Add infra and deployed example

Author: pamelafox

agents/agentframework_http.py

@@ -26,7 +26,7 @@
 load_dotenv(override=True)
 
 # Constants
-MCP_SERVER_URL = "http://localhost:8000/mcp/"
+MCP_SERVER_URL = os.getenv("MCP_SERVER_URL", "http://localhost:8000/mcp/")
 
 # Configure chat client based on API_HOST
 API_HOST = os.getenv("API_HOST", "github")

agents/langchainv1_http.py

@@ -25,16 +25,15 @@
 load_dotenv(override=True)
 
 # Constants
-MCP_SERVER_URL = "http://localhost:8000/mcp/"
-AZURE_COGNITIVE_SERVICES_SCOPE = "https://cognitiveservices.azure.com/.default"
+MCP_SERVER_URL = os.getenv("MCP_SERVER_URL", "http://localhost:8000/mcp/")
 
 # Configure language model based on API_HOST
 API_HOST = os.getenv("API_HOST", "github")
 
 if API_HOST == "azure":
     token_provider = azure.identity.get_bearer_token_provider(
         azure.identity.DefaultAzureCredential(),
-        AZURE_COGNITIVE_SERVICES_SCOPE
+        "https://cognitiveservices.azure.com/.default"
     )
     base_model = ChatOpenAI(
         model=os.environ.get("AZURE_OPENAI_CHAT_DEPLOYMENT"),

azure.yaml

@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+
+name: python-mcp-demo
+metadata:
+  template: [email protected]
+services:
+  # Not using remoteBuild due to private endpoint usage
+  aca:
+    project: .
+    language: docker
+    host: containerapp
+    docker:
+      path: ./servers/Dockerfile
+      context: .
+hooks:
+  postprovision:
+    posix:
+      shell: sh
+      run: ./infra/write_env.sh
+      continueOnError: true

infra/aca.bicep

@@ -0,0 +1,71 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param identityName string
+param containerAppsEnvironmentName string
+param containerRegistryName string
+param serviceName string = 'aca'
+param exists bool
+param openAiDeploymentName string
+param openAiEndpoint string
+param cosmosDbAccount string
+param cosmosDbDatabase string
+param cosmosDbContainer string
+
+resource acaIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: identityName
+  location: location
+}
+
+
+module app 'core/host/container-app-upsert.bicep' = {
+  name: '${serviceName}-container-app-module'
+  params: {
+    name: name
+    location: location
+    tags: union(tags, { 'azd-service-name': serviceName })
+    identityName: acaIdentity.name
+    exists: exists
+    containerAppsEnvironmentName: containerAppsEnvironmentName
+    containerRegistryName: containerRegistryName
+    ingressEnabled: true
+    env: [
+      {
+        name: 'AZURE_OPENAI_CHAT_DEPLOYMENT'
+        value: openAiDeploymentName
+      }
+      {
+        name: 'AZURE_OPENAI_ENDPOINT'
+        value: openAiEndpoint
+      }
+      {
+        name: 'RUNNING_IN_PRODUCTION'
+        value: 'true'
+      }
+      {
+        name: 'AZURE_CLIENT_ID'
+        value: acaIdentity.properties.clientId
+      }
+      {
+        name: 'AZURE_COSMOSDB_ACCOUNT'
+        value: cosmosDbAccount
+      }
+      {
+        name: 'AZURE_COSMOSDB_DATABASE'
+        value: cosmosDbDatabase
+      }
+      {
+        name: 'AZURE_COSMOSDB_CONTAINER'
+        value: cosmosDbContainer
+      }
+    ]
+    targetPort: 8000
+  }
+}
+
+output identityPrincipalId string = acaIdentity.properties.principalId
+output name string = app.outputs.name
+output hostName string = app.outputs.hostName
+output uri string = app.outputs.uri
+output imageName string = app.outputs.imageName

infra/core/ai/cognitiveservices.bicep

@@ -0,0 +1,44 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+    model: deployment.model
+    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+  }
+  sku: contains(deployment, 'sku') ? deployment.sku : {
+    name: 'Standard'
+    capacity: 20
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name
+output location string = account.location
+output skuName string = account.sku.name
+output key string = account.listKeys().key1

