Microsoft.MachineLearningServices workspaces/computes 2022-10-01-preview
- Latest
- 2024-10-01
- 2024-10-01-preview
- 2024-07-01-preview
- 2024-04-01
- 2024-04-01-preview
- 2024-01-01-preview
- 2023-10-01
- 2023-08-01-preview
- 2023-06-01-preview
- 2023-04-01
- 2023-04-01-preview
- 2023-02-01-preview
- 2022-12-01-preview
- 2022-10-01
- 2022-10-01-preview
- 2022-06-01-preview
- 2022-05-01
- 2022-02-01-preview
- 2022-01-01-preview
- 2021-07-01
- 2021-04-01
- 2021-03-01-preview
- 2021-01-01
- 2020-09-01-preview
- 2020-08-01
- 2020-06-01
- 2020-05-15-preview
- 2020-05-01-preview
- 2020-04-01
- 2020-03-01
- 2020-02-18-preview
- 2020-01-01
- 2019-11-01
- 2019-06-01
- 2019-05-01
- 2018-11-19
- 2018-03-01-preview
Bicep resource definition
The workspaces/computes resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.MachineLearningServices/workspaces/computes@2022-10-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
description: 'string'
resourceId: 'string'
computeType: 'string'
// For remaining properties, see Compute objects
}
sku: {
capacity: int
family: 'string'
name: 'string'
size: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
}
Compute objects
Set the computeType property to specify the type of object.
For AKS, use:
{
computeType: 'AKS'
properties: {
agentCount: int
agentVmSize: 'string'
aksNetworkingConfiguration: {
dnsServiceIP: 'string'
dockerBridgeCidr: 'string'
serviceCidr: 'string'
subnetId: 'string'
}
clusterFqdn: 'string'
clusterPurpose: 'string'
loadBalancerSubnet: 'string'
loadBalancerType: 'string'
sslConfiguration: {
cert: 'string'
cname: 'string'
key: 'string'
leafDomainLabel: 'string'
overwriteExistingDomain: bool
status: 'string'
}
}
}
For AmlCompute, use:
{
computeType: 'AmlCompute'
properties: {
enableNodePublicIp: bool
isolatedNetwork: bool
osType: 'string'
propertyBag: any(Azure.Bicep.Types.Concrete.AnyType)
remoteLoginPortPublicAccess: 'string'
scaleSettings: {
maxNodeCount: int
minNodeCount: int
nodeIdleTimeBeforeScaleDown: 'string'
}
subnet: {
id: 'string'
}
userAccountCredentials: {
adminUserName: 'string'
adminUserPassword: 'string'
adminUserSshPublicKey: 'string'
}
virtualMachineImage: {
id: 'string'
}
vmPriority: 'string'
vmSize: 'string'
}
}
For ComputeInstance, use:
{
computeType: 'ComputeInstance'
properties: {
applicationSharingPolicy: 'string'
autologgerSettings: {
mlflowAutologger: 'string'
}
computeInstanceAuthorizationType: 'string'
customServices: [
{
docker: {
privileged: bool
}
endpoints: [
{
hostIp: 'string'
name: 'string'
protocol: 'string'
published: int
target: int
}
]
environmentVariables: {
{customized property}: {
type: 'string'
value: 'string'
}
}
image: {
reference: 'string'
type: 'string'
}
name: 'string'
volumes: [
{
bind: {
createHostPath: bool
propagation: 'string'
selinux: 'string'
}
consistency: 'string'
readOnly: bool
source: 'string'
target: 'string'
tmpfs: {
size: int
}
type: 'string'
volume: {
nocopy: bool
}
}
]
}
]
enableNodePublicIp: bool
idleTimeBeforeShutdown: 'string'
personalComputeInstanceSettings: {
assignedUser: {
objectId: 'string'
tenantId: 'string'
}
}
setupScripts: {
scripts: {
creationScript: {
scriptArguments: 'string'
scriptData: 'string'
scriptSource: 'string'
timeout: 'string'
}
startupScript: {
scriptArguments: 'string'
scriptData: 'string'
scriptSource: 'string'
timeout: 'string'
}
}
}
sshSettings: {
adminPublicKey: 'string'
sshPublicAccess: 'string'
}
subnet: {
id: 'string'
}
vmSize: 'string'
}
}
For DataFactory, use:
{
computeType: 'DataFactory'
}
For DataLakeAnalytics, use:
{
computeType: 'DataLakeAnalytics'
properties: {
dataLakeStoreAccountName: 'string'
}
}
For Databricks, use:
{
computeType: 'Databricks'
properties: {
databricksAccessToken: 'string'
workspaceUrl: 'string'
}
}
For HDInsight, use:
{
computeType: 'HDInsight'
properties: {
address: 'string'
administratorAccount: {
password: 'string'
privateKeyData: 'string'
publicKeyData: 'string'
username: 'string'
}
sshPort: int
}
}
For Kubernetes, use:
{
computeType: 'Kubernetes'
properties: {
defaultInstanceType: 'string'
extensionInstanceReleaseTrain: 'string'
extensionPrincipalId: 'string'
instanceTypes: {
{customized property}: {
nodeSelector: {
{customized property}: 'string'
}
resources: {
limits: {
{customized property}: 'string'
}
requests: {
{customized property}: 'string'
}
}
}
}
namespace: 'string'
relayConnectionString: 'string'
serviceBusConnectionString: 'string'
vcName: 'string'
}
}
For SynapseSpark, use:
{
computeType: 'SynapseSpark'
properties: {
autoPauseProperties: {
delayInMinutes: int
enabled: bool
}
autoScaleProperties: {
enabled: bool
maxNodeCount: int
minNodeCount: int
}
nodeCount: int
nodeSize: 'string'
nodeSizeFamily: 'string'
poolName: 'string'
resourceGroup: 'string'
sparkVersion: 'string'
subscriptionId: 'string'
workspaceName: 'string'
}
}
For VirtualMachine, use:
{
computeType: 'VirtualMachine'
properties: {
address: 'string'
administratorAccount: {
password: 'string'
privateKeyData: 'string'
publicKeyData: 'string'
username: 'string'
}
isNotebookInstanceCompute: bool
notebookServerPort: int
sshPort: int
virtualMachineSize: 'string'
}
}
Property values
AKS
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AKS' (required) |
properties | AKS properties | AKSSchemaProperties |
AksNetworkingConfiguration
Name | Description | Value |
---|---|---|
dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
subnetId | Virtual network subnet resource ID the compute nodes belong to | string |
AKSSchemaProperties
Name | Description | Value |
---|---|---|
agentCount | Number of agents | int Constraints: Min value = 0 |
agentVmSize | Agent virtual machine size | string |
aksNetworkingConfiguration | AKS networking configuration for vnet | AksNetworkingConfiguration |
clusterFqdn | Cluster full qualified domain name | string |
clusterPurpose | Intended usage of the cluster | 'DenseProd' 'DevTest' 'FastProd' |
loadBalancerSubnet | Load Balancer Subnet | string |
loadBalancerType | Load Balancer Type | 'InternalLoadBalancer' 'PublicIp' |
sslConfiguration | SSL configuration | SslConfiguration |
AmlCompute
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AmlCompute' (required) |
properties | Properties of AmlCompute | AmlComputeProperties |
AmlComputeProperties
Name | Description | Value |
---|---|---|
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
isolatedNetwork | Network is isolated or not | bool |
osType | Compute OS Type | 'Linux' 'Windows' |
propertyBag | A property bag containing additional properties. | any |
remoteLoginPortPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. | 'Disabled' 'Enabled' 'NotSpecified' |
scaleSettings | Scale settings for AML Compute | ScaleSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
