Deploy NVIDIA AI-Q Blueprint 2.0 on Oracle Cloud Infrastructure

NVIDIA published a how-to on Jun 26, 2026 showing how to deploy the open source NVIDIA AI-Q Blueprint 2.0 on Oracle Cloud Infrastructure using Terraform to provision OCI resources and Helm to install workloads on an OKE cluster. The guide yields a working AI-Q endpoint and notes a single terraform destroy removes the entire stack.

What does the deployment create?

The deployment provisions an OCI network and an OKE cluster, installs three Helm workloads, and places API keys into OCI Vault and Kubernetes secrets. Terraform creates a VCN, an OKE enhanced cluster plus one node pool, an OCI Load Balancer, and an OCI Vault; Helm installs aiq-backend (FastAPI agent server), aiq-frontend (Next.js UI), and aiq-postgres (in-cluster PostgreSQL).

The blueprint also requires service limits: one enhanced cluster and one node pool, at least 10 GB of Block Volume for the in-cluster PostgreSQL, one flexible Load Balancer, and one Vault with secrets. The chart publishes defaults for image repositories and a dynamically provisioned 10 Gi Block Volume PVC.

How do you deploy AI-Q 2.0 on OCI?

Follow a three-step flow: configure Terraform variables, run terraform apply to create OCI resources, then install the Helm chart into the OKE cluster; total time is around 20 to 25 minutes. First, copy and edit deploy/terraform/terraform.tfvars to set tenancy_ocid, compartment_id, region, user_ocid, fingerprint, private_key_path, db_admin_password, nvidia_api_key, and tavily_api_key. Initialize and apply Terraform (terraform init; terraform plan; terraform apply). Terraform output prints oke_cluster_id and lb_public_ip which you export for later.

Next, configure kubectl for the new OKE cluster with oci ce cluster create-kubeconfig using the OKE_CLUSTER_ID, then create the ns-aiq namespace and the aiq-credentials Kubernetes secret containing NVIDIA and Tavily keys and the DB user password. Create an image-pull secret named ngc-secret for nvcr.io using the NGC_API_KEY. Pull and install the NGC Helm chart aiq2-web-2.0.0.tgz (helm pull https://helm.ngc.nvidia.com/nvidia/blueprint/charts/aiq2-web-2.0.0.tgz) and run helm upgrade --install aiq -n ns-aiq --wait --timeout 10m -f values-oci-ngc.yaml. Check that pods aiq-backend, aiq-frontend, and aiq-postgres are Running within 3 to 5 minutes.

The guide specifies local tool versions: terraform 1.5 or later, kubectl 1.28 or later, and helm 3.x or later. The frontend is pinned to NodePort 30080 to match the load balancer health check; the load balancer provides a public HTTP ingress on port 80 forwarding to NodePort 30080.

How is AI-Q architected?

AI-Q uses a multi-agent architecture where an intent router directs user queries to either a fast Shallow Research Agent or a Deep Agent composed of a Planning sub-agent and a Researcher sub-agent that share a Filesystem layer and run skills in sandboxes. The blueprint is extensible: models, tools, RAG backends, sub-agents, and evaluators can be swapped via YAML or the NeMo Agent Toolkit plugin system.

Operationally the OKE cluster runs the backend, frontend, and PostgreSQL workloads; OCI Vault stores encrypted NGC and Tavily keys at provision time while the running pods read them from the aiq-credentials Kubernetes secret. The documentation also calls out common troubleshooting: OKE quota errors, ImagePullBackOff when the ngc-secret is missing or the NGC_API_KEY is wrong, and postgres Pending states when a Block Volume PVC is not provisioned.

Why it matters

The blueprint packages an agentic, multi-agent reference implementation into a reproducible cloud deployment on OCI with NGC-hosted Helm charts and container images. That lowers the operational friction for teams that want a production-style agent stack: Terraform separates infrastructure from application, Helm supplies the workloads, and OCI Vault plus Kubernetes secrets cover key management.

What to watch

Confirm you can reach the AI-Q frontend at the LB public IP shown by terraform output lb_public_ip and verify pods aiq-backend, aiq-frontend, and aiq-postgres are Running. Next milestones to watch in the repo and docs are the promised Parts 2 and 3, which will demonstrate swapping models and other extensibility through the NeMo Agent Toolkit.