Skip to content

Commit 7c3cb07

Browse files
Merge pull request #572 from microsoft/dev
fix: merging dev to main
2 parents b429341 + ce71d54 commit 7c3cb07

7 files changed

Lines changed: 2158 additions & 588 deletions

File tree

azure.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
name: document-knowledge-mining-solution-accelerator
44

55
requiredVersions:
6-
azd: '>= 1.18.0'
6+
azd: '>= 1.18.0 != 1.23.9'
77

88
# metadata:
99
# template: document-knowledge-mining-solution-accelerator@1.0

docs/CustomizingAzdParameters.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ By default this template will use the environment name as the prefix to prevent
2121
| `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string | Guide to get your [Existing Workspace ID](/docs/re-use-log-analytics.md) | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one. |
2222
| `AZURE_ENV_VM_ADMIN_USERNAME` | string | `take(newGuid(), 20)` | The administrator username for the virtual machine. |
2323
| `AZURE_ENV_VM_ADMIN_PASSWORD` | string | `newGuid()` | The administrator password for the virtual machine. |
24+
| `AZURE_ENV_VM_SIZE` | string | `Standard_D2s_v5` | The size of the Jumpbox Virtual Machine. Only applicable when `enablePrivateNetworking` is true. |
2425
| `AZURE_ENV_ENABLE_TELEMETRY` | bool | `true` | Enables telemetry for monitoring and diagnostics. |
2526
---
2627