userAccountCredentials | Credentials for an administrator user account that will be created on each compute node. | UserAccountCredentials |
virtualMachineImage | Virtual Machine image for AML Compute - windows only | VirtualMachineImage |
vmPriority | Virtual Machine priority | 'Dedicated' 'LowPriority' |
vmSize | Virtual Machine Size | string |
AssignedUser
Name | Description | Value |
---|---|---|
objectId | User’s AAD Object Id. | string (required) |
tenantId | User’s AAD Tenant Id. | string (required) |
AutoPauseProperties
Name | Description | Value |
---|---|---|
delayInMinutes | int | |
enabled | bool |
AutoScaleProperties
Name | Description | Value |
---|---|---|
enabled | bool | |
maxNodeCount | int | |
minNodeCount | int |
BindOptions
Name | Description | Value |
---|---|---|
createHostPath | Indicate whether to create host path. | bool |
propagation | Type of Bind Option | string |
selinux | Mention the selinux options. | string |
Compute
Name | Description | Value |
---|---|---|
computeType | Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. | 'AKS' 'AmlCompute' 'ComputeInstance' 'Databricks' 'DataFactory' 'DataLakeAnalytics' 'HDInsight' 'Kubernetes' 'SynapseSpark' 'VirtualMachine' (required) |
description | The description of the Machine Learning compute. | string |
resourceId | ARM resource id of the underlying compute | string |
ComputeInstance
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'ComputeInstance' (required) |
properties | Properties of ComputeInstance | ComputeInstanceProperties |
ComputeInstanceAutologgerSettings
Name | Description | Value |
---|---|---|
mlflowAutologger | Indicates whether mlflow autologger is enabled for notebooks. | 'Disabled' 'Enabled' |
ComputeInstanceProperties
Name | Description | Value |
---|---|---|
applicationSharingPolicy | Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. | 'Personal' 'Shared' |
autologgerSettings | Specifies settings for autologger. | ComputeInstanceAutologgerSettings |
computeInstanceAuthorizationType | The Compute Instance Authorization type. Available values are personal (default). | 'personal' |
customServices | List of Custom Services added to the compute. | CustomService[] |
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
idleTimeBeforeShutdown | Stops compute instance after user defined period of inactivity. Time is defined in ISO8601 format. Minimum is 15 min, maximum is 3 days. | string |
personalComputeInstanceSettings | Settings for a personal compute instance. | PersonalComputeInstanceSettings |
setupScripts | Details of customized scripts to execute for setting up the cluster. | SetupScripts |
sshSettings | Specifies policy and settings for SSH access. | ComputeInstanceSshSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
vmSize | Virtual Machine Size | string |
ComputeInstanceSshSettings
Name | Description | Value |
---|---|---|
adminPublicKey | Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. | string |
sshPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. | 'Disabled' 'Enabled' |
ComputeResourceTags
Name | Description | Value |
---|
CustomService
Name | Description | Value |
---|---|---|
docker | Describes the docker settings for the image | Docker |
endpoints | Configuring the endpoints for the container | Endpoint[] |
environmentVariables | Environment Variable for the container | CustomServiceEnvironmentVariables |
image | Describes the Image Specifications | Image |
name | Name of the Custom Service | string |
volumes | Configuring the volumes for the container | VolumeDefinition[] |
CustomServiceEnvironmentVariables
Name | Description | Value |
---|
Databricks
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Databricks' (required) |
properties | Properties of Databricks | DatabricksProperties |
DatabricksProperties
Name | Description | Value |
---|---|---|
databricksAccessToken | Databricks access token | string |
workspaceUrl | Workspace Url | string |
DataFactory
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataFactory' (required) |
DataLakeAnalytics
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataLakeAnalytics' (required) |
properties | DataLakeAnalyticsSchemaProperties |
DataLakeAnalyticsSchemaProperties
Name | Description | Value |
---|---|---|
dataLakeStoreAccountName | DataLake Store Account Name | string |
Docker
Name | Description | Value |
---|---|---|
privileged | Indicate whether container shall run in privileged or non-privileged mode. | bool |
Endpoint
Name | Description | Value |
---|---|---|
hostIp | Host IP over which the application is exposed from the container | string |
name | Name of the Endpoint | string |
protocol | Protocol over which communication will happen over this endpoint | 'http' 'tcp' 'udp' |
published | Port over which the application is exposed from container. | int |
target | Application port inside the container. | int |
EnvironmentVariable
Name | Description | Value |
---|---|---|
type | Type of the Environment Variable. Possible values are: local - For local variable | 'local' |
value | Value of the Environment variable | string |
HDInsight
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'HDInsight' (required) |
properties | HDInsight compute properties | HDInsightProperties |
HDInsightProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the master node of the cluster. | string |
administratorAccount | Admin credentials for master node of the cluster | VirtualMachineSshCredentials |
sshPort | Port open for ssh connections on the master node of the cluster. | int |
Image
Name | Description | Value |
---|---|---|
reference | Image reference URL | string |
type | Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images | 'azureml' 'docker' |
InstanceResourceSchema
Name | Description | Value |
---|
InstanceResourceSchema
Name | Description | Value |
---|
InstanceTypeSchema
Name | Description | Value |
---|---|---|
nodeSelector | Node Selector | InstanceTypeSchemaNodeSelector |
resources | Resource requests/limits for this instance type | InstanceTypeSchemaResources |
InstanceTypeSchemaNodeSelector
Name | Description | Value |
---|
InstanceTypeSchemaResources
Name | Description | Value |
---|---|---|
limits | Resource limits for this instance type | InstanceResourceSchema |
requests | Resource requests for this instance type | InstanceResourceSchema |
Kubernetes
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Kubernetes' (required) |
properties | Properties of Kubernetes | KubernetesProperties |
KubernetesProperties
Name | Description | Value |
---|---|---|
defaultInstanceType | Default instance type | string |
extensionInstanceReleaseTrain | Extension instance release train. | string |
extensionPrincipalId | Extension principal-id. | string |
