This project provides a comprehensive example of how to build and deploy a secure, enterprise-ready Gemini-powered agent on the Google Cloud Platform using the Agent Development Kit (ADK).
It showcases a primary search agent and a test user agent to demonstrate secure agent-to-agent (A2A) communication.
To learn more about the deployment of Agent in the Entreprise, check out the associated Medium article: Deploying AI Agents in the Enterprise without Losing your Humanity using ADK and Google Cloud.
Before you begin, ensure you have the following tools installed:
- uv: An extremely fast Python package installer and resolver.
- Google Cloud SDK: For interacting with your GCP account.
The project demonstrates two primary deployment targets and secure communication patterns:
- User to Agent: A user interacts with the agent through a web UI hosted on a private Cloud Run instance.
- Agent to Agent (A2A): A separate
user_agentsecurely communicates with the mainsearch_agentby exchanging JSON Web Token (JWT).
Here is a simplified diagram of the architecture:
+----------------+ +----------------------+ +------------------------+
| User |----->| Private Cloud Run |----->| Vertex AI Services |
| (Web Browser) | | (search_agent UI) | | (Gemini models, etc.) |
+----------------+ +----------------------+ +------------------------+
^
| (same instance)
|
+----------------------+ +----------------------+
| user_agent |----->| Private Cloud Run |
| (Another service) | | (search_agent A2A) |
+----------------------+ +----------------------+
search_agent/: Contains the primary search agent, built with the ADK.user_agent/: A simple agent to demonstrate how to use the A2A integration.tests/: Python scripts to test the agent in different environments (local, Cloud Run, Agent Engine).justfile: Defines automation commands for setup, deployment, and testing..env.sample: A template for environment variables.pyproject.toml: Manages Python dependencies viauv.
This project emphasizes a secure-by-default posture:
- Private Cloud Run Services: During deployment (
just deploy-cloud-run), the script explicitly disallows unauthenticated invocations. This ensures your agent endpoints are not publicly accessible. - IAM-based Access Control: Interaction with the agent requires proper authentication and authorization. This is managed through a dedicated service account (
AGENT_RUN_SA). - Secure A2A Communication: For agent-to-agent communication, the calling agent (
user_agent) must use the credentials of an authorized service account to invoke thesearch_agent.
The justfile provides the following commands:
just cloud: Initializes your GCP environment (login, set project, enable APIs).just deploy-agent-engine: Deploys the agent to a private Vertex AI Agent Engine.just deploy-cloud-run: Deploys the agent to a private Cloud Run service.just deploy: Deploys to both Agent Engine and Cloud Run.just install: Installs Python dependencies.just test-agent-engine: Tests the Agent Engine deployment.just test-cloud-run: Tests the Cloud Run deployment.just test-local: Tests the agent locally.just test: Runs all tests.just web: Starts a local development server with a web UI.
-
Clone the repository:
git clone https://github.com/fmind/search-agent cd search-agent -
Install dependencies:
uv sync
-
Configure your environment:
- Copy
.env.sampleto.env:cp .env.sample .env - Edit
.envand fill in your GCP details.
- Copy
-
Initialize GCP:
just cloud
-
Deploy the agent:
just deploy
Important: When prompted to "Allow unauthenticated invocations" for Cloud Run, answer
nto keep your agent secure. -
Run locally (optional):
just web
-
Test the deployments:
just test
This project is licensed under the MIT License - see the LICENSE.txt file for details.