infra/core/host/container-app-upsert.bicep

@@ -0,0 +1,82 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containerAppsEnvironmentName string
+param containerName string = 'main'
+param containerRegistryName string
+
+@description('Minimum number of replicas to run')
+@minValue(1)
+param containerMinReplicas int = 1
+@description('Maximum number of replicas to run')
+@minValue(1)
+param containerMaxReplicas int = 10
+
+param secrets array = []
+param env array = []
+param external bool = true
+param targetPort int = 80
+param exists bool
+
+@description('User assigned identity name')
+param identityName string
+
+@description('Enabled Ingress for container app')
+param ingressEnabled bool = true
+
+// Dapr Options
+@description('Enable Dapr')
+param daprEnabled bool = false
+@description('Dapr app ID')
+param daprAppId string = containerName
+@allowed([ 'http', 'grpc' ])
+@description('Protocol used by Dapr to connect to the app, e.g. http or grpc')
+param daprAppProtocol string = 'http'
+
+@description('CPU cores allocated to a single container instance, e.g. 0.5')
+param containerCpuCoreCount string = '0.5'
+
+@description('Memory allocated to a single container instance, e.g. 1Gi')
+param containerMemory string = '1.0Gi'
+
+@description('Workload profile name to use for the container app when using private ingress')
+param workloadProfileName string = 'Warm'
+
+resource existingApp 'Microsoft.App/containerApps@2022-03-01' existing = if (exists) {
+  name: name
+}
+
+module app 'container-app.bicep' = {
+  name: '${deployment().name}-update'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    identityName: identityName
+    ingressEnabled: ingressEnabled
+    containerName: containerName
+    containerAppsEnvironmentName: containerAppsEnvironmentName
+    containerRegistryName: containerRegistryName
+    containerCpuCoreCount: containerCpuCoreCount
+    containerMemory: containerMemory
+    containerMinReplicas: containerMinReplicas
+    containerMaxReplicas: containerMaxReplicas
+    daprEnabled: daprEnabled
+    daprAppId: daprAppId
+    daprAppProtocol: daprAppProtocol
+    secrets: secrets
+    external: external
+    env: env
+    imageName: exists ? existingApp.properties.template.containers[0].image : ''
+    targetPort: targetPort
+    // Pass workload profile name parameter
+    workloadProfileName: workloadProfileName
+  }
+}
+
+output defaultDomain string = app.outputs.defaultDomain
+output imageName string = app.outputs.imageName
+output name string = app.outputs.name
+output hostName string = app.outputs.hostName
+output uri string = app.outputs.uri

infra/core/host/container-app.bicep

@@ -0,0 +1,127 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containerAppsEnvironmentName string
+param containerName string = 'main'
+param containerRegistryName string
+
+@description('Minimum number of replicas to run')
+@minValue(1)
+param containerMinReplicas int = 1
+@description('Maximum number of replicas to run')
+@minValue(1)
+param containerMaxReplicas int = 10
+
+param secrets array = []
+param env array = []
+param external bool = true
+param imageName string
+param targetPort int = 80
+
+@description('User assigned identity name')
+param identityName string
+
+@description('Enabled Ingress for container app')
+param ingressEnabled bool = true
+
+// Dapr Options
+@description('Enable Dapr')
+param daprEnabled bool = false
+@description('Dapr app ID')
+param daprAppId string = containerName
+@allowed([ 'http', 'grpc' ])
+@description('Protocol used by Dapr to connect to the app, e.g. http or grpc')
+param daprAppProtocol string = 'http'
+
+@description('CPU cores allocated to a single container instance, e.g. 0.5')
+param containerCpuCoreCount string = '0.5'
+
+@description('Memory allocated to a single container instance, e.g. 1Gi')
+param containerMemory string = '1.0Gi'
+
+@description('Workload profile name to use for the container app when using private ingress')
+param workloadProfileName string = 'Warm'
+
+resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
+  name: identityName
+}
+
+module containerRegistryAccess '../security/registry-access.bicep' = {
+  name: '${deployment().name}-registry-access'
+  params: {
+    containerRegistryName: containerRegistryName
+    principalId: userIdentity.properties.principalId
+  }
+}
+
+resource app 'Microsoft.App/containerApps@2025-01-01' = {
+  name: name
+  location: location
+  tags: tags
+  // It is critical that the identity is granted ACR pull access before the app is created
+  // otherwise the container app will throw a provision error
+  // This also forces us to use an user assigned managed identity since there would no way to
+  // provide the system assigned identity with the ACR pull access before the app is created
+  dependsOn: [ containerRegistryAccess ]
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: { '${userIdentity.id}': {} }
+  }
+  properties: {
+    managedEnvironmentId: containerAppsEnvironment.id
+    configuration: {
+      activeRevisionsMode: 'single'
+      ingress: ingressEnabled ? {
+        external: external
+        targetPort: targetPort
+        transport: 'auto'
+      } : null
+      dapr: daprEnabled ? {
+        enabled: true
+        appId: daprAppId
+        appProtocol: daprAppProtocol
+        appPort: ingressEnabled ? targetPort : 0
+      } : { enabled: false }
+      secrets: secrets
+      registries: [
+        {
+          server: '${containerRegistry.name}.azurecr.io'
+          identity: userIdentity.id
+        }
+      ]
+    }
+    template: {
+      containers: [
+        {
+          image: !empty(imageName) ? imageName : 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+          name: containerName
+          env: env
+          resources: {
+            cpu: json(containerCpuCoreCount)
+            memory: containerMemory
+          }
+        }
+      ]
+      scale: {
+        minReplicas: containerMinReplicas
+        maxReplicas: containerMaxReplicas
+      }
+    }
+  }
+}
+
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' existing = {
+  name: containerAppsEnvironmentName
+}
+
+// 2022-02-01-preview needed for anonymousPullEnabled
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = {
+  name: containerRegistryName
+}
+
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output imageName string = imageName
+output name string = app.name
+output hostName string = app.properties.configuration.ingress.fqdn
+output uri string = ingressEnabled ? 'https://${app.properties.configuration.ingress.fqdn}' : ''