Skip to content

Add Bicep for Coboagent #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
guming-learning wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add Bicep for Coboagent #33

guming-learning wants to merge 4 commits into from

Conversation

@guming-learning
Copy link
Collaborator

@guming-learning guming-learning commented Dec 11, 2025

Purpose

  • Add support for container-based agent deployment (COBO agents) in Azure Container Apps as an alternative to hosted agents
  • Introduce infrastructure modules for deploying containerized agents with Azure Container Apps, including environment setup, authentication, and role-based access control
  • Enable users to deploy AI agents in containers with managed identities, ACR integration, and secure access to AI Foundry services
  • Provide reusable Bicep modules for Container Apps infrastructure that can be used across different agent scenarios

Does this introduce a breaking change?

[ ] Yes
[x] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[x] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

  • Get the code
git clone https://github.com/Azure-Samples/azd-ai-starter-basic.git
cd azd-ai-starter-basic
git checkout coboagent
  • Test the code
# Deploy with container agents enabled
azd env set ENABLE_CONTAINER_AGENTS true
azd up

# Verify the Container Apps environment and agent are created
az containerapp list --resource-group <your-rg-name>

What to Check

Verify that the following are valid

  • New Bicep module infra/core/ai/cobo-agent.bicep properly deploys Container Apps environment and agent container
  • Container App authentication is configured with managed identity when enableContainerAgents parameter is true
  • User-assigned managed identity is created and granted appropriate ACR pull and Azure AI User roles
  • Container Apps environment module (container-apps-environment.bicep) is reusable for other scenarios
  • Generic Container App module (container-app.bicep) supports authentication, Dapr, scaling, and managed identity configurations
  • Role assignment modules properly grant Container Apps Contributor and ACR pull permissions
  • Main infrastructure (main.bicep) conditionally deploys container agent resources based on enableContainerAgents parameter
  • ACR dependency is automatically added when either hosted or container agents are enabled
  • New outputs (COBO_ACA_IDENTITY_PRINCIPAL_ID, SERVICE_API_RESOURCE_ID, AZURE_AI_PROJECT_PRINCIPAL_ID) are available for post-deployment configuration

Other Information

Key Implementation Details:

  • Uses user-assigned managed identity instead of system-assigned to avoid 60+ second ACR role propagation delays during deployment
  • Container Apps authentication is pre-configured but can be disabled via parameter
  • Supports flexible container configuration including CPU/memory allocation, scaling rules, and environment variables
  • Role assignments ensure secure communication between AI Foundry Project and Container App
  • Infrastructure is opt-in via ENABLE_CONTAINER_AGENTS environment variable (defaults to false for backward compatibility)

New Infrastructure Components:

  1. cobo-agent.bicep - Orchestrates the COBO agent deployment with all dependencies
  2. container-app.bicep - Reusable module for deploying Container Apps with various configurations
  3. container-apps-environment.bicep - Creates the managed environment for Container Apps
  4. container-app-role.bicep - Assigns roles to Container Apps resources
  5. registry-access.bicep - Grants ACR pull access to managed identities

Changes Summary:

  • 8 files changed, 373 insertions(+), 1 deletion(-)
  • Added 5 new Bicep infrastructure modules
  • Modified main.bicep to support container agent deployment
  • Updated main.parameters.json with new enableContainerAgents parameter
  • Enhanced ai-project.bicep to output project principal ID for authentication

JeffreyCA
JeffreyCA reviewed Dec 11, 2025
View reviewed changes
infra/core/ai/cobo-agent.bicep Outdated
param tags object = {}

param containerRegistryName string
param serviceName string = 'cobo-agent'
Copy link

@JeffreyCA JeffreyCA Dec 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to set this value to match what's in azure.yaml for ACA deployment to work:

Image

We may need to map this from an env var in main.parameters.json and set it during preprovision in the extension

Copy link
Collaborator Author

@guming-learning guming-learning Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed . But where is this azure.yaml? I don't see it in the repo

Copy link

@JeffreyCA JeffreyCA Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a base version https://github.com/Azure-Samples/azd-ai-starter-basic/blob/coboagent/azure.yaml, it's updated during azd ai agent init

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@JeffreyCA JeffreyCA JeffreyCA left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guming-learning @JeffreyCA