instanceTypes | Instance Type Schema | KubernetesPropertiesInstanceTypes |
namespace | Compute namespace | string |
relayConnectionString | Relay connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
serviceBusConnectionString | ServiceBus connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
vcName | VC name. | string |
KubernetesPropertiesInstanceTypes
Name | Description | Value |
---|
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.MachineLearningServices/workspaces/computes
Name | Description | Value |
---|---|---|
identity | The identity of the resource. | ManagedServiceIdentity |
location | Specifies the location of the resource. | string |
name | The resource name | string (required) |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: workspaces |
properties | Compute properties | Compute |
sku | The sku of the workspace. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
PersonalComputeInstanceSettings
Name | Description | Value |
---|---|---|
assignedUser | A user explicitly assigned to a personal compute instance. | AssignedUser |
ResourceId
Name | Description | Value |
---|---|---|
id | The ID of the resource | string (required) |
ScaleSettings
Name | Description | Value |
---|---|---|
maxNodeCount | Max number of nodes to use | int (required) |
minNodeCount | Min number of nodes to use | int |
nodeIdleTimeBeforeScaleDown | Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. | string |
ScriptReference
Name | Description | Value |
---|---|---|
scriptArguments | Optional command line arguments passed to the script to run. | string |
scriptData | The location of scripts in the mounted volume. | string |
scriptSource | The storage source of the script: workspace. | string |
timeout | Optional time period passed to timeout command. | string |
ScriptsToExecute
Name | Description | Value |
---|---|---|
creationScript | Script that's run only once during provision of the compute. | ScriptReference |
startupScript | Script that's run every time the machine starts. | ScriptReference |
SetupScripts
Name | Description | Value |
---|---|---|
scripts | Customized setup scripts | ScriptsToExecute |
Sku
Name | Description | Value |
---|---|---|
capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
name | The name of the SKU. Ex - P3. It is typically a letter+number code | string (required) |
size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SslConfiguration
Name | Description | Value |
---|---|---|
cert | Cert data | string Constraints: Sensitive value. Pass in as a secure parameter. |
cname | CNAME of the cert | string |
key | Key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
leafDomainLabel | Leaf domain label of public endpoint | string |
overwriteExistingDomain | Indicates whether to overwrite existing domain label. | bool |
status | Enable or disable ssl for scoring | 'Auto' 'Disabled' 'Enabled' |
SynapseSpark
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'SynapseSpark' (required) |
properties | SynapseSparkProperties |
SynapseSparkProperties
Name | Description | Value |
---|---|---|
autoPauseProperties | Auto pause properties. | AutoPauseProperties |
autoScaleProperties | Auto scale properties. | AutoScaleProperties |
nodeCount | The number of compute nodes currently assigned to the compute. | int |
nodeSize | Node size. | string |
nodeSizeFamily | Node size family. | string |
poolName | Pool name. | string |
resourceGroup | Name of the resource group in which workspace is located. | string |
sparkVersion | Spark version. | string |
subscriptionId | Azure subscription identifier. | string |
workspaceName | Name of Azure Machine Learning workspace. | string |
TmpfsOptions
Name | Description | Value |
---|---|---|
size | Mention the Tmpfs size | int |
UserAccountCredentials
Name | Description | Value |
---|---|---|
adminUserName | Name of the administrator user account which can be used to SSH to nodes. | string (required) |
adminUserPassword | Password of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUserSshPublicKey | SSH public key of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
VirtualMachine
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'VirtualMachine' (required) |
properties | VirtualMachineSchemaProperties |
VirtualMachineImage
Name | Description | Value |
---|---|---|
id | Virtual Machine image path | string (required) |
VirtualMachineSchemaProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the virtual machine. | string |
administratorAccount | Admin credentials for virtual machine | VirtualMachineSshCredentials |
isNotebookInstanceCompute | Indicates whether this compute will be used for running notebooks. | bool |
notebookServerPort | Notebook server port open for ssh connections. | int |
sshPort | Port open for ssh connections. | int |
virtualMachineSize | Virtual Machine size | string |
VirtualMachineSshCredentials
Name | Description | Value |
---|---|---|
password | Password of admin account | string |
privateKeyData | Private key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
publicKeyData | Public key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
username | Username of admin account | string |
VolumeDefinition
Name | Description | Value |
---|---|---|
bind | Bind Options of the mount | BindOptions |
consistency | Consistency of the volume | string |
readOnly | Indicate whether to mount volume as readOnly. Default value for this is false. | bool |
source | Source of the mount. For bind mounts this is the host path. | string |
target | Target of the mount. For bind mounts this is the path in the container. | string |
tmpfs | tmpfs option of the mount | TmpfsOptions |
type | Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe | 'bind' 'npipe' 'tmpfs' 'volume' |
volume | Volume Options of the mount | VolumeOptions |
VolumeOptions
Name | Description | Value |
---|---|---|
nocopy | Indicate whether volume is nocopy | bool |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Azure Machine Learning end-to-end secure setup | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an AKS compute target with a Private IP address | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
ARM template resource definition
The workspaces/computes resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following JSON to your template.
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2022-10-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"description": "string",
"resourceId": "string",
"computeType": "string"
// For remaining properties, see Compute objects
},
"sku": {
"capacity": "int",
"family": "string",
"name": "string",
"size": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
}
}
Compute objects
Set the computeType property to specify the type of object.
