mirror of
https://github.com/anthropics/claude-code.git
synced 2026-06-30 21:43:33 +00:00
Gateway GCP example: Agent Platform rebrand and README cleanup
- Update Vertex AI prose references to Agent Platform across the example (READMEs, script/terraform comments, config template). Functional identifiers are unchanged: the 'provider: vertex' config key, roles/aiplatform.user, aiplatform.googleapis.com, and the terraform resource label (renaming it would recreate the IAM binding in existing states). First mentions keep '(formerly Vertex AI)' for searchability. - Drop the README's self-referential public-mirror link.
This commit is contained in:
@@ -1,18 +1,17 @@
|
||||
# Claude Gateway on Google Cloud
|
||||
|
||||
Reference deployment artifacts for running Claude Gateway on GCP with Vertex AI
|
||||
as the upstream: Cloud Run or GKE, Cloud SQL for PostgreSQL, Secret Manager, and
|
||||
service-account auth to Vertex AI.
|
||||
Reference deployment artifacts for running Claude Gateway on GCP with Agent
|
||||
Platform (formerly Vertex AI) as the upstream: Cloud Run or GKE, Cloud SQL for
|
||||
PostgreSQL, Secret Manager, and service-account auth to Agent Platform.
|
||||
|
||||
These files are provided as a working example rather than a supported production
|
||||
deployment. Adapt them to your own environment.
|
||||
|
||||
- **Walkthrough**: https://code.claude.com/docs/en/claude-apps-gateway-on-gcp
|
||||
- **Public mirror**: https://github.com/anthropics/claude-code/tree/main/examples/gateway/gcp
|
||||
|
||||
| File | Purpose |
|
||||
|---|---|
|
||||
| `setup.sh` | Scripts the walkthrough end to end via `gcloud` |
|
||||
| `Dockerfile` | Runtime image for the `claude gateway` binary |
|
||||
| `gateway.yaml.example` | Gateway config template, GCP-shaped (Vertex upstream, Google Workspace IdP) |
|
||||
| `gateway.yaml.example` | Gateway config template, GCP-shaped (Agent Platform upstream, Google Workspace IdP) |
|
||||
| `terraform/` | Provisions the full architecture (two-pass apply — see `terraform/README.md`) |
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
# gateway.yaml.example — Claude Gateway config template, GCP-shaped (walkthrough §6).
|
||||
#
|
||||
# Google Workspace IdP + Vertex upstream, following the walkthrough at
|
||||
# https://code.claude.com/docs/en/claude-apps-gateway-on-gcp. The active sections
|
||||
# Google Workspace IdP + Agent Platform (formerly Vertex AI) upstream, following
|
||||
# the walkthrough at https://code.claude.com/docs/en/claude-apps-gateway-on-gcp.
|
||||
# The active sections
|
||||
# below are a strict subset of the full configuration reference at
|
||||
# https://code.claude.com/docs/en/claude-apps-gateway; optional keys are included
|
||||
# commented-out.
|
||||
@@ -88,11 +89,11 @@ session:
|
||||
store:
|
||||
postgres_url: ${GATEWAY_POSTGRES_URL} # private-IP Cloud SQL; built with ?sslmode=require by setup.sh
|
||||
|
||||
# ── Upstreams — Vertex AI ────────────────────────────────────────────────────
|
||||
# ── Upstreams — Agent Platform ───────────────────────────────────────────────
|
||||
upstreams:
|
||||
- provider: vertex
|
||||
region: us-east5 # a region where the Claude models you need are published in Model Garden
|
||||
project_id: REPLACE_ME # your GCP project ID for Vertex access
|
||||
project_id: REPLACE_ME # your GCP project ID for Agent Platform access
|
||||
auth: {} # ADC via Cloud Run SA / GKE Workload Identity (preferred — no static keys)
|
||||
# base_url: https://us-east5-aiplatform.p.googleapis.com # Private Service Connect endpoint
|
||||
# Add more upstreams for failover (tried top→bottom on 5xx/timeout/501): a
|
||||
|
||||
@@ -29,7 +29,7 @@ set -euo pipefail
|
||||
|
||||
# ---- configuration (env-overridable) ----------------------------------------
|
||||
PROJECT_ID="${PROJECT_ID:-$(gcloud config get-value project 2>/dev/null)}"
|
||||
REGION="${REGION:-${CLOUDSDK_COMPUTE_REGION:-us-east5}}" # guide §1 uses us-east5 (Vertex model region)
|
||||
REGION="${REGION:-${CLOUDSDK_COMPUTE_REGION:-us-east5}}" # guide §1 uses us-east5 (Agent Platform model region)
|
||||
|
||||
SA_NAME="${SA_NAME:-claude-gateway}" # §2 service account
|
||||
SA_EMAIL="${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
|
||||
@@ -157,7 +157,7 @@ fi
|
||||
# and GKE.
|
||||
gcloud projects add-iam-policy-binding "${PROJECT_ID}" \
|
||||
--member="serviceAccount:${SA_EMAIL}" \
|
||||
--role="roles/aiplatform.user" --condition=None >/dev/null # Vertex inference (§2)
|
||||
--role="roles/aiplatform.user" --condition=None >/dev/null # Agent Platform inference (§2)
|
||||
|
||||
# ---- 3 Build & push image to Artifact Registry ----------------------------
|
||||
log "Ensuring Artifact Registry repo and image (§3)"
|
||||
@@ -390,7 +390,7 @@ fi
|
||||
# Direct VPC egress (--network/--subnet/--vpc-egress) puts the service on the
|
||||
# VPC so it reaches the Cloud SQL PRIVATE IP directly — matching the private-IP
|
||||
# connection string in the postgres-url secret. private-ranges-only keeps public
|
||||
# egress (Vertex, accounts.google.com) off the VPC, so no Cloud NAT is needed.
|
||||
# egress (Agent Platform, accounts.google.com) off the VPC, so no Cloud NAT is needed.
|
||||
# We deliberately do NOT use --add-cloudsql-instances (that's the Auth Proxy /
|
||||
# socket path, which would need a different connection string).
|
||||
#
|
||||
|
||||
@@ -50,7 +50,7 @@ resource "google_service_account" "gateway" {
|
||||
# Run and GKE.
|
||||
resource "google_project_iam_member" "vertex" {
|
||||
project = var.project_id
|
||||
role = "roles/aiplatform.user" # Vertex inference
|
||||
role = "roles/aiplatform.user" # Agent Platform inference
|
||||
member = "serviceAccount:${google_service_account.gateway.email}"
|
||||
}
|
||||
|
||||
@@ -310,7 +310,7 @@ resource "google_cloud_run_v2_service" "gateway" {
|
||||
network = google_compute_network.vpc.id
|
||||
subnetwork = google_compute_subnetwork.subnet.id
|
||||
}
|
||||
egress = "PRIVATE_RANGES_ONLY" # public egress (Vertex, accounts.google.com) bypasses the VPC -> no Cloud NAT needed
|
||||
egress = "PRIVATE_RANGES_ONLY" # public egress (Agent Platform, accounts.google.com) bypasses the VPC -> no Cloud NAT needed
|
||||
}
|
||||
|
||||
containers {
|
||||
|
||||
@@ -6,7 +6,7 @@ variable "project_id" {
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Infra region for Artifact Registry, Cloud SQL, subnet, and Cloud Run. (Vertex region is set separately inside gateway.yaml.)"
|
||||
description = "Infra region for Artifact Registry, Cloud SQL, subnet, and Cloud Run. (Agent Platform region is set separately inside gateway.yaml.)"
|
||||
type = string
|
||||
default = "us-east5"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user