microsoft/infrastructure
.github/skills/infrastructure/SKILL.md
Deploy and manage Azure infrastructure for the Physical AI Toolchain including Terraform IaC, Kubernetes setup, GPU configuration, and network topology
$ install --global
skillsauthnpx skillsauth add microsoft/physical-ai-toolchain infrastructureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 11:28 AM6.4s1 file scanned
SKILL.md
- name:
- infrastructure
- description:
- Deploy and manage Azure infrastructure for the Physical AI Toolchain including Terraform IaC, Kubernetes setup, GPU configuration, and network topology
Infrastructure Skill
Deploy and manage Azure cloud infrastructure for the Physical AI Toolchain — Terraform IaC, AKS cluster configuration, GPU node pools, and network topology.
Prerequisites
| Tool | Requirement |
|------|-------------|
| Azure CLI | az login authenticated |
| Terraform | 1.5+ |
| kubectl | Matching cluster version |
| Helm | 3.x |
| shellcheck | For script validation |
Deployment Workflow
Follow these steps in order for a complete deployment.
Step 1 — Initialize Azure subscription
source infrastructure/terraform/prerequisites/az-sub-init.sh
Exports ARM_SUBSCRIPTION_ID and validates Azure CLI authentication.
Step 2 — Configure Terraform variables
cd infrastructure/terraform
cp terraform.tfvars.example terraform.tfvars
Edit terraform.tfvars with environment-specific values. Example configurations are in infrastructure/examples/:
| File | Scenario |
|------|----------|
| terraform.tfvars.dev | Single spot GPU pool, public networking |
| terraform.tfvars.prod | Multiple GPU pools, full private networking, HA |
| terraform.tfvars.hybrid | Private data services, public AKS API server |
Step 3 — Provision infrastructure
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
Step 4 — Deploy VPN (private clusters only)
Required when should_enable_private_aks_cluster = true:
cd infrastructure/terraform/vpn
terraform init && terraform apply
Step 5 — Connect to cluster
az aks get-credentials --resource-group <rg> --name <aks>
kubectl cluster-info
Step 6 — Run setup scripts
cd infrastructure/setup
./01-deploy-robotics-charts.sh
./02-deploy-azureml-extension.sh
./03-deploy-osmo-control-plane.sh
./04-deploy-osmo-backend.sh
Scripts must run in numeric order. Each supports --config-preview for dry-run output.
Network Mode Selection
Three network modes control connectivity and security:
| Mode | should_enable_private_endpoint | should_enable_private_aks_cluster | VPN Required |
|------|----------------------------------|-------------------------------------|--------------|
| Full Private | true | true | Yes |
| Hybrid | true | false | No |
| Full Public | false | false | No |
Full Private is the default and recommended for production. Hybrid mode allows kubectl access without VPN while keeping data services private.
Common Operations
Plan changes
cd infrastructure/terraform
terraform plan -var-file=terraform.tfvars
Apply changes
terraform apply -var-file=terraform.tfvars
Destroy infrastructure
terraform destroy -var-file=terraform.tfvars
VPN setup
cd infrastructure/terraform/vpn
terraform init && terraform apply
DNS configuration
cd infrastructure/terraform/dns
terraform init && terraform apply
Validate setup scripts
shellcheck infrastructure/setup/01-deploy-robotics-charts.sh
infrastructure/setup/01-deploy-robotics-charts.sh --config-preview
Check Terraform formatting
terraform fmt -check -recursive infrastructure/terraform/
Directory Structure
infrastructure/
├── terraform/ # Infrastructure as Code
│ ├── main.tf # Module composition
│ ├── variables.tf # Input variables
│ ├── outputs.tf # Output values
│ ├── versions.tf # Provider requirements
│ ├── terraform.tfvars.example # Example configuration
│ ├── prerequisites/ # Azure subscription setup
│ ├── modules/ # Terraform modules
│ ├── vpn/ # Standalone VPN deployment
│ ├── automation/ # Standalone automation deployment
│ └── dns/ # Standalone DNS deployment
├── setup/ # Post-deploy cluster configuration
│ ├── 01-deploy-robotics-charts.sh # GPU Operator, KAI Scheduler
│ ├── 02-deploy-azureml-extension.sh # AzureML K8s extension
│ ├── 03-deploy-osmo-control-plane.sh# OSMO control plane
│ ├── 04-deploy-osmo-backend.sh # OSMO backend services
│ ├── defaults.conf # Central version and namespace config
│ └── lib/ # Shared shell libraries
├── specifications/ # Domain specification documents
└── examples/ # Example tfvars configurations
GPU Configuration Reference
| GPU | VM SKU | Driver Source | gpu_driver | MIG Strategy |
|-----|--------|--------------|--------------|--------------|
| A10 | Standard_NV36ads_A10_v5 | AKS-managed | Install | N/A |
| RTX PRO 6000 | Standard_NC128ds_xl_RTXPRO6000BSE_v6 | GRID DaemonSet | None | single |
| H100 | Standard_NC40ads_H100_v5 | GPU Operator | None | Disabled |
RTX PRO 6000 nodes require nvidia.com/gpu.deploy.driver=false label to prevent GPU Operator driver conflicts.
Documentation
| Guide | Description | |-------|-------------| | Infrastructure README | Domain overview and quick start | | Terraform README | Terraform configuration reference | | Setup README | Setup script reference | | Infrastructure Deployment | Full deployment walkthrough | | GPU Configuration | Detailed GPU driver and operator reference |
Related Skills
microsoft/synthetic-data
devops
VerifiedTrustedCommunity
Generate synthetic training data using NVIDIA Cosmos world foundation models for SDG pipelines
39SKILL.mdUpdated Apr 15, 2026
microsoft/osmo-lerobot-training
tools
VerifiedTrustedCommunity
Submit, monitor, analyze, and evaluate LeRobot imitation learning training jobs on OSMO with Azure ML MLflow integration and inference evaluation - Brought to you by microsoft/physical-ai-toolchain
39SKILL.mdUpdated Apr 15, 2026
microsoft/fleet-intelligence
devops
VerifiedTrustedCommunity
Monitor robot fleet telemetry via Azure IoT Operations, drift detection, Grafana dashboards, and Fabric analytics
39SKILL.mdUpdated Apr 15, 2026
microsoft/fleet-deployment
tools
VerifiedTrustedCommunity
Deploy trained robot policies to edge fleets via FluxCD GitOps, image automation, and deployment gating
39SKILL.mdUpdated Apr 15, 2026