For AKS, use:
{
"computeType": "AKS",
"properties": {
"agentCount": "int",
"agentVmSize": "string",
"aksNetworkingConfiguration": {
"dnsServiceIP": "string",
"dockerBridgeCidr": "string",
"serviceCidr": "string",
"subnetId": "string"
},
"clusterFqdn": "string",
"clusterPurpose": "string",
"loadBalancerSubnet": "string",
"loadBalancerType": "string",
"sslConfiguration": {
"cert": "string",
"cname": "string",
"key": "string",
"leafDomainLabel": "string",
"overwriteExistingDomain": "bool",
"status": "string"
}
}
}
For AmlCompute, use:
{
"computeType": "AmlCompute",
"properties": {
"enableNodePublicIp": "bool",
"isolatedNetwork": "bool",
"osType": "string",
"propertyBag": {},
"remoteLoginPortPublicAccess": "string",
"scaleSettings": {
"maxNodeCount": "int",
"minNodeCount": "int",
"nodeIdleTimeBeforeScaleDown": "string"
},
"subnet": {
"id": "string"
},
"userAccountCredentials": {
"adminUserName": "string",
"adminUserPassword": "string",
"adminUserSshPublicKey": "string"
},
"virtualMachineImage": {
"id": "string"
},
"vmPriority": "string",
"vmSize": "string"
}
}
For ComputeInstance, use:
{
"computeType": "ComputeInstance",
"properties": {
"applicationSharingPolicy": "string",
"autologgerSettings": {
"mlflowAutologger": "string"
},
"computeInstanceAuthorizationType": "string",
"customServices": [
{
"docker": {
"privileged": "bool"
},
"endpoints": [
{
"hostIp": "string",
"name": "string",
"protocol": "string",
"published": "int",
"target": "int"
}
],
"environmentVariables": {
"{customized property}": {
"type": "string",
"value": "string"
}
},
"image": {
"reference": "string",
"type": "string"
},
"name": "string",
"volumes": [
{
"bind": {
"createHostPath": "bool",
"propagation": "string",
"selinux": "string"
},
"consistency": "string",
"readOnly": "bool",
"source": "string",
"target": "string",
"tmpfs": {
"size": "int"
},
"type": "string",
"volume": {
"nocopy": "bool"
}
}
]
}
],
"enableNodePublicIp": "bool",
"idleTimeBeforeShutdown": "string",
"personalComputeInstanceSettings": {
"assignedUser": {
"objectId": "string",
"tenantId": "string"
}
},
"setupScripts": {
"scripts": {
"creationScript": {
"scriptArguments": "string",
"scriptData": "string",
"scriptSource": "string",
"timeout": "string"
},
"startupScript": {
"scriptArguments": "string",
"scriptData": "string",
"scriptSource": "string",
"timeout": "string"
}
}
},
"sshSettings": {
"adminPublicKey": "string",
"sshPublicAccess": "string"
},
"subnet": {
"id": "string"
},
"vmSize": "string"
}
}
For DataFactory, use:
{
"computeType": "DataFactory"
}
For DataLakeAnalytics, use:
{
"computeType": "DataLakeAnalytics",
"properties": {
"dataLakeStoreAccountName": "string"
}
}
For Databricks, use:
{
"computeType": "Databricks",
"properties": {
"databricksAccessToken": "string",
"workspaceUrl": "string"
}
}
For HDInsight, use:
{
"computeType": "HDInsight",
"properties": {
"address": "string",
"administratorAccount": {
"password": "string",
"privateKeyData": "string",
"publicKeyData": "string",
"username": "string"
},
"sshPort": "int"
}
}
For Kubernetes, use:
{
"computeType": "Kubernetes",
"properties": {
"defaultInstanceType": "string",
"extensionInstanceReleaseTrain": "string",
"extensionPrincipalId": "string",
"instanceTypes": {
"{customized property}": {
"nodeSelector": {
"{customized property}": "string"
},
"resources": {
"limits": {
"{customized property}": "string"
},
"requests": {
"{customized property}": "string"
}
}
}
},
"namespace": "string",
"relayConnectionString": "string",
"serviceBusConnectionString": "string",
"vcName": "string"
}
}
For SynapseSpark, use:
{
"computeType": "SynapseSpark",
"properties": {
"autoPauseProperties": {
"delayInMinutes": "int",
"enabled": "bool"
},
"autoScaleProperties": {
"enabled": "bool",
"maxNodeCount": "int",
"minNodeCount": "int"
},
"nodeCount": "int",
"nodeSize": "string",
"nodeSizeFamily": "string",
"poolName": "string",
"resourceGroup": "string",
"sparkVersion": "string",
"subscriptionId": "string",
"workspaceName": "string"
}
}
For VirtualMachine, use:
{
"computeType": "VirtualMachine",
"properties": {
"address": "string",
"administratorAccount": {
"password": "string",
"privateKeyData": "string",
"publicKeyData": "string",
"username": "string"
},
"isNotebookInstanceCompute": "bool",
"notebookServerPort": "int",
"sshPort": "int",
"virtualMachineSize": "string"
}
}
Property values
AKS
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AKS' (required) |
properties | AKS properties | AKSSchemaProperties |
AksNetworkingConfiguration
Name | Description | Value |
---|---|---|
dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
subnetId | Virtual network subnet resource ID the compute nodes belong to | string |
AKSSchemaProperties
Name | Description | Value |
---|---|---|
agentCount | Number of agents | int Constraints: Min value = 0 |
agentVmSize | Agent virtual machine size | string |
aksNetworkingConfiguration | AKS networking configuration for vnet | AksNetworkingConfiguration |
clusterFqdn | Cluster full qualified domain name | string |
clusterPurpose | Intended usage of the cluster | 'DenseProd' 'DevTest' 'FastProd' |
loadBalancerSubnet | Load Balancer Subnet | string |
loadBalancerType | Load Balancer Type | 'InternalLoadBalancer' 'PublicIp' |
sslConfiguration | SSL configuration | SslConfiguration |
AmlCompute
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AmlCompute' (required) |
properties | Properties of AmlCompute | AmlComputeProperties |
AmlComputeProperties
Name | Description | Value |
---|---|---|
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
isolatedNetwork | Network is isolated or not | bool |
osType | Compute OS Type | 'Linux' 'Windows' |
propertyBag | A property bag containing additional properties. | any |
remoteLoginPortPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. | 'Disabled' 'Enabled' 'NotSpecified' |
scaleSettings | Scale settings for AML Compute | ScaleSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
userAccountCredentials | Credentials for an administrator user account that will be created on each compute node. | UserAccountCredentials |
virtualMachineImage | Virtual Machine image for AML Compute - windows only | VirtualMachineImage |
vmPriority | Virtual Machine priority | 'Dedicated' 'LowPriority' |
vmSize | Virtual Machine Size | string |
AssignedUser
Name | Description | Value |
---|---|---|
objectId | User’s AAD Object Id. | string (required) |
tenantId | User’s AAD Tenant Id. | string (required) |
AutoPauseProperties
Name | Description | Value |
---|---|---|
delayInMinutes | int | |
enabled | bool |
AutoScaleProperties
Name | Description | Value |
---|---|---|
enabled | bool | |
maxNodeCount | int | |
minNodeCount | int |
BindOptions
Name | Description | Value |
---|---|---|
createHostPath | Indicate whether to create host path. | bool |
propagation | Type of Bind Option | string |
selinux | Mention the selinux options. | string |
Compute
Name | Description | Value |
---|---|---|
computeType | Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. | 'AKS' 'AmlCompute' 'ComputeInstance' 'Databricks' 'DataFactory' 'DataLakeAnalytics' 'HDInsight' 'Kubernetes' 'SynapseSpark' 'VirtualMachine' (required) |
description | The description of the Machine Learning compute. | string |
resourceId | ARM resource id of the underlying compute | string |
ComputeInstance
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'ComputeInstance' (required) |
properties | Properties of ComputeInstance | ComputeInstanceProperties |
ComputeInstanceAutologgerSettings
Name | Description | Value |
---|---|---|
mlflowAutologger | Indicates whether mlflow autologger is enabled for notebooks. | 'Disabled' 'Enabled' |
ComputeInstanceProperties
Name | Description | Value |
---|---|---|
applicationSharingPolicy | Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. | 'Personal' 'Shared' |
