Play 02
AI Landing Zone
Foundation✅ Ready
Foundational Azure infrastructure for AI workloads — networking, identity, governance.
Deploy the foundational infrastructure every AI workload needs. VNet with private endpoints keeps traffic off the public internet, Managed Identity eliminates secrets, RBAC locks down access, and Key Vault stores what must be stored. This is Play 0 — run it before anything else.
Architecture Pattern
Hub-spoke landing zone, private endpoints, RBAC governance
Azure Services
VNet + Private EndpointsRBAC + Managed IdentityKey VaultGPU Quota Management
DevKit (.github Agentic OS)
- agent.md — infra provisioning assistant
- instructions.md — deployment checklist, security
- copilot-instructions.md — Bicep generation
- mcp/index.js — validate_networking, check_rbac plugins
TuneKit (AI Config)
- config/landing-zone.json — VNet CIDR, subnets, SKUs, GPU quota
- infra/main.bicep — full Bicep template
- infra/parameters.json — region, environment, GPU toggle
Tuning Parameters
VNet CIDR rangeSubnet configurationService SKUsGPU quotaRegion selection
Estimated Cost
Dev/Test
$10–50/mo
Production
Included in dependent services