Roles and Agents
Gemini AI can be configured to perform specialized roles in DevOps workflows through customized agents. This guide explores how to define and deploy role-specific Gemini agents for cloud infrastructure operations.
Understanding Gemini Roles
A Gemini "role" defines the specific function, expertise, and permissions assigned to a Gemini instance. Well-defined roles ensure that:
Permissions follow the principle of least privilege
Outputs align with organizational standards
The agent's behavior matches its intended purpose
Interactions remain consistent across team members
Core DevOps Roles for Gemini
Infrastructure Architect
This role focuses on designing cloud infrastructure with an emphasis on best practices and optimization.
INFRASTRUCTURE_ARCHITECT_CONFIG = {
"model": "models/gemini-2.5-pro",
"temperature": 0.1, # Lower temperature for more precise responses
"top_p": 0.95,
"top_k": 40,
"system_instruction": """
You are an Infrastructure Architect specializing in cloud architecture design.
Your primary responsibilities are:
1. Design scalable, resilient cloud architectures following best practices
2. Evaluate existing infrastructure and suggest improvements
3. Create architecture diagrams and documentation
4. Ensure designs adhere to security and compliance requirements
5. Optimize for cost, performance, and maintainability
When generating infrastructure code:
- Prioritize managed services over self-managed where appropriate
- Include detailed comments explaining architectural decisions
- Design with security and compliance as first priorities
- Ensure resources follow standard naming conventions
- Implement proper tagging strategies for resources
You have read-only access to infrastructure diagrams and documentation.
"""
}Security Auditor
This role focuses on identifying security issues in infrastructure configurations.
SECURITY_AUDITOR_CONFIG = {
"model": "models/gemini-2.5-pro",
"temperature": 0.1,
"top_p": 0.95,
"top_k": 40,
"system_instruction": """
You are a Security Auditor specializing in cloud infrastructure security.
Your primary responsibilities are:
1. Review infrastructure code for security vulnerabilities
2. Validate compliance with security standards (CIS, NIST, etc.)
3. Recommend security improvements with specific remediation steps
4. Assess IAM configurations for adherence to least privilege
5. Identify data protection issues in storage configurations
When reviewing infrastructure:
- Focus on critical security issues first
- Provide specific, actionable remediation steps
- Include references to security best practices or compliance standards
- Be thorough and check for subtle security misconfigurations
You have read-only access to infrastructure code and compliance documentation.
"""
}Deployment Engineer
This role specializes in creating and troubleshooting CI/CD pipelines.
DEPLOYMENT_ENGINEER_CONFIG = {
"model": "models/gemini-pro", # Standard model is sufficient
"temperature": 0.2,
"top_p": 0.95,
"top_k": 40,
"system_instruction": """
You are a Deployment Engineer specializing in CI/CD pipelines and automation.
Your primary responsibilities are:
1. Create and optimize CI/CD pipeline configurations
2. Troubleshoot deployment failures
3. Design automated testing processes
4. Implement deployment strategies (blue/green, canary, etc.)
5. Create rollback procedures and failsafes
When creating pipeline configurations:
- Include appropriate validation steps
- Implement proper environment separation
- Add comprehensive error handling
- Design for observability with appropriate logging
- Ensure secure handling of credentials and secrets
You have read-access to pipeline configurations and deployment logs.
"""
}Implementing Gemini Agents
Agent Architecture
A Gemini agent typically consists of:
Core Logic: Python code that orchestrates the Gemini API interactions
Role Configuration: System instructions and parameters defining behavior
Tool Connections: Integrations with external systems and APIs
Memory System: For maintaining context across interactions
Feedback Loop: To improve responses over time
Python Implementation
Here's an example of a complete Gemini agent implementation:
import os
import google.generativeai as genai
from google.generativeai.types import HarmCategory, HarmBlockThreshold
from typing import Dict, List, Any
import json
import logging
# Configure logging
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
logger = logging.getLogger('gemini-agent')
class GeminiAgent:
"""A configurable agent built on Google's Gemini models."""
def __init__(self, role_config: Dict[str, Any], api_key: str = None):
"""
Initialize a new Gemini agent with a specific role.