autologgerSettings | Specifies settings for autologger. | ComputeInstanceAutologgerSettings |
computeInstanceAuthorizationType | The Compute Instance Authorization type. Available values are personal (default). | 'personal' |
customServices | List of Custom Services added to the compute. | CustomService[] |
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
idleTimeBeforeShutdown | Stops compute instance after user defined period of inactivity. Time is defined in ISO8601 format. Minimum is 15 min, maximum is 3 days. | string |
personalComputeInstanceSettings | Settings for a personal compute instance. | PersonalComputeInstanceSettings |
setupScripts | Details of customized scripts to execute for setting up the cluster. | SetupScripts |
sshSettings | Specifies policy and settings for SSH access. | ComputeInstanceSshSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
vmSize | Virtual Machine Size | string |
ComputeInstanceSshSettings
Name | Description | Value |
---|---|---|
adminPublicKey | Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. | string |
sshPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. | 'Disabled' 'Enabled' |
ComputeResourceTags
Name | Description | Value |
---|
CustomService
Name | Description | Value |
---|---|---|
docker | Describes the docker settings for the image | Docker |
endpoints | Configuring the endpoints for the container | Endpoint[] |
environmentVariables | Environment Variable for the container | CustomServiceEnvironmentVariables |
image | Describes the Image Specifications | Image |
name | Name of the Custom Service | string |
volumes | Configuring the volumes for the container | VolumeDefinition[] |
CustomServiceEnvironmentVariables
Name | Description | Value |
---|
Databricks
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Databricks' (required) |
properties | Properties of Databricks | DatabricksProperties |
DatabricksProperties
Name | Description | Value |
---|---|---|
databricksAccessToken | Databricks access token | string |
workspaceUrl | Workspace Url | string |
DataFactory
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataFactory' (required) |
DataLakeAnalytics
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataLakeAnalytics' (required) |
properties | DataLakeAnalyticsSchemaProperties |
DataLakeAnalyticsSchemaProperties
Name | Description | Value |
---|---|---|
dataLakeStoreAccountName | DataLake Store Account Name | string |
Docker
Name | Description | Value |
---|---|---|
privileged | Indicate whether container shall run in privileged or non-privileged mode. | bool |
Endpoint
Name | Description | Value |
---|---|---|
hostIp | Host IP over which the application is exposed from the container | string |
name | Name of the Endpoint | string |
protocol | Protocol over which communication will happen over this endpoint | 'http' 'tcp' 'udp' |
published | Port over which the application is exposed from container. | int |
target | Application port inside the container. | int |
EnvironmentVariable
Name | Description | Value |
---|---|---|
type | Type of the Environment Variable. Possible values are: local - For local variable | 'local' |
value | Value of the Environment variable | string |
HDInsight
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'HDInsight' (required) |
properties | HDInsight compute properties | HDInsightProperties |
HDInsightProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the master node of the cluster. | string |
administratorAccount | Admin credentials for master node of the cluster | VirtualMachineSshCredentials |
sshPort | Port open for ssh connections on the master node of the cluster. | int |
Image
Name | Description | Value |
---|---|---|
reference | Image reference URL | string |
type | Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images | 'azureml' 'docker' |
InstanceResourceSchema
Name | Description | Value |
---|
InstanceResourceSchema
Name | Description | Value |
---|
InstanceTypeSchema
Name | Description | Value |
---|---|---|
nodeSelector | Node Selector | InstanceTypeSchemaNodeSelector |
resources | Resource requests/limits for this instance type | InstanceTypeSchemaResources |
InstanceTypeSchemaNodeSelector
Name | Description | Value |
---|
InstanceTypeSchemaResources
Name | Description | Value |
---|---|---|
limits | Resource limits for this instance type | InstanceResourceSchema |
requests | Resource requests for this instance type | InstanceResourceSchema |
Kubernetes
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Kubernetes' (required) |
properties | Properties of Kubernetes | KubernetesProperties |
KubernetesProperties
Name | Description | Value |
---|---|---|
defaultInstanceType | Default instance type | string |
extensionInstanceReleaseTrain | Extension instance release train. | string |
extensionPrincipalId | Extension principal-id. | string |
instanceTypes | Instance Type Schema | KubernetesPropertiesInstanceTypes |
namespace | Compute namespace | string |
relayConnectionString | Relay connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
serviceBusConnectionString | ServiceBus connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
vcName | VC name. | string |
KubernetesPropertiesInstanceTypes
Name | Description | Value |
---|
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.MachineLearningServices/workspaces/computes
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2022-10-01-preview' |
identity | The identity of the resource. | ManagedServiceIdentity |
location | Specifies the location of the resource. | string |
name | The resource name | string (required) |
properties | Compute properties | Compute |
sku | The sku of the workspace. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.MachineLearningServices/workspaces/computes' |
PersonalComputeInstanceSettings
Name | Description | Value |
---|---|---|
assignedUser | A user explicitly assigned to a personal compute instance. | AssignedUser |
ResourceId
Name | Description | Value |
---|---|---|
id | The ID of the resource | string (required) |
ScaleSettings
Name | Description | Value |
---|---|---|
maxNodeCount | Max number of nodes to use | int (required) |
minNodeCount | Min number of nodes to use | int |
nodeIdleTimeBeforeScaleDown | Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. | string |
ScriptReference
Name | Description | Value |
---|---|---|
scriptArguments | Optional command line arguments passed to the script to run. | string |
scriptData | The location of scripts in the mounted volume. | string |
scriptSource | The storage source of the script: workspace. | string |
timeout | Optional time period passed to timeout command. | string |
ScriptsToExecute
Name | Description | Value |
---|---|---|
creationScript | Script that's run only once during provision of the compute. | ScriptReference |
startupScript | Script that's run every time the machine starts. | ScriptReference |
SetupScripts
Name | Description | Value |
---|---|---|
scripts | Customized setup scripts | ScriptsToExecute |
Sku
Name | Description | Value |
---|---|---|
capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
name | The name of the SKU. Ex - P3. It is typically a letter+number code | string (required) |
size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SslConfiguration
Name | Description | Value |
---|---|---|
cert | Cert data | string Constraints: Sensitive value. Pass in as a secure parameter. |
cname | CNAME of the cert | string |
key | Key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
leafDomainLabel | Leaf domain label of public endpoint | string |
overwriteExistingDomain | Indicates whether to overwrite existing domain label. | bool |
status | Enable or disable ssl for scoring | 'Auto' 'Disabled' 'Enabled' |
