![[The AI Show Episode 148]: Microsoft’s Quiet AI Layoffs, US Copyright Office’s Bombshell AI Guidance, 2025 State of Marketing AI Report, and OpenAI Codex](https://www.marketingaiinstitute.com/hubfs/ep%20148%20cover%20%281%29.png)
![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![How to make Developer Friends When You Don't Live in Silicon Valley, with Iraqi Engineer Code;Life [Podcast #172]](https://cdn.hashnode.com/res/hashnode/image/upload/v1747360508340/f07040cd-3eeb-443c-b4fb-370f6a4a14da.png?#)
-(1).jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![What’s new in Android’s May 2025 Google System Updates [U: 5/19]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple's iPhone Shift to India Accelerates With $1.5 Billion Foxconn Investment [Report]](https://www.iclarified.com/images/news/97357/97357/97357-640.jpg)
![Apple Releases iPadOS 17.7.8 for Older Devices [Download]](https://www.iclarified.com/images/news/97358/97358/97358-640.jpg)
Google Agent Development Kit (ADK) Introduction (6): Deploy to Google Cloud
Learning Objectives Master container deployment and autoscaling on Google Cloud Run, including secure key management. Implement performance monitoring and cost control using Cloud Monitoring and Grafana. Task Overview Application Containerization: Package the Streamlit Agent as a Docker image, manage credentials.json/token.json securely with Secret Manager, and deploy to Cloud Run. Performance Monitoring: Set up Cloud Monitoring and Grafana. Environment Setup: Install Google Cloud SDK and handle Docker image authentication. Prerequisites: Install and Configure Google Cloud SDK Install following the official documentation. macOS (Homebrew): brew install --cask google-cloud-sdk Initialize: gcloud init (sign in, set or create a project, e.g. adk-learning-journey) Set project: gcloud config set project adk-learning-journey Docker auth: gcloud auth configure-docker Enable required APIs: gcloud services enable secretmanager.googleapis.com \ artifactregistry.googleapis.com \ run.googleapis.com \ iam.googleapis.com \ cloudbuild.googleapis.com \ logging.googleapis.com \ monitoring.googleapis.com # If additional APIs are needed (e.g. Calendar, Gemini), enable them as well # gcloud services enable calendar-json.googleapis.com # gcloud services enable generativelanguage.googleapis.com Deployment Steps (Detailed) 1. Prepare Application and Security Config requirements.txt: Make sure all required packages are included (such as google-cloud-secret-manager, etc). Sensitive Files: Never include credentials.json or token.json in your Git repo or Docker image. Add them to .gitignore. Using Secret Manager A. Upload credentials.json gcloud secrets create calendar-credentials \ --project="adk-learning-journey" \ --replication-policy="automatic" \ --description="OAuth client credentials for Google Calendar API" gcloud secrets versions add calendar-credentials \ --project="adk-learning-journey" \ --data-file="path/to/credentials.json" B. Upload token.json gcloud secrets create calendar-token \ --project="adk-learning-journey" \ --replication-policy="automatic" \ --description="User OAuth token for Google Calendar API" gcloud secrets versions add calendar-token \ --project="adk-learning-journey" \ --data-file="path/to/token.json" C. Modify your application to read from Secret Manager Your code should load credentials.json and token.json from Secret Manager (see example). 2. Docker Packaging Sample Dockerfile (key points): FROM python:3.12-slim WORKDIR /app COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt COPY . . EXPOSE 8080 ENV PYTHONUNBUFFERED 1 ENV GOOGLE_CLOUD_PROJECT "adk-learning-journey" ENV PORT 8080 CMD streamlit run streamlit_app.py --server.port $PORT --server.address 0.0.0.0 Tip: Use --set-env-vars during Cloud Run deployment to override the project ID for portability. 3. Build & Test Docker Image docker build -t $IMAGE_URI . docker run -p 8080:8080 \ -e GOOGLE_CLOUD_PROJECT="adk-learning-journey" \ -e PORT="8080" \ $IMAGE_URI # Verify local access via http://localhost:8080 4. Push Image to Artifact Registry (or GCR) Create repository (if not already created): gcloud artifacts repositories create $REPO \ --project="adk-learning-journey" \ --repository-format=docker \ --location=$REGION Push: docker push $IMAGE_URI 5. Deploy to Cloud Run A. Create Service Account (SA): gcloud iam service-accounts create meeting-workflow \ --project="adk-learning-journey" \ --description="Service account for Meeting Workflow Streamlit Agent" \ --display-name="Meeting Workflow" B. Grant Secret Manager access to SA: gcloud projects add-iam-policy-binding adk-learning-journey \ --member="serviceAccount:meeting-workflow@adk-learning-journey.iam.gserviceaccount.com" \ --role="roles/secretmanager.secretAccessor" C. Deploy to Cloud Run: gcloud run deploy meeting-scheduler \ --image gcr.io/adk-learning-journey/meeting-workflow \ --platform managed \ --service-account meeting-workflow@adk-learning-journey.iam.gserviceaccount.com \ --set-env-vars="GOOGLE_CLOUD_PROJECT=adk-learning-journey" 6. Validate Deployment After deployment, open the Cloud Run URL provided by gcloud in your browser to test your service. In Google Cloud Console > Cloud Run > select your service > Logs, check for errors (env vars, secret access, app startup, etc).