docs/TroubleShootingSteps.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ Use these as quick reference guides to unblock your deployments.
6161
| **ServiceQuotaExceeded** | Free tier service quota limit reached for Azure AI Search | This error occurs when you attempt to deploy an Azure AI Search service but have already reached the **free tier quota limit** for your subscription. Each Azure subscription is limited to **one free tier Search service**.<br><br>**Example error message:**<br>`ServiceQuotaExceeded: Operation would exceed 'free' tier service quota. You are using 1 out of 1 'free' tier service quota.`<br><br>**Common causes:**<br><ul><li>Already have a free tier Azure AI Search service in the subscription</li><li>Previous deployment created a free tier Search service that wasn't deleted</li><li>Attempting to deploy multiple environments with free tier Search services</li></ul><br>**Resolution:**<br><ul><li>**Option 1: Delete existing free tier Search service:**<br>`az search service list --query "[?sku.name=='free']" -o table`<br>`az search service delete --name <service-name> --resource-group <rg-name> --yes`</li><li>**Option 2: Upgrade to a paid SKU:**<br>Modify your Bicep/ARM template to use `basic`, `standard`, or higher SKU instead of `free`</li><li>**Option 3: Use existing Search service:**<br>Reference the existing free tier Search service in your deployment instead of creating a new one</li><li>**Request quota increase:**<br>Submit a support request with issue type 'Service and subscription limits (quota)' and quota type 'Search' via [Azure Quota Request](https://aka.ms/AddQuotaSubscription)</li></ul><br>**Reference:**<br><ul><li>[Azure AI Search service limits](https://learn.microsoft.com/en-us/azure/search/search-limits-quotas-capacity)</li><li>[Azure AI Search pricing tiers](https://learn.microsoft.com/en-us/azure/search/search-sku-tier)</li></ul> |
6262
| **InsufficientQuota** | Not enough quota available in subscription | <ul><li>Check if you have sufficient quota available in your subscription before deployment</li><li>To verify, refer to the [quota_check](../docs/QuotaCheck.md) file for details</li></ul> |
6363
| **MaxNumberOfRegionalEnvironmentsInSubExceeded** | Maximum Container App Environments limit reached for region |This error occurs when you attempt to create more **Azure Container App Environments** than the regional quota limit allows for your subscription. Each Azure region has a specific limit on the number of Container App Environments that can be created per subscription.<br><br>**Common Causes:**<br><ul><li>Deploying to regions with low quota limits (e.g., Sweden Central allows only 1 environment)</li><li>Multiple deployments without cleaning up previous environments</li><li>Exceeding the standard limit of 15 environments in most major regions</li></ul><br>**Resolution:**<br><ul><li>**Delete unused environments** in the target region, OR</li><li>**Deploy to a different region** with available capacity, OR</li><li>**Request quota increase** via [Azure Support](https://go.microsoft.com/fwlink/?linkid=2208872)</li></ul><br>**Reference:**<br><ul><li>[Azure Container Apps quotas](https://learn.microsoft.com/en-us/azure/container-apps/quotas)</li><li>[Azure subscription and service limits](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits)</li></ul> |
64-
| **SkuNotAvailable** | Requested SKU not available in selected location or zone | You receive this error in the following scenarios:<br><ul><li>When the resource SKU you've selected, such as VM size, isn't available for a location or zone</li><li>If you're deploying an Azure Spot VM or Spot scale set instance, and there isn't any capacity for Azure Spot in this location. For more information, see Spot error messages</li></ul> |
64+
| **SkuNotAvailable** | Requested SKU not available in selected location or zone | This error occurs when the resource SKU you've selected (such as VM size) isn't available for the target location or availability zone.<br><br>**In this deployment**, the jumpbox VM defaults to `Standard_D2s_v5`. While this size is available in most regions, certain regions or zones may not support it.<br><br>**Resolution:**<br><ul><li>**Check SKU availability** for your target region:<br>`az vm list-skus --location <region> --size Standard_D2s --output table`</li><li>**Override the VM size** if the default isn't available in your region:<br>`azd env set AZURE_ENV_VM_SIZE Standard_D2s_v4`</li><li>**Recommended alternatives** (all support accelerated networking + Premium SSD):<br>- `Standard_D2s_v4` — previous gen, identical pricing<br>- `Standard_D2as_v5` — AMD-based, similar pricing<br>- `Standard_D2s_v3` — older gen, widely available</li><li>**Avoid A-series VMs** (e.g., `Standard_A2m_v2`) — they do not support accelerated networking or Premium SSD, which are required by this deployment</li></ul><br>**Reference:**<br><ul><li>[Resolve errors for SKU not available](https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-sku-not-available)</li><li>[Azure VM sizes - Dsv5 series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dsv5-series)</li></ul> |
6565
| **Conflict - No available instances to satisfy this request** | Azure App Service has insufficient capacity in the region | This error occurs when Azure App Service doesn't have enough available compute instances in the selected region to provision or scale your app.<br><br>**Common Causes:**<br><ul><li>High demand in the selected region (e.g., East US, West Europe)</li><li>Specific SKUs experiencing capacity constraints (Free, Shared, or certain Premium tiers)</li><li>Multiple rapid deployments in the same region</li></ul><br>**Resolution:**<br><ul><li>**Wait and Retry** (15-30 minutes): `azd up`</li><li>**Deploy to a New Resource Group** (Recommended for urgent cases):<br>```<br>azd down --force --purge<br>azd up<br>```</li><li>**Try a Different Region:**<br>Update region in `main.bicep` or `azure.yaml` to a less congested region (e.g., `westus2`, `centralus`, `northeurope`)</li><li>**Use a Different SKU/Tier:**<br>If using Free/Shared tier, upgrade to Basic or Standard<br>Check SKU availability: `az appservice list-locations --sku <sku-name>`</li></ul><br>**Reference:** [Azure App Service Plans](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans) |
6666

6767
--------------------------------

infra/main.bicep

Lines changed: 65 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ param vmAdminUsername string?
7171
param vmAdminPassword string?
7272

7373
@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')
74-
param vmSize string = 'Standard_DS2_v2'
74+
param vmSize string = 'Standard_D2s_v5'
7575

7676
@description('Optional. The tags to apply to all deployed Azure resources.')
7777
param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = {}
@@ -351,7 +351,7 @@ module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enable
351351
name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
352352
params: {
353353
name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
354-
vmSize: vmSize ?? 'Standard_DS2_v2'
354+
vmSize: vmSize ?? 'Standard_D2s_v5'
355355
location: solutionLocation
356356
adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
357357
adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
@@ -827,23 +827,7 @@ module avmOpenAi 'br/public:avm/res/cognitive-services/account:0.13.2' = {
827827
bypass: 'AzureServices'
828828
}
829829

830-
privateEndpoints: enablePrivateNetworking
831-
? [
832-
{
833-
name: 'pep-openai-${solutionSuffix}'
834-
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
835-
service: 'account'
836-
privateDnsZoneGroup: {
837-
privateDnsZoneGroupConfigs: [
838-
{
839-
name: 'openai-dns-zone-group'
840-
privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.openAI]!.outputs.resourceId
841-
}
842-
]
843-
}
844-
}
845-
]
846-
: []
830+
privateEndpoints: []
847831

848832
// Role assignments
849833
roleAssignments: [
@@ -864,6 +848,38 @@ module avmOpenAi 'br/public:avm/res/cognitive-services/account:0.13.2' = {
864848
}
865849
}
866850

851+
module openaiPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking) {
852+
name: take('pep-${openAiAccountName}-deployment', 64)
853+
params: {
854+
name: 'pep-${openAiAccountName}'
855+
customNetworkInterfaceName: 'nic-${openAiAccountName}'
856+
location: solutionLocation
857+
tags: tags
858+
privateLinkServiceConnections: [
859+
{
860+
name: 'pep-${openAiAccountName}-connection'
861+
properties: {
862+
privateLinkServiceId: avmOpenAi.outputs.resourceId
863+
groupIds: ['account']
864+
}
865+
}
866+
]
867+
privateDnsZoneGroup: {
868+
privateDnsZoneGroupConfigs: [
869+
{
870+
name: 'ai-services-dns-zone-cognitiveservices'
871+
privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.cognitiveServices]!.outputs.resourceId
872+
}
873+
{
874+
name: 'ai-services-dns-zone-openai'
875+
privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.openAI]!.outputs.resourceId
876+
}
877+
]
878+
}
879+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
880+
}
881+
}
882+
867883
// ========== Cognitive Services - Document Intellignece module ========== //
868884
var docIntelAccountName = 'di-${solutionSuffix}'
869885
module documentIntelligence 'br/public:avm/res/cognitive-services/account:0.13.2' = {
@@ -886,24 +902,8 @@ module documentIntelligence 'br/public:avm/res/cognitive-services/account:0.13.2
886902
defaultAction: enablePrivateNetworking ? 'Deny' : 'Allow'
887903
}
888904

889-
// Private Endpoint for Form Recognizer
890-
privateEndpoints: enablePrivateNetworking
891-
? [
892-
{
893-
name: 'pep-docintel-${solutionSuffix}'
894-
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
895-
service: 'account'
896-
privateDnsZoneGroup: {
897-
privateDnsZoneGroupConfigs: [
898-
{
899-
name: 'docintel-dns-zone-group'
900-
privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.cognitiveServices]!.outputs.resourceId
901-
}
902-
]
903-
}
904-
}
905-
]
906-
: []
905+
// Private Endpoint separated to dedicated module below
906+
privateEndpoints: []
907907

908908
// Role Assignments
909909
roleAssignments: [
@@ -916,6 +916,34 @@ module documentIntelligence 'br/public:avm/res/cognitive-services/account:0.13.2
916916
}
917917
}
918918

919+
module docIntelPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking) {
920+
name: take('pep-${docIntelAccountName}-deployment', 64)
921+
params: {
922+
name: 'pep-${docIntelAccountName}'
923+
customNetworkInterfaceName: 'nic-${docIntelAccountName}'
924+
location: solutionLocation
925+
tags: tags
926+
privateLinkServiceConnections: [
927+
{
928+
name: 'pep-${docIntelAccountName}-connection'
929+
properties: {
930+
privateLinkServiceId: documentIntelligence.outputs.resourceId
931+
groupIds: ['account']
932+
}
933+
}
934+
]
935+
privateDnsZoneGroup: {
936+
privateDnsZoneGroupConfigs: [
937+
{
938+
name: 'docintel-dns-zone-cognitiveservices'
939+
privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.cognitiveServices]!.outputs.resourceId
940+
}
941+
]
942+
}
943+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
944+
}
945+
}
946+
919947
// ========== Azure Kubernetes Service (AKS) ========== //
920948
module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.10.1' = {
921949
name: take('avm.res.container-service.managed-cluster.aks-${solutionSuffix}', 64)

0 commit comments

Comments
 (0)