SynapseSpark
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'SynapseSpark' (required) |
properties | SynapseSparkProperties |
SynapseSparkProperties
Name | Description | Value |
---|---|---|
autoPauseProperties | Auto pause properties. | AutoPauseProperties |
autoScaleProperties | Auto scale properties. | AutoScaleProperties |
nodeCount | The number of compute nodes currently assigned to the compute. | int |
nodeSize | Node size. | string |
nodeSizeFamily | Node size family. | string |
poolName | Pool name. | string |
resourceGroup | Name of the resource group in which workspace is located. | string |
sparkVersion | Spark version. | string |
subscriptionId | Azure subscription identifier. | string |
workspaceName | Name of Azure Machine Learning workspace. | string |
TmpfsOptions
Name | Description | Value |
---|---|---|
size | Mention the Tmpfs size | int |
UserAccountCredentials
Name | Description | Value |
---|---|---|
adminUserName | Name of the administrator user account which can be used to SSH to nodes. | string (required) |
adminUserPassword | Password of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUserSshPublicKey | SSH public key of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
VirtualMachine
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'VirtualMachine' (required) |
properties | VirtualMachineSchemaProperties |
VirtualMachineImage
Name | Description | Value |
---|---|---|
id | Virtual Machine image path | string (required) |
VirtualMachineSchemaProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the virtual machine. | string |
administratorAccount | Admin credentials for virtual machine | VirtualMachineSshCredentials |
isNotebookInstanceCompute | Indicates whether this compute will be used for running notebooks. | bool |
notebookServerPort | Notebook server port open for ssh connections. | int |
sshPort | Port open for ssh connections. | int |
virtualMachineSize | Virtual Machine size | string |
VirtualMachineSshCredentials
Name | Description | Value |
---|---|---|
password | Password of admin account | string |
privateKeyData | Private key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
publicKeyData | Public key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
username | Username of admin account | string |
VolumeDefinition
Name | Description | Value |
---|---|---|
bind | Bind Options of the mount | BindOptions |
consistency | Consistency of the volume | string |
readOnly | Indicate whether to mount volume as readOnly. Default value for this is false. | bool |
source | Source of the mount. For bind mounts this is the host path. | string |
target | Target of the mount. For bind mounts this is the path in the container. | string |
tmpfs | tmpfs option of the mount | TmpfsOptions |
type | Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe | 'bind' 'npipe' 'tmpfs' 'volume' |
volume | Volume Options of the mount | VolumeOptions |
VolumeOptions
Name | Description | Value |
---|---|---|
nocopy | Indicate whether volume is nocopy | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create a LinkedService in Azure Machine Learning workspace |
This template creates a LinkedService in an existing Azure Machine Learning workspace. |
Create a Machine Learning Service ADLA Compute |
This template creates a Machine Learning Service ADLA Compute. |
Create a Machine Learning Service Aks Compute |
This template creates a Machine Learning Service Aks Compute. |
Create a Machine Learning Service DSVM Compute |
This template creates a Machine Learning Service DSVM Compute. |
Create a Machine Learning Service HDInsight cluster |
This template creates a Machine Learning Service HDInsight cluster |
Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
Create an Azure Machine Learning aks compute |
This template creates an Azure Machine Learning aks compute. |
Create an Azure Machine Learning compute cluster |
This template creates an Azure Machine Learning compute cluster. |
Create an Azure Machine Learning compute instance |
This template creates an Azure Machine Learning compute instance on behalf of another user with a sample inline setup script |
Terraform (AzAPI provider) resource definition
The workspaces/computes resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.MachineLearningServices/workspaces/computes@2022-10-01-preview"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
body = jsonencode({
properties = {
description = "string"
resourceId = "string"
computeType = "string"
// For remaining properties, see Compute objects
}
})
sku = {
capacity = int
family = "string"
name = "string"
size = "string"
tier = "string"
}
tags = {
{customized property} = "string"
}
}
Compute objects
Set the computeType property to specify the type of object.
For AKS, use:
{
computeType = "AKS"
properties = {
agentCount = int
agentVmSize = "string"
aksNetworkingConfiguration = {
dnsServiceIP = "string"
dockerBridgeCidr = "string"
serviceCidr = "string"
subnetId = "string"
}
clusterFqdn = "string"
clusterPurpose = "string"
loadBalancerSubnet = "string"
loadBalancerType = "string"
sslConfiguration = {
cert = "string"
cname = "string"
key = "string"
leafDomainLabel = "string"
overwriteExistingDomain = bool
status = "string"
}
}
}
For AmlCompute, use:
{
computeType = "AmlCompute"
properties = {
enableNodePublicIp = bool
isolatedNetwork = bool
osType = "string"
propertyBag = ?
remoteLoginPortPublicAccess = "string"
scaleSettings = {
maxNodeCount = int
minNodeCount = int
nodeIdleTimeBeforeScaleDown = "string"
}
subnet = {
id = "string"
}
userAccountCredentials = {
adminUserName = "string"
adminUserPassword = "string"
adminUserSshPublicKey = "string"
}
virtualMachineImage = {
id = "string"
}
vmPriority = "string"
vmSize = "string"
}
}
For ComputeInstance, use:
{
computeType = "ComputeInstance"
properties = {
applicationSharingPolicy = "string"
autologgerSettings = {
mlflowAutologger = "string"
}
computeInstanceAuthorizationType = "string"
customServices = [
{
docker = {
privileged = bool
}
endpoints = [
{
hostIp = "string"
name = "string"
protocol = "string"
published = int
target = int
}
]
environmentVariables = {
{customized property} = {
type = "string"
value = "string"
}
}
image = {
reference = "string"
type = "string"
}
name = "string"
volumes = [
{
bind = {
createHostPath = bool
propagation = "string"
selinux = "string"
}
consistency = "string"
readOnly = bool
source = "string"
target = "string"
tmpfs = {
size = int
}
type = "string"
volume = {
nocopy = bool
}
}
]
}
]
enableNodePublicIp = bool
idleTimeBeforeShutdown = "string"
personalComputeInstanceSettings = {
assignedUser = {
objectId = "string"
tenantId = "string"
}
}
setupScripts = {
scripts = {
creationScript = {
scriptArguments = "string"
scriptData = "string"
scriptSource = "string"
timeout = "string"
}
startupScript = {
scriptArguments = "string"
scriptData = "string"
scriptSource = "string"
timeout = "string"
}
}
}
sshSettings = {
adminPublicKey = "string"
sshPublicAccess = "string"
}
subnet = {
id = "string"
}
vmSize = "string"
}
}
For DataFactory, use:
{
computeType = "DataFactory"
}
For DataLakeAnalytics, use:
{
computeType = "DataLakeAnalytics"
properties = {
dataLakeStoreAccountName = "string"
}
}
For Databricks, use:
{
computeType = "Databricks"
properties = {
databricksAccessToken = "string"
workspaceUrl = "string"
}
}
For HDInsight, use:
{
computeType = "HDInsight"
properties = {
address = "string"
administratorAccount = {
password = "string"
privateKeyData = "string"
publicKeyData = "string"
username = "string"
}
sshPort = int
}
}
For Kubernetes, use:
{
computeType = "Kubernetes"
properties = {
defaultInstanceType = "string"
extensionInstanceReleaseTrain = "string"
extensionPrincipalId = "string"
instanceTypes = {
{customized property} = {
nodeSelector = {
