This template, the application code and configuration it contains, has been built to showcase Microsoft Azure specific services and tools. We strongly advise our customers not to make this code part of their production environments without implementing or enabling additional security features. See Security Guidelines for more information on how to secure your deployment.

• Application base language: Go (1.24+)
• Authentication: Microsoft Entra ID (formerly Azure AD)
• API Integration: Azure AI Foundry Services with DeepSeek-R1 model
• Infrastructure:
  • Azure Container Apps for hosting
  • Azure Container Registry for image storage
  • Azure AI Services for DeepSeek-R1 model deployment
  • Azure Log Analytics for monitoring
  • Quick deployment with the azd CLI (approximately 5 minutes)
• IaC: Bicep for infrastructure deployment
• Web Interface: HTML/CSS with vanilla JavaScript

The application follows a simple, maintainable structure:

• HTTP server with dedicated endpoints for chat and health monitoring
• Service-based architecture with handler pattern
• Token-based authentication for Azure AI Services
• Concurrency control with mutex to prevent API flooding

The project uses Azure Bicep for infrastructure deployment, with key components:

• Azure Container Registry for image management
• Azure Container Apps for containerized application hosting
• Azure AI Services for DeepSeek-R1 model deployment
• Microsoft Entra ID integration for authentication
• Azure Log Analytics for monitoring and diagnostics

• Microsoft Entra ID application registration for authentication
• Token-based access to Azure AI Services
• Concurrency control to prevent API abuse
• Configurable rate limiting

This repository is configured for immediate development in GitHub Codespaces:

1. Click the "Open in GitHub Codespaces" button at the top of this README
2. Wait for the devcontainer to build and initialize
3. Copy .env.example to .env and update with your Azure credentials
4. Run the application with go run src/main.go

The application will be available on port 3000, which is automatically forwarded by Codespaces.

Once you've opened the project in Codespaces, in Dev Containers, or locally, you can deploy it to Azure.

1. Sign up for a free Azure account and create an Azure Subscription.

2. Request access to Azure OpenAI Service by completing the form at https://aka.ms/oai/access and awaiting approval.

3. Check that you have the necessary permissions:

   • Your Azure account must have Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group.
   • Your Azure account also needs Microsoft.Resources/deployments/write permissions on the subscription level.

1. Login to Azure:

   azd auth login

2. Provision and deploy all the resources:

   azd up

   It will prompt you to provide an azd environment name (like "chat-app"), select a subscription from your Azure account, and select a location where DeepSeek-R1 is available (like "westus"). Then it will provision the resources in your account and deploy the latest code. If you get an error or timeout with deployment, changing the location can help, as there may be availability constraints for the Azure AI resource.

3. When azd has finished deploying, you'll see an endpoint URI in the command output. Visit that URI, and you should see the chat app! 🎉

4. Remember to take down your app once you're no longer using it, either by deleting the resource group in the Portal or running this command:

   azd down --purge

• Go v1.24 or later
• Docker
• Azure Developer CLI (azd) v1.13 or later (support for docker as a language in the azure.yaml is required)
• Azure subscription with permissions to create resources

1. Clone the repository:

   git clone https://github.com/Azure-Samples/deepseek-go
   cd deepseek-go
   cd src

2. Create a .env file inside the src directory with required configuration:

   📝 You can copy the .env.example file and fill in your values. To acquire the following values, after using azd to deploy the application, run the following command in your terminal: azd env get-values | grep "AZURE_INFERENCE_ENDPOINT" && azd env get-values | grep "AZURE_TENANT_ID"

   AZURE_TENANT_ID=<your-tenant-id>
   AZURE_INFERENCE_ENDPOINT=<your-azure-ai-endpoint>
   AZURE_DEEPSEEK_DEPLOYMENT=DeepSeek-R1
   

   ⚠️ Never commit your .env file to source control. It's already in .gitignore.

3. Install dependencies:

   go mod download

4. Run the application:

   go run main.go

To run the tests in main_test.go, ensure you are in the src directory and run the following command(s):

go test ./... -v

This will execute all the test cases and display detailed output for each test.

Build and run the application using Docker:

docker build -t deepseek-go -f src/Dockerfile .
docker run -p 3000:3000 --env-file .env deepseek-go

├── src/                 # Application source code
│   ├── main.go          # Main application entry point
│   ├── Dockerfile       # Container configuration
│   └── static/          # Web interface assets
│       ├── index.html   # Chat UI
│       └── styles.css   # Styling
├── infra/               # Infrastructure as code
│   ├── main.bicep       # Main infrastructure template
│   ├── aca.bicep        # Container App configuration
│   └── core/            # Core infrastructure components
└── docs/                # Documentation and images

The application uses environment variables for configuration:

• AZURE_TENANT_ID: Your Azure tenant ID for authentication
• AZURE_INFERENCE_ENDPOINT: The endpoint for Azure AI Services
• AZURE_DEEPSEEK_DEPLOYMENT: The model deployment name (defaults to "DeepSeek-R1")
• RUNNING_IN_PRODUCTION: Set to "true" when running in Azure to use managed identity
• AZURE_CLIENT_ID: The client ID for managed identity in production

Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage. The majority of the Azure resources used in this infrastructure are on usage-based pricing tiers. However, Azure Container Registry has a fixed cost per registry per day.

You can try the Azure pricing calculator for the resources:

• Azure AI Service: S0 tier, DeepSeek-RW model. Pricing is based on token count. Pricing
• Azure Container App: Consumption tier with 0.5 CPU, 1GiB memory/storage. Pricing is based on resource allocation, and each month allows for a certain amount of free usage. Pricing
• Azure Container Registry: Basic tier. Pricing
• Log analytics: Pay-as-you-go tier. Costs based on data ingested. Pricing

⚠️ To avoid unnecessary costs, remember to take down your app if it's no longer in use, either by deleting the resource group in the Portal or running azd down.

This template uses Managed Identity for authenticating to the Azure OpenAI service.

This template also enables the Container Apps built-in authentication feature with a Microsoft Entra ID identity provider. The Bicep files use the new Microsoft Graph extension (public preview) to create the Entra application registration using managed identity with Federated Identity Credentials, so that no client secrets or certificates are necessary.

Additionally, we have added a GitHub Action that scans the infrastructure-as-code files and generates a report containing any detected issues. To ensure continued best practices in your own repository, we recommend that anyone creating solutions based on our templates ensure that the Github secret scanning setting is enabled.

You may want to consider additional security measures, such as:

• Protecting the Azure Container Apps instance with a firewall and/or Virtual Network.
• Enabling Microsoft Defender for Cloud on the resource group and setting up security policies.

Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.

This project is licensed under the MIT License - see the LICENSE file for details.

• Azure AI Foundry
• Azure AI Services