Deployment Examples
The repo ships minimum-viable IaC for the common managed-container platforms, each deploying a single gateway with caching, TLS, log export, and the admin API wired up.
| Target | Cache backend & auth | TLS terminates at |
|---|---|---|
| Raw Kubernetes | PVC (50Gi) — or swap to S3/MinIO/GCS/R2 | Ingress + cert-manager |
| GKE Autopilot (Tofu) | GCS via S3 interop — HMAC on a bound SA | GCE Ingress + managed cert |
| ECS Fargate (Tofu / CF) | AWS S3 — task IAM role, no static keys | ALB + ACM |
| EKS Fargate (Tofu / CF) | AWS S3 — IRSA, no static keys | ALB + ACM |
For S3 on AWS, prefer the task/IRSA role over static keys: grant s3:GetObject, s3:PutObject, s3:DeleteObject, and s3:ListBucket on the bucket and leave the access-key vars unset. Every example takes the image tag as an input (never :latest) and outputs the load-balancer address for you to point DNS at.
Smoke test after deploy
# Liveness — does not touch upstreams
curl -fsS https://<your-hostname>/health
# Proxy a Roboflow API call through the gateway
curl -fsS "https://<your-hostname>/proxy?url=https://api.roboflow.com/"
# Cache stats (needs the admin token)
curl -fsS -H "Authorization: Bearer <token>" \
https://<your-hostname>/_cache/stats