Skip to content

Simplify GCP prod Terraform config for minimal, non-HA instances#7

Merged
benjamin-747 merged 3 commits intogitmono-dev:mainfrom
WiedersehenM:feat/gcp-cloudrun-lb-certmanager
Feb 10, 2026
Merged

Simplify GCP prod Terraform config for minimal, non-HA instances#7
benjamin-747 merged 3 commits intogitmono-dev:mainfrom
WiedersehenM:feat/gcp-cloudrun-lb-certmanager

Conversation

@WiedersehenM
Copy link
Contributor

@WiedersehenM WiedersehenM commented Feb 9, 2026

Summary

This PR simplifies the GCP prod Terraform configuration and adjusts defaults to use the smallest reasonable instance sizes with no HA / replicas, aligning with the course requirement for a cost‑efficient, easy‑to‑understand setup.

Key work is focused under deployment/envs/gcp/prod (and related modules).

What’s Changed

1. Prod terraform.tfvars and example

  • Reduced terraform.tfvars to only