Deploy the Agent Governance Toolkit on Azure Container Apps for serverless, scale-to-zero agent governance.
See also: Deployment Overview | AKS Deployment | Foundry Integration
- Architecture
- Prerequisites
- Environment Setup
- Deploy the Governance Sidecar
- Configure Policies
- Monitoring
- Scaling Configuration
- Comparison with AKS
Azure Container Apps runs the governance toolkit as a sidecar container alongside your agent container within a Container Apps Environment. Both containers share a network namespace and communicate over localhost.
┌─────────────────────────────────────────────────────┐
│ Container Apps Environment │
│ │
│ ┌────────────────────────────────────────────────┐ │
│ │ Container App │ │
│ │ ┌──────────────────┐ ┌────────────────────┐ │ │
│ │ │ Agent Container │ │ Governance │ │ │
│ │ │ │ │ Sidecar │ │ │
│ │ │ Your AI agent │ │ agent-os + │ │ │
│ │ │ (any framework) │ │ agentmesh + │ │ │
│ │ │ │ │ agent-sre │ │ │
│ │ │ localhost:8080 ──────► localhost:8081 │ │ │
│ │ └──────────────────┘ └────────────────────┘ │ │
│ └────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Key Vault │ │ Log Analytics│ │ Container │ │
│ │ │ │ Workspace │ │ Registry │ │
│ └─────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────┘
- Azure CLI 2.60+ with the
containerappextension - An Azure Container Registry (ACR) or access to a container registry
- Docker (for building images locally)
# Install/update the Container Apps extension
az extension add --name containerapp --upgrade
az provider register --namespace Microsoft.App
az provider register --namespace Microsoft.OperationalInsightsRESOURCE_GROUP="rg-agent-governance"
LOCATION="eastus"
ENVIRONMENT="agent-gov-env"
REGISTRY="agentgovregistry"
# Resource group
az group create --name $RESOURCE_GROUP --location $LOCATION
# Container registry
az acr create --name $REGISTRY --resource-group $RESOURCE_GROUP --sku Basic --admin-enabled true
# Log Analytics workspace (for governance metrics)
az monitor log-analytics workspace create \
--resource-group $RESOURCE_GROUP \
--workspace-name agent-gov-logs
LOG_ANALYTICS_ID=$(az monitor log-analytics workspace show \
--resource-group $RESOURCE_GROUP \
--workspace-name agent-gov-logs \
--query customerId -o tsv)
LOG_ANALYTICS_KEY=$(az monitor log-analytics workspace get-shared-keys \
--resource-group $RESOURCE_GROUP \
--workspace-name agent-gov-logs \
--query primarySharedKey -o tsv)
# Container Apps environment
az containerapp env create \
--name $ENVIRONMENT \
--resource-group $RESOURCE_GROUP \
--logs-workspace-id $LOG_ANALYTICS_ID \
--logs-workspace-key $LOG_ANALYTICS_KEY \
--location $LOCATION# From the repo root
cd packages/agent-os
# Build the governance sidecar image
docker build -t $REGISTRY.azurecr.io/agent-governance-sidecar:latest .
# Push to ACR
az acr login --name $REGISTRY
docker push $REGISTRY.azurecr.io/agent-governance-sidecar:latestAzure Container Apps supports sidecar containers natively. The governance toolkit runs as a sidecar alongside your agent.