Learning Objectives
- Master container deployment and autoscaling on Google Cloud Run, including secure key management.
- Implement performance monitoring and cost control using Cloud Monitoring and Grafana.
Task Overview
-
Application Containerization: Package the Streamlit Agent as a Docker image, manage
credentials.json/token.jsonsecurely with Secret Manager, and deploy to Cloud Run. - Performance Monitoring: Set up Cloud Monitoring and Grafana.
- Environment Setup: Install Google Cloud SDK and handle Docker image authentication.
Prerequisites: Install and Configure Google Cloud SDK
- Install following the official documentation.
-
macOS (Homebrew):
brew install --cask google-cloud-sdk - Initialize:
gcloud init(sign in, set or create a project, e.g.adk-learning-journey) - Set project:
gcloud config set project adk-learning-journey - Docker auth:
gcloud auth configure-docker - Enable required APIs:
gcloud services enable secretmanager.googleapis.com \
artifactregistry.googleapis.com \
run.googleapis.com \
iam.googleapis.com \
cloudbuild.googleapis.com \
logging.googleapis.com \
monitoring.googleapis.com
# If additional APIs are needed (e.g. Calendar, Gemini), enable them as well
# gcloud services enable calendar-json.googleapis.com
# gcloud services enable generativelanguage.googleapis.com
Deployment Steps (Detailed)
1. Prepare Application and Security Config
-
requirements.txt: Make sure all required packages are included (such as
google-cloud-secret-manager, etc). -
Sensitive Files: Never include
credentials.jsonortoken.jsonin your Git repo or Docker image. Add them to.gitignore.
Using Secret Manager
A. Upload credentials.json
gcloud secrets create calendar-credentials \
--project="adk-learning-journey" \
--replication-policy="automatic" \
--description="OAuth client credentials for Google Calendar API"
gcloud secrets versions add calendar-credentials \
--project="adk-learning-journey" \
--data-file="path/to/credentials.json"
B. Upload token.json
gcloud secrets create calendar-token \
--project="adk-learning-journey" \
--replication-policy="automatic" \
--description="User OAuth token for Google Calendar API"
gcloud secrets versions add calendar-token \
--project="adk-learning-journey" \
--data-file="path/to/token.json"
C. Modify your application to read from Secret Manager
Your code should load credentials.json and token.json from Secret Manager (see example).
2. Docker Packaging
Sample Dockerfile (key points):
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8080
ENV PYTHONUNBUFFERED 1
ENV GOOGLE_CLOUD_PROJECT "adk-learning-journey"
ENV PORT 8080
CMD streamlit run streamlit_app.py --server.port $PORT --server.address 0.0.0.0
Tip: Use
--set-env-varsduring Cloud Run deployment to override the project ID for portability.
3. Build & Test Docker Image
docker build -t $IMAGE_URI .
docker run -p 8080:8080 \
-e GOOGLE_CLOUD_PROJECT="adk-learning-journey" \
-e PORT="8080" \
$IMAGE_URI
# Verify local access via http://localhost:8080
4. Push Image to Artifact Registry (or GCR)
- Create repository (if not already created):
gcloud artifacts repositories create $REPO \
--project="adk-learning-journey" \
--repository-format=docker \
--location=$REGION
- Push:
docker push $IMAGE_URI
5. Deploy to Cloud Run
A. Create Service Account (SA):
gcloud iam service-accounts create meeting-workflow \
--project="adk-learning-journey" \
--description="Service account for Meeting Workflow Streamlit Agent" \
--display-name="Meeting Workflow"
B. Grant Secret Manager access to SA:
gcloud projects add-iam-policy-binding adk-learning-journey \
--member="serviceAccount:meeting-workflow@adk-learning-journey.iam.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor"
C. Deploy to Cloud Run:
gcloud run deploy meeting-scheduler \
--image gcr.io/adk-learning-journey/meeting-workflow \
--platform managed \
--service-account meeting-workflow@adk-learning-journey.iam.gserviceaccount.com \
--set-env-vars="GOOGLE_CLOUD_PROJECT=adk-learning-journey"
6. Validate Deployment
- After deployment, open the Cloud Run URL provided by
gcloudin your browser to test your service. - In Google Cloud Console > Cloud Run > select your service > Logs, check for errors (env vars, secret access, app startup, etc).
