GKE production deploy
Status: stub. The full walkthrough is queued for a subsequent tutorial round. The structure below names every step plus the existing reference doc that covers it; the next round fills in the commands, expected outputs, and gotchas.
This tutorial deploys the NoETL stack to a Google Kubernetes Engine
cluster using the canonical
noetl_gke_fresh_stack
playbook, wires Vertex AI as the triage backend through Workload
Identity, configures Auth0 + ingress + managed TLS, and validates by
running the spike e2e against the deployed cluster.
Estimated time: 1–2 hours including provisioning.
Prerequisites
- Completed Quickstart so you understand the local-cluster baseline.
- A GCP project with billing enabled and the following APIs on:
container.googleapis.com,aiplatform.googleapis.com,secretmanager.googleapis.com,artifactregistry.googleapis.com. gcloudauthenticated (gcloud auth login+gcloud config set project <id>).- An Auth0 tenant with at least one Single Page Application client configured. See Auth Integration for the gateway-side contract.
- A domain you can point at the GKE Ingress (Auth0 callback URLs need to resolve).
Step 1 — Provision the cluster
Reference: automation/gcp_gke/noetl_gke_fresh_stack.yaml.
Step 2 — Wire Workload Identity for Vertex AI
The token flow goes through the GKE metadata server with the
https://www.googleapis.com/auth/cloud-platform scope. See
Vertex AI Triage Backend → Credential surface
for why this is preferred over service-account JSON files in pods.
Step 3 — Configure Auth0 callbacks
Step 4 — Deploy via bump_image lifecycle
Reference: Bump Image Lifecycle.
Step 5 — Register catalog playbooks on the GKE noetl-server
Step 6 — Run the spike with Vertex backend
Step 7 — Validate Workload Identity is in the loop
Next steps
- Frontend onboarding — point a real frontend at the deployed gateway.
- Add a new MCP backend — once Vertex is comfortable, add a second cloud backend behind the same contract.