{customized property} = "string"
}
resources = {
limits = {
{customized property} = "string"
}
requests = {
{customized property} = "string"
}
}
}
}
namespace = "string"
relayConnectionString = "string"
serviceBusConnectionString = "string"
vcName = "string"
}
}
For SynapseSpark, use:
{
computeType = "SynapseSpark"
properties = {
autoPauseProperties = {
delayInMinutes = int
enabled = bool
}
autoScaleProperties = {
enabled = bool
maxNodeCount = int
minNodeCount = int
}
nodeCount = int
nodeSize = "string"
nodeSizeFamily = "string"
poolName = "string"
resourceGroup = "string"
sparkVersion = "string"
subscriptionId = "string"
workspaceName = "string"
}
}
For VirtualMachine, use:
{
computeType = "VirtualMachine"
properties = {
address = "string"
administratorAccount = {
password = "string"
privateKeyData = "string"
publicKeyData = "string"
username = "string"
}
isNotebookInstanceCompute = bool
notebookServerPort = int
sshPort = int
virtualMachineSize = "string"
}
}
Property values
AKS
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AKS' (required) |
properties | AKS properties | AKSSchemaProperties |
AksNetworkingConfiguration
Name | Description | Value |
---|---|---|
dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
subnetId | Virtual network subnet resource ID the compute nodes belong to | string |
AKSSchemaProperties
Name | Description | Value |
---|---|---|
agentCount | Number of agents | int Constraints: Min value = 0 |
agentVmSize | Agent virtual machine size | string |
aksNetworkingConfiguration | AKS networking configuration for vnet | AksNetworkingConfiguration |
clusterFqdn | Cluster full qualified domain name | string |
clusterPurpose | Intended usage of the cluster | 'DenseProd' 'DevTest' 'FastProd' |
loadBalancerSubnet | Load Balancer Subnet | string |
loadBalancerType | Load Balancer Type | 'InternalLoadBalancer' 'PublicIp' |
sslConfiguration | SSL configuration | SslConfiguration |
AmlCompute
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'AmlCompute' (required) |
properties | Properties of AmlCompute | AmlComputeProperties |
AmlComputeProperties
Name | Description | Value |
---|---|---|
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
isolatedNetwork | Network is isolated or not | bool |
osType | Compute OS Type | 'Linux' 'Windows' |
propertyBag | A property bag containing additional properties. | any |
remoteLoginPortPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. | 'Disabled' 'Enabled' 'NotSpecified' |
scaleSettings | Scale settings for AML Compute | ScaleSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
userAccountCredentials | Credentials for an administrator user account that will be created on each compute node. | UserAccountCredentials |
virtualMachineImage | Virtual Machine image for AML Compute - windows only | VirtualMachineImage |
vmPriority | Virtual Machine priority | 'Dedicated' 'LowPriority' |
vmSize | Virtual Machine Size | string |
AssignedUser
Name | Description | Value |
---|---|---|
objectId | User’s AAD Object Id. | string (required) |
tenantId | User’s AAD Tenant Id. | string (required) |
AutoPauseProperties
Name | Description | Value |
---|---|---|
delayInMinutes | int | |
enabled | bool |
AutoScaleProperties
Name | Description | Value |
---|---|---|
enabled | bool | |
maxNodeCount | int | |
minNodeCount | int |
BindOptions
Name | Description | Value |
---|---|---|
createHostPath | Indicate whether to create host path. | bool |
propagation | Type of Bind Option | string |
selinux | Mention the selinux options. | string |
Compute
Name | Description | Value |
---|---|---|
computeType | Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. | 'AKS' 'AmlCompute' 'ComputeInstance' 'Databricks' 'DataFactory' 'DataLakeAnalytics' 'HDInsight' 'Kubernetes' 'SynapseSpark' 'VirtualMachine' (required) |
description | The description of the Machine Learning compute. | string |
resourceId | ARM resource id of the underlying compute | string |
ComputeInstance
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'ComputeInstance' (required) |
properties | Properties of ComputeInstance | ComputeInstanceProperties |
ComputeInstanceAutologgerSettings
Name | Description | Value |
---|---|---|
mlflowAutologger | Indicates whether mlflow autologger is enabled for notebooks. | 'Disabled' 'Enabled' |
ComputeInstanceProperties
Name | Description | Value |
---|---|---|
applicationSharingPolicy | Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. | 'Personal' 'Shared' |
autologgerSettings | Specifies settings for autologger. | ComputeInstanceAutologgerSettings |
computeInstanceAuthorizationType | The Compute Instance Authorization type. Available values are personal (default). | 'personal' |
customServices | List of Custom Services added to the compute. | CustomService[] |
enableNodePublicIp | Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. | bool |
idleTimeBeforeShutdown | Stops compute instance after user defined period of inactivity. Time is defined in ISO8601 format. Minimum is 15 min, maximum is 3 days. | string |
personalComputeInstanceSettings | Settings for a personal compute instance. | PersonalComputeInstanceSettings |
setupScripts | Details of customized scripts to execute for setting up the cluster. | SetupScripts |
sshSettings | Specifies policy and settings for SSH access. | ComputeInstanceSshSettings |
subnet | Virtual network subnet resource ID the compute nodes belong to. | ResourceId |
vmSize | Virtual Machine Size | string |
ComputeInstanceSshSettings
Name | Description | Value |
---|---|---|
adminPublicKey | Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. | string |
sshPublicAccess | State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. | 'Disabled' 'Enabled' |
ComputeResourceTags
Name | Description | Value |
---|
CustomService
Name | Description | Value |
---|---|---|
docker | Describes the docker settings for the image | Docker |
endpoints | Configuring the endpoints for the container | Endpoint[] |
environmentVariables | Environment Variable for the container | CustomServiceEnvironmentVariables |
image | Describes the Image Specifications | Image |
name | Name of the Custom Service | string |
volumes | Configuring the volumes for the container | VolumeDefinition[] |
CustomServiceEnvironmentVariables
Name | Description | Value |
---|
Databricks
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Databricks' (required) |
properties | Properties of Databricks | DatabricksProperties |
DatabricksProperties
Name | Description | Value |
---|---|---|
databricksAccessToken | Databricks access token | string |
workspaceUrl | Workspace Url | string |
DataFactory
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataFactory' (required) |
DataLakeAnalytics
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'DataLakeAnalytics' (required) |
properties | DataLakeAnalyticsSchemaProperties |
DataLakeAnalyticsSchemaProperties
Name | Description | Value |
---|---|---|
dataLakeStoreAccountName | DataLake Store Account Name | string |
Docker
Name | Description | Value |
---|---|---|
privileged | Indicate whether container shall run in privileged or non-privileged mode. | bool |
Endpoint
Name | Description | Value |
---|---|---|
hostIp | Host IP over which the application is exposed from the container | string |
name | Name of the Endpoint | string |
protocol | Protocol over which communication will happen over this endpoint | 'http' 'tcp' 'udp' |
published | Port over which the application is exposed from container. | int |
target | Application port inside the container. | int |
EnvironmentVariable
Name | Description | Value |
---|---|---|
type | Type of the Environment Variable. Possible values are: local - For local variable | 'local' |
value | Value of the Environment variable | string |
