# GCP Deployment Guide for Phishing Detection API This guide explains how to deploy the Phishing Detection API to Google Cloud Platform (GCP) using Docker and Cloud Run. ## Prerequisites 1. **Google Cloud Platform Account**: Ensure you have a GCP account and billing enabled 2. **gcloud CLI**: Install the [Google Cloud SDK](https://cloud.google.com/sdk/docs/install) 3. **Docker**: Install [Docker Desktop](https://www.docker.com/products/docker-desktop) or Docker Engine 4. **GROQ API Key**: Obtain your API key from [Groq](https://console.groq.com/) ## Quick Start ### Option 1: Using Cloud Build (Recommended) 1. **Set your GCP project**: ```bash gcloud config set project YOUR_PROJECT_ID ``` 2. **Run the deployment script**: ```bash # For Linux/Mac chmod +x deploy.sh ./deploy.sh YOUR_PROJECT_ID us-central1 # For Windows PowerShell .\deploy.ps1 -ProjectId YOUR_PROJECT_ID -Region us-central1 ``` The script will: - Enable required APIs - Create the GROQ_API_KEY secret in Secret Manager - Build the Docker image - Deploy to Cloud Run ### Option 2: Manual Deployment #### Step 1: Set Up GCP Project ```bash # Set your project gcloud config set project YOUR_PROJECT_ID # Enable required APIs gcloud services enable cloudbuild.googleapis.com gcloud services enable run.googleapis.com gcloud services enable containerregistry.googleapis.com gcloud services enable secretmanager.googleapis.com ``` #### Step 2: Create Secret for GROQ API Key ```bash # Create the secret echo -n "your-groq-api-key" | gcloud secrets create GROQ_API_KEY \ --data-file=- \ --replication-policy="automatic" # Grant Cloud Run access to the secret PROJECT_NUMBER=$(gcloud projects describe YOUR_PROJECT_ID --format="value(projectNumber)") gcloud secrets add-iam-policy-binding GROQ_API_KEY \ --member="serviceAccount:$PROJECT_NUMBER-compute@developer.gserviceaccount.com" \ --role="roles/secretmanager.secretAccessor" ``` #### Step 3: Build and Deploy ```bash # Using Cloud Build (recommended) gcloud builds submit --config=cloudbuild.yaml # Or build locally and push docker build -t gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest . docker push gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest # Deploy to Cloud Run gcloud run deploy phishing-detection-api \ --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \ --region us-central1 \ --platform managed \ --allow-unauthenticated \ --memory 4Gi \ --cpu 2 \ --timeout 300 \ --max-instances 10 \ --set-env-vars PYTHONUNBUFFERED=1 \ --set-secrets GROQ_API_KEY=GROQ_API_KEY:latest ``` ## Configuration Options ### Cloud Run Settings The deployment uses these default settings (configured in `cloudbuild.yaml`): - **Memory**: 4GB (required for ML models) - **CPU**: 2 vCPUs - **Timeout**: 300 seconds (5 minutes) - **Max Instances**: 10 - **Region**: us-central1 (change in cloudbuild.yaml or deploy command) ### Adjusting Resources If you need more resources, modify `cloudbuild.yaml`: ```yaml - '--memory' - '8Gi' # Increase memory for larger models - '--cpu' - '4' # Increase CPU for faster inference ``` Or deploy with custom settings: ```bash gcloud run deploy phishing-detection-api \ --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \ --memory 8Gi \ --cpu 4 \ --timeout 600 \ --max-instances 20 ``` ## Verifying Deployment 1. **Check service status**: ```bash gcloud run services describe phishing-detection-api --region us-central1 ``` 2. **Get service URL**: ```bash SERVICE_URL=$(gcloud run services describe phishing-detection-api \ --region us-central1 \ --format="value(status.url)") echo $SERVICE_URL ``` 3. **Test health endpoint**: ```bash curl $SERVICE_URL/health ``` 4. **View logs**: ```bash gcloud run services logs read phishing-detection-api --region us-central1 ``` ## API Endpoints Once deployed, your service will have these endpoints: - **Root**: `GET /` - API information - **Health Check**: `GET /health` - Service health and model status - **Prediction**: `POST /predict` - Main prediction endpoint - **API Docs**: `GET /docs` - Interactive API documentation (Swagger UI) ## Testing the API ### Using curl: ```bash curl -X POST "$SERVICE_URL/predict" \ -H "Content-Type: application/json" \ -d '{ "sender": "test@example.com", "subject": "Urgent Action Required", "text": "Please verify your account at http://suspicious-site.com", "metadata": {} }' ``` ### Using Python: ```python import requests url = "YOUR_SERVICE_URL/predict" payload = { "sender": "test@example.com", "subject": "Urgent Action Required", "text": "Please verify your account at http://suspicious-site.com", "metadata": {} } response = requests.post(url, json=payload) print(response.json()) ``` ## Monitoring and Logging ### View Logs in Console 1. Go to [Cloud Run Console](https://console.cloud.google.com/run) 2. Click on your service: `phishing-detection-api` 3. Navigate to the "Logs" tab ### View Logs via CLI ```bash gcloud run services logs read phishing-detection-api --region us-central1 --limit 50 ``` ### Set Up Alerts 1. Go to [Cloud Monitoring](https://console.cloud.google.com/monitoring) 2. Create alerts for: - Error rate - Request latency - Memory usage - CPU utilization ## Troubleshooting ### Container fails to start - Check logs: `gcloud run services logs read phishing-detection-api --region us-central1` - Verify models are present in the container - Check memory limits (may need to increase) ### Models not loading - Ensure all model files are included in the Docker image - Check model paths in `config.py` - Verify model files exist in `models/`, `finetuned_bert/`, and `Message_model/final_semantic_model/` ### GROQ API errors - Verify the secret is correctly set: `gcloud secrets versions access latest --secret="GROQ_API_KEY"` - Check IAM permissions for the Cloud Run service account - Verify the API key is valid ### High memory usage - Increase memory allocation in Cloud Run settings - Consider using model quantization - Check for memory leaks in the application ## Cost Optimization 1. **Set minimum instances to 0**: Scales to zero when not in use ```bash gcloud run services update phishing-detection-api \ --min-instances 0 \ --max-instances 10 ``` 2. **Use appropriate instance sizes**: Start with smaller instances and scale up if needed 3. **Enable request concurrency**: Reduce number of instances needed ```bash gcloud run services update phishing-detection-api \ --concurrency 10 ``` ## Security Considerations 1. **Authentication**: Currently deployed as public. Consider adding authentication: ```bash gcloud run services update phishing-detection-api \ --no-allow-unauthenticated ``` 2. **API Keys**: Store sensitive keys in Secret Manager (already configured) 3. **VPC**: Consider deploying in a VPC for additional network isolation ## Updating the Service To update after code changes: ```bash # Rebuild and deploy gcloud builds submit --config=cloudbuild.yaml # Or manually docker build -t gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest . docker push gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest gcloud run deploy phishing-detection-api \ --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \ --region us-central1 ``` ## Local Testing with Docker Before deploying to GCP, test locally: ```bash # Build the image docker build -t phishing-detection-api:local . # Run with environment variable docker run -p 8000:8000 \ -e GROQ_API_KEY=your-api-key \ phishing-detection-api:local # Test curl http://localhost:8000/health ``` ## Support For issues or questions: 1. Check the logs first 2. Verify all prerequisites are met 3. Ensure models are properly loaded 4. Review the API documentation at `/docs` endpoint