az containerapp create \
--name my-governed-agent \
--resource-group $RESOURCE_GROUP \
--environment $ENVIRONMENT \
--image your-registry.azurecr.io/your-agent:latest \
--target-port 8080 \
--ingress external \
--min-replicas 0 \
--max-replicas 10 \
--registry-server $REGISTRY.azurecr.io \
--yaml container-app.yamlcontainer-app.yaml:
properties:
configuration:
ingress:
external: true
targetPort: 8080
registries:
- server: agentgovregistry.azurecr.io
identity: system
template:
containers:
# Primary: Your AI agent
- name: agent
image: agentgovregistry.azurecr.io/your-agent:latest
resources:
cpu: 1.0
memory: 2Gi
env:
- name: GOVERNANCE_ENDPOINT
value: http://localhost:8081
- name: AGENT_ID
value: my-agent-001
# Sidecar: Governance toolkit
- name: governance-sidecar
image: agentgovregistry.azurecr.io/agent-governance-sidecar:latest
resources:
cpu: 0.25
memory: 0.5Gi
env:
- name: POLICY_DIR
value: /policies
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://localhost:4318
- name: TRUST_SCORE_THRESHOLD
value: "0.6"
- name: RATE_LIMIT_PER_MINUTE
value: "100"
volumeMounts:
- volumeName: policy-volume
mountPath: /policies
scale:
minReplicas: 0
maxReplicas: 10
rules:
- name: http-rule
http:
metadata:
concurrentRequests: "50"
volumes:
- name: policy-volume
storageType: AzureFile
storageName: policy-shareStore governance policies in Azure Files and mount them into the sidecar:
# Create storage account and file share
az storage account create \
--name agentgovpolicies \
--resource-group $RESOURCE_GROUP \
--sku Standard_LRS
az storage share create \
--name policies \
--account-name agentgovpolicies
# Upload your policy files
az storage file upload-batch \
--destination policies \
--source ./policies/ \
--account-name agentgovpolicies
# Link storage to Container Apps environment
az containerapp env storage set \
--name $ENVIRONMENT \
--resource-group $RESOURCE_GROUP \
--storage-name policy-share \
--azure-file-account-name agentgovpolicies \
--azure-file-account-key $(az storage account keys list --account-name agentgovpolicies --query '[0].value' -o tsv) \
--azure-file-share-name policies \
--access-mode ReadOnlyversion: "1.0"
policies:
- name: rate-limit
type: rate_limit
max_calls: 100
window: 1m
- name: read-only
type: capability
allowed_actions:
- "read_*"
- "search_*"
- "list_*"
denied_actions:
- "delete_*"
- "write_production_*"
- name: content-safety
type: pattern
blocked_patterns:
- "ignore previous instructions"
- "DROP TABLE"
- "rm -rf"The sidecar exports OpenTelemetry metrics to the Container Apps environment's Log Analytics workspace automatically.
Query governance events:
ContainerAppConsoleLogs_CL
| where ContainerName_s == "governance-sidecar"
| where Log_s contains "policy_decision"
| project TimeGenerated, Log_s
| order by TimeGenerated desc
| take 100Query policy violations:
ContainerAppConsoleLogs_CL
| where ContainerName_s == "governance-sidecar"
| where Log_s contains "DENIED"
| summarize ViolationCount = count() by bin(TimeGenerated, 1h)
| render timechartContainer Apps scales both the agent and governance sidecar together. Key scaling considerations:
| Setting | Recommendation | Notes |
|---|---|---|
minReplicas |
0 for dev, 2 for prod |
Scale-to-zero saves cost in dev |
maxReplicas |
Based on load | Each replica includes both containers |
| Sidecar CPU | 0.25 cores |
Governance adds < 0.1ms p99 latency |
| Sidecar Memory | 512Mi |
Sufficient for policy engine + trust scoring |
| Capability | Container Apps | AKS |
|---|---|---|
| Operational complexity | Low (serverless) | Higher (cluster management) |
| Scale-to-zero | ✅ Native | ❌ Requires KEDA |
| Helm chart support | ❌ YAML only | ✅ Full Helm |
| Custom networking | Limited | Full VNet control |
| Multi-agent mesh | Basic | ✅ Full AgentMesh with IATP |
| Best for | Single agents, prototyping | Production multi-agent systems |
For production multi-agent systems with full AgentMesh identity and IATP, we recommend AKS deployment.
- Configure governance policies
- Set up AgentMesh identity
- Enable SLO monitoring
- AKS deployment for production multi-agent scenarios