-subnet
- Enable Serverless, Session consistency, analytical storage on account
- Create SQL database (db-{baseName}) with conversations container
- Partition key: /principal_id, TTL tracking enabled, composite indexes
- Add DATABASE_NAME and CONVERSATIONS_DATABASE_CONTAINER App Config keys
- Add documents blob container (publicAccess: None) - Enable blob/container soft-delete retention (7d/10d) - Enable infrastructure encryption, HTTPS-only, disable public blob access - Add DOCUMENTS_STORAGE_CONTAINER App Config key
- Update avm.res.app.container-app.json wrapper to pass through dapr and scaleSettings - Add containerAppTemplateUri and containerAppName variables - Add deployContainerApp-orchestrator block (dapr, system MI, port 8080, 1 replica) - Add resolveContainerAppIdentity intermediate deployment - Add containerAppRoleAssignments-orchestrator (10 ARM roles: AcrPull, AppConfigDataReader, CogSvcUser, CogSvcOpenAIUser, KVSecretsUser, SearchIndexDataReader, SearchIndexDataContributor, StorageBlobDataContributor, StorageBlobDataReader, StorageBlobDelegator) - Add containerAppCosmosRoleAssignment-orchestrator (CosmosDB BuiltInDataContributor) - Add 4 App Config keys: ORCHESTRATOR_APP_NAME, FQDN, RESOURCE_ID, PRINCIPAL_ID - Remove duplicate res.cogs.bing.json wrapper (identical to res.bing-search.json)
…t VM SKU selectors - Add Deploy Container App (Orchestrator) toggle in Applications step, visible when env is enabled - Gate bastionHost and bastionNsg on deployVnet=true (skip Bastion when no VNet) - Split single VM SKU selector into Jump VM (Windows) and Build VM (Linux/Ubuntu) - Add buildVmSize parameter to template.json, Build VM block uses it - Update form outputs: containerApps requires both env+app toggles, vmSize maps to Jump VM only
- Fix pe-subnet addressPrefix from .32/26 to .64/26 (must align to /26 boundary) - Set disableLocalAuth=false on App Configuration store to allow ARM keyValue writes for cosmosConfigPopulate and appConfigPopulate
- Add comprehensive resourceIds parameter (36 properties) for brownfield deployments - Fix AI Services role assignment resource IDs (7 locations) - was using name instead of full resource ID - Remove Cosmos DB analytical storage property (Azure API breaking change) - Disable Defender deployments by default (ARM template subscription-scope limitation) - Update 25+ deployment conditionals with brownfield logic - Production tested: 109 resources deployed successfully in australiaeast Fixes role assignment failures for VMs, container apps, and search service. Resolves #102
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
updated Portal deployment to align with Bicep deployment package. CLI-initiated deployments succeed in multiple attempts with the only repeated failures being resource availability in . Usually, the AI Search service is the component that can't deploy which has downstream effects on Foundry resources; not all deploy because some rely on AI Search.
I successfully deployed the full package twice, both times everything completed with the exception of AI Search and the related (depends on) Foundry resources.