GCP Deployment Guide
This guide covers deploying the Med-SEAL AI Agent system to Google Cloud Platform using Cloud Run (serverless) alongside the existing GKE infrastructure.
Architecture Overview
┌────────────────────────────────────────────────────────────────┐
│ GCP Project: gen-lang-client-0538005727 │
│ │
│ ┌──────────────────────┐ ┌───────────────────────────────┐ │
│ │ Cloud Run │ │ GKE (medseal-cluster) │ │
│ │ (AI Agent Service) │ │ Region: asia-southeast1 │ │
│ │ │ │ │ │
│ │ medseal-agent │◄──►│ ai-frontend (1 pod) │ │
│ │ - 7 LangGraph agents│ │ ai-service (1 pod) │ │
│ │ - FastAPI + Uvicorn │ │ medplum-server (1 pod) │ │
│ │ - SEA-Guard safety │ │ medplum-app (1 pod) │ │
│ │ │ │ openemr (1 pod) │ │
│ │ Port: 8000 │ │ sync-service (1 pod) │ │
│ └──────────────────────┘ └───────────────────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────────────┐ ┌───────────────────┐ │
│ │ Artifact Registry │ │ Ingress: 34.54.226.15 │
│ │ (Docker images) │ │ app.medseal.*.nip.io │
│ └──────────────────┘ │ fhir.medseal.*.nip.io │
│ │ emr.medseal.*.nip.io │
│ │ api.medseal.*.nip.io │
│ └───────────────────┘ │
└────────────────────────────────────────────────────────────────┘
│ │
▼ ▼
┌─────────────┐ ┌──────────────┐
│ SEA-LION API │ │ Azure OpenAI │
│ (5 agents + │ │ (Clinical A2)│
│ SEA-Guard) │ │ GPT-5.3 │
└─────────────┘ └──────────────┘
Cloud Run Deployment
Prerequisites
Google Cloud SDK (
gcloud) installed and authenticatedGCP project with billing enabled
Required APIs: Cloud Run, Cloud Build, Artifact Registry
Step 1: Authenticate & Set Project
export PATH="$HOME/google-cloud-sdk/bin:$PATH"
gcloud auth login --no-launch-browser
gcloud config set project gen-lang-client-0538005727
Step 2: Enable Required APIs
gcloud services enable \
run.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com
Step 3: Deploy from Source
This command uploads the source, builds the Docker image via Cloud Build, and deploys to Cloud Run in one step:
gcloud run deploy medseal-agent \
--source /path/to/Med-SEAL \
--region asia-southeast1 \
--port 8000 \
--memory 1Gi \
--cpu 1 \
--timeout 60 \
--allow-unauthenticated \
--set-env-vars="\
MEDSEAL_SEALION_API_KEY=<your-sealion-key>,\
MEDSEAL_AZURE_OPENAI_ENDPOINT=<your-azure-endpoint>,\
MEDSEAL_AZURE_OPENAI_API_KEY=<your-azure-key>,\
MEDSEAL_AZURE_OPENAI_DEPLOYMENT=gpt-5.3,\
MEDSEAL_MEDPLUM_URL=http://fhir.medseal.34.54.226.15.nip.io/fhir/R4" \
--quiet
Step 4: Verify Deployment
# Service URL
gcloud run services describe medseal-agent \
--region asia-southeast1 \
--format="value(status.url)"
# Health check
curl https://medseal-agent-74997794842.asia-southeast1.run.app/health
# List registered agents
curl https://medseal-agent-74997794842.asia-southeast1.run.app/agents
Updating Environment Variables
gcloud run services update medseal-agent \
--region asia-southeast1 \
--update-env-vars="MEDSEAL_MEDPLUM_URL=<new-url>"
Current Deployment
Cloud Run Service
Field |
Value |
|---|---|
Service URL |
|
Swagger UI |
|
Region |
|
CPU |
1 vCPU |
Memory |
1 GiB |
Agents |
7 (companion, clinical, doctor-cds, nudge, lifestyle, insight, previsit) |
GKE Cluster (medseal-cluster)
Field |
Value |
|---|---|
Cluster |
|
Region |
|
Kubernetes |
v1.34.4-gke.1047000 |
Nodes |
2 × |
Master IP |
|
Ingress IP |
|
GKE Services (namespace: medseal)
Service |
Host |
Status |
|---|---|---|
AI Frontend |
|
✅ Running |
AI Service |
|
✅ Running |
Medplum FHIR |
|
✅ Running |
Medplum App |
|
✅ Running |
OpenEMR |
|
✅ Running |
OHIF Viewer |
|
Scaled to 0 |
PACS/Orthanc |
|
Scaled to 0 |
Environment Variables
Variable |
Description |
Required |
|---|---|---|
|
SEA-LION API key (powers 5 agents + SEA-Guard) |
✅ |
|
SEA-LION API endpoint |
Default: |
|
SEA-LION model name |
Default: |
|
SEA-Guard safety model |
Default: |
|
Azure OpenAI endpoint URL |
✅ |
|
Azure OpenAI API key |
✅ |
|
Azure deployment name |
Default: |
|
|
Default: |
|
Medplum FHIR R4 base URL |
✅ |
|
Medplum admin email |
Default: |
|
Medplum admin password |
Default: |
API Endpoints
Patient App Surface
Method |
Endpoint |
Description |
|---|---|---|
|
|
Create a new chat session |
|
|
Send a message (sync) |
|
|
Send a message (SSE stream) |
|
|
Conversation history |
|
|
Delete session |
|
|
Pre-visit summary |
Clinician Surface (OpenEMR)
Method |
Endpoint |
Description |
|---|---|---|
|
|
Doctor CDS (SSE) |
|
|
Doctor CDS (sync) |
|
|
CDS Hooks |
System & Admin
Method |
Endpoint |
Description |
|---|---|---|
|
|
System triggers |
|
|
List agents |
|
|
Agent health |
|
|
System health |
Troubleshooting
Health Check Shows medplum: unreachable
The Cloud Run service cannot reach the Medplum FHIR server. Ensure:
The GKE ingress IP (
34.54.226.15) is accessible from Cloud RunThe
MEDSEAL_MEDPLUM_URLenv var points to the correct FHIR endpoint
Health Check Shows vllm: unreachable
This is expected when using Azure OpenAI as the clinical LLM backend. The vLLM endpoint is only used when MEDSEAL_CLINICAL_LLM_BACKEND=vllm (local Med-R1 GPU inference).
Redeploying After Code Changes
# Re-deploy from source (rebuilds Docker image)
gcloud run deploy medseal-agent \
--source /path/to/Med-SEAL \
--region asia-southeast1 \
--quiet
Viewing Logs
# Cloud Run logs
gcloud run services logs read medseal-agent --region asia-southeast1 --limit 50
# GKE logs
kubectl logs -n medseal deployment/ai-service --tail=50