Args:
role_config: Dictionary containing model parameters and system instructions
api_key: Google API key (defaults to GOOGLE_API_KEY environment variable)
"""
# Set API key
api_key = api_key or os.environ.get('GOOGLE_API_KEY')
if not api_key:
raise ValueError("API key must be provided or set as GOOGLE_API_KEY environment variable")
genai.configure(api_key=api_key)
# Store configuration
self.config = role_config
self.model_name = role_config.get('model', 'models/gemini-pro')
self.temperature = role_config.get('temperature', 0.2)
self.top_p = role_config.get('top_p', 0.95)
self.top_k = role_config.get('top_k', 40)
self.system_instruction = role_config.get('system_instruction', '')
# Initialize the model
self.model = genai.GenerativeModel(
model_name=self.model_name,
safety_settings={
HarmCategory.HARM_CATEGORY_HATE_SPEECH: HarmBlockThreshold.BLOCK_MEDIUM_AND_ABOVE,
HarmCategory.HARM_CATEGORY_DANGEROUS_CONTENT: HarmBlockThreshold.BLOCK_MEDIUM_AND_ABOVE,
HarmCategory.HARM_CATEGORY_SEXUALLY_EXPLICIT: HarmBlockThreshold.BLOCK_MEDIUM_AND_ABOVE,
HarmCategory.HARM_CATEGORY_HARASSMENT: HarmBlockThreshold.BLOCK_MEDIUM_AND_ABOVE,
},
generation_config={
"temperature": self.temperature,
"top_p": self.top_p,
"top_k": self.top_k,
}
)
# Start a conversation with system instruction
self.chat = self.model.start_chat(history=[
{
"role": "user",
"parts": ["Please confirm you understand your role and responsibilities."]
},
{
"role": "model",
"parts": ["I understand my role and responsibilities as defined in my instructions. I'm ready to assist you according to these guidelines."]
}
])
# Add system instruction if provided
if self.system_instruction:
self._add_system_instruction()
logger.info(f"Initialized {self.model_name} agent with role: {role_config.get('role', 'unspecified')}")
def _add_system_instruction(self):
"""Add system instruction to the conversation."""
self.chat.send_message(f"System: {self.system_instruction}")
def generate_response(self, prompt: str) -> str:
"""
Generate a response based on the given prompt.
Args:
prompt: The input text to generate a response for
Returns:
The generated response text
"""
try:
response = self.chat.send_message(prompt)
return response.text
except Exception as e:
logger.error(f"Error generating response: {e}")
return f"I encountered an error: {str(e)}"
def generate_with_structured_output(self, prompt: str, output_schema: Dict) -> Dict:
"""
Generate a response and parse it as structured data.
Args:
prompt: The input text
output_schema: JSON schema defining the expected output structure
Returns:
Structured data matching the provided schema
"""
schema_prompt = f"""
{prompt}
Please provide your response as a JSON object with the following structure:
{json.dumps(output_schema, indent=2)}
Respond ONLY with valid JSON matching this schema.
"""
try:
response = self.chat.send_message(schema_prompt)
# Extract JSON from response
response_text = response.text
# Find JSON in the response (handling potential markdown code blocks)
json_start = response_text.find('{')
json_end = response_text.rfind('}') + 1
if json_start >= 0 and json_end > json_start:
json_str = response_text[json_start:json_end]
return json.loads(json_str)
else:
logger.error("Could not extract JSON from response")
return {"error": "Failed to parse structured output"}
except json.JSONDecodeError:
logger.error("Invalid JSON in response")
return {"error": "Invalid JSON structure in response"}
except Exception as e:
logger.error(f"Error in structured output generation: {e}")
return {"error": str(e)}Using the Agent
# Example usage of the Infrastructure Architect agent
from gemini_agent import GeminiAgent, INFRASTRUCTURE_ARCHITECT_CONFIG
# Initialize the agent
architect_agent = GeminiAgent(INFRASTRUCTURE_ARCHITECT_CONFIG)
# Get infrastructure design recommendations
cloud_requirements = """
We need a highly available web application with:
- Frontend: React SPA
- Backend: Node.js API
- Database: PostgreSQL
- Expected traffic: ~10,000 users/day
- Budget constraints: Optimize for cost
- Compliance requirements: GDPR, SOC2
"""
response = architect_agent.generate_response(
f"Design an AWS architecture for the following requirements:\n\n{cloud_requirements}"
)
print(response)
# Get structured recommendations using a schema
schema = {
"architecture": {
"components": ["list of components"],
"diagram": "text diagram or description",
},
"estimated_costs": {
"monthly_estimate": "dollar amount",
"cost_optimization_suggestions": ["list of suggestions"]
},
"security_considerations": ["list of security items"]
}
structured_response = architect_agent.generate_with_structured_output(
f"Design an AWS architecture for:\n\n{cloud_requirements}",
schema
)
print(json.dumps(structured_response, indent=2))Automating Agent Deployment
Docker Container
Create a Dockerfile for your agent:
FROM python:3.10-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY gemini_agent.py .
COPY role_configs.py .
COPY app.py .
ENV GOOGLE_API_KEY=""
ENV ROLE="infrastructure-architect"
CMD ["python", "app.py"]Kubernetes Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: gemini-infra-architect
namespace: ai-agents
spec:
replicas: 1
selector:
matchLabels:
app: gemini-agent
role: infra-architect
template:
metadata:
labels:
app: gemini-agent
role: infra-architect
spec:
containers:
- name: gemini-agent
image: your-registry/gemini-agent:latest
env:
- name: ROLE
value: "infrastructure-architect"
- name: GOOGLE_API_KEY
valueFrom:
secretKeyRef:
name: gemini-credentials
key: api-key
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: gemini-infra-architect
namespace: ai-agents
spec:
selector:
app: gemini-agent
role: infra-architect
ports:
- port: 80
targetPort: 8080
type: ClusterIPBest Practices for Gemini Agents
Security Considerations
API Key Management:
Use a secrets manager (AWS Secrets Manager, HashiCorp Vault)
Rotate keys regularly
Use service accounts with minimal permissions
Data Protection:
Be cautious about what data is sent to Gemini API
Implement data redaction for sensitive information
Use data loss prevention (DLP) tools when necessary
Access Control:
Implement authentication for agent access
Log all interactions with the agent
Set up proper authorization checks
Performance Optimization
Caching:
Cache common queries to reduce API calls
Implement a distributed cache for multi-instance deployments
Prompt Engineering:
Fine-tune prompts for better response quality
Use structured output formats for consistency
Implement prompt templates for common scenarios
Batch Processing:
For bulk operations, use batch processing
Implement rate limiting for API calls
Consider asynchronous processing for non-interactive tasks
Monitoring Gemini Agents
Key Metrics to Track
Performance Metrics:
Response time
Token usage
Request success/failure rate
Cache hit rate
Quality Metrics:
Response relevance scores (can be collected through user feedback)
Hallucination rate (tracked through feedback)
Task completion rate
Sample Monitoring Setup
def log_interaction(agent_id, prompt, response, metadata=None):
"""Log an interaction with the agent to monitoring system."""
interaction_data = {
"timestamp": datetime.now().isoformat(),
"agent_id": agent_id,
"prompt_tokens": len(prompt.split()),
"response_tokens": len(response.split()),
"metadata": metadata or {}
}
# Log to your monitoring system
logger.info(f"Agent interaction: {json.dumps(interaction_data)}")
# If using a monitoring service like Prometheus
PROMPT_TOKENS.labels(agent_id=agent_id).observe(interaction_data["prompt_tokens"])
RESPONSE_TOKENS.labels(agent_id=agent_id).observe(interaction_data["response_tokens"])
RESPONSE_TIME.labels(agent_id=agent_id).observe(metadata.get("response_time_ms", 0))Integration with Workflow Systems
GitHub Actions Integration
# .github/workflows/infrastructure-review.yml
name: Infrastructure Review
on:
pull_request:
paths:
- 'terraform/**'
- 'cloudformation/**'
- 'bicep/**'
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install google-generativeai requests
- name: Run Gemini Infrastructure Review
env:
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
run: |
python .github/scripts/gemini_infra_review.py
- name: Comment on PR
uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const reviewResults = fs.readFileSync('review-results.json', 'utf8');
const results = JSON.parse(reviewResults);
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## 🤖 Gemini Infrastructure Review\n\n${results.summary}\n\n### Security Findings\n\n${results.security_findings.join('\n')}\n\n### Performance Considerations\n\n${results.performance_considerations.join('\n')}`
});Last updated