HDInsight
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'HDInsight' (required) |
properties | HDInsight compute properties | HDInsightProperties |
HDInsightProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the master node of the cluster. | string |
administratorAccount | Admin credentials for master node of the cluster | VirtualMachineSshCredentials |
sshPort | Port open for ssh connections on the master node of the cluster. | int |
Image
Name | Description | Value |
---|---|---|
reference | Image reference URL | string |
type | Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images | 'azureml' 'docker' |
InstanceResourceSchema
Name | Description | Value |
---|
InstanceResourceSchema
Name | Description | Value |
---|
InstanceTypeSchema
Name | Description | Value |
---|---|---|
nodeSelector | Node Selector | InstanceTypeSchemaNodeSelector |
resources | Resource requests/limits for this instance type | InstanceTypeSchemaResources |
InstanceTypeSchemaNodeSelector
Name | Description | Value |
---|
InstanceTypeSchemaResources
Name | Description | Value |
---|---|---|
limits | Resource limits for this instance type | InstanceResourceSchema |
requests | Resource requests for this instance type | InstanceResourceSchema |
Kubernetes
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'Kubernetes' (required) |
properties | Properties of Kubernetes | KubernetesProperties |
KubernetesProperties
Name | Description | Value |
---|---|---|
defaultInstanceType | Default instance type | string |
extensionInstanceReleaseTrain | Extension instance release train. | string |
extensionPrincipalId | Extension principal-id. | string |
instanceTypes | Instance Type Schema | KubernetesPropertiesInstanceTypes |
namespace | Compute namespace | string |
relayConnectionString | Relay connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
serviceBusConnectionString | ServiceBus connection string. | string Constraints: Sensitive value. Pass in as a secure parameter. |
vcName | VC name. | string |
KubernetesPropertiesInstanceTypes
Name | Description | Value |
---|
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.MachineLearningServices/workspaces/computes
Name | Description | Value |
---|---|---|
identity | The identity of the resource. | ManagedServiceIdentity |
location | Specifies the location of the resource. | string |
name | The resource name | string (required) |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: workspaces |
properties | Compute properties | Compute |
sku | The sku of the workspace. | Sku |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.MachineLearningServices/workspaces/computes@2022-10-01-preview" |
PersonalComputeInstanceSettings
Name | Description | Value |
---|---|---|
assignedUser | A user explicitly assigned to a personal compute instance. | AssignedUser |
ResourceId
Name | Description | Value |
---|---|---|
id | The ID of the resource | string (required) |
ScaleSettings
Name | Description | Value |
---|---|---|
maxNodeCount | Max number of nodes to use | int (required) |
minNodeCount | Min number of nodes to use | int |
nodeIdleTimeBeforeScaleDown | Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. | string |
ScriptReference
Name | Description | Value |
---|---|---|
scriptArguments | Optional command line arguments passed to the script to run. | string |
scriptData | The location of scripts in the mounted volume. | string |
scriptSource | The storage source of the script: workspace. | string |
timeout | Optional time period passed to timeout command. | string |
ScriptsToExecute
Name | Description | Value |
---|---|---|
creationScript | Script that's run only once during provision of the compute. | ScriptReference |
startupScript | Script that's run every time the machine starts. | ScriptReference |
SetupScripts
Name | Description | Value |
---|---|---|
scripts | Customized setup scripts | ScriptsToExecute |
Sku
Name | Description | Value |
---|---|---|
capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
name | The name of the SKU. Ex - P3. It is typically a letter+number code | string (required) |
size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SslConfiguration
Name | Description | Value |
---|---|---|
cert | Cert data | string Constraints: Sensitive value. Pass in as a secure parameter. |
cname | CNAME of the cert | string |
key | Key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
leafDomainLabel | Leaf domain label of public endpoint | string |
overwriteExistingDomain | Indicates whether to overwrite existing domain label. | bool |
status | Enable or disable ssl for scoring | 'Auto' 'Disabled' 'Enabled' |
SynapseSpark
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'SynapseSpark' (required) |
properties | SynapseSparkProperties |
SynapseSparkProperties
Name | Description | Value |
---|---|---|
autoPauseProperties | Auto pause properties. | AutoPauseProperties |
autoScaleProperties | Auto scale properties. | AutoScaleProperties |
nodeCount | The number of compute nodes currently assigned to the compute. | int |
nodeSize | Node size. | string |
nodeSizeFamily | Node size family. | string |
poolName | Pool name. | string |
resourceGroup | Name of the resource group in which workspace is located. | string |
sparkVersion | Spark version. | string |
subscriptionId | Azure subscription identifier. | string |
workspaceName | Name of Azure Machine Learning workspace. | string |
TmpfsOptions
Name | Description | Value |
---|---|---|
size | Mention the Tmpfs size | int |
UserAccountCredentials
Name | Description | Value |
---|---|---|
adminUserName | Name of the administrator user account which can be used to SSH to nodes. | string (required) |
adminUserPassword | Password of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUserSshPublicKey | SSH public key of the administrator user account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
VirtualMachine
Name | Description | Value |
---|---|---|
computeType | The type of compute | 'VirtualMachine' (required) |
properties | VirtualMachineSchemaProperties |
VirtualMachineImage
Name | Description | Value |
---|---|---|
id | Virtual Machine image path | string (required) |
VirtualMachineSchemaProperties
Name | Description | Value |
---|---|---|
address | Public IP address of the virtual machine. | string |
administratorAccount | Admin credentials for virtual machine | VirtualMachineSshCredentials |
isNotebookInstanceCompute | Indicates whether this compute will be used for running notebooks. | bool |
notebookServerPort | Notebook server port open for ssh connections. | int |
sshPort | Port open for ssh connections. | int |
virtualMachineSize | Virtual Machine size | string |
VirtualMachineSshCredentials
Name | Description | Value |
---|---|---|
password | Password of admin account | string |
privateKeyData | Private key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
publicKeyData | Public key data | string Constraints: Sensitive value. Pass in as a secure parameter. |
username | Username of admin account | string |
VolumeDefinition
Name | Description | Value |
---|---|---|
bind | Bind Options of the mount | BindOptions |
consistency | Consistency of the volume | string |
readOnly | Indicate whether to mount volume as readOnly. Default value for this is false. | bool |
source | Source of the mount. For bind mounts this is the host path. | string |
target | Target of the mount. For bind mounts this is the path in the container. | string |
tmpfs | tmpfs option of the mount | TmpfsOptions |
type | Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe | 'bind' 'npipe' 'tmpfs' 'volume' |
volume | Volume Options of the mount | VolumeOptions |
VolumeOptions
Name | Description | Value |
---|---|---|
nocopy | Indicate whether volume is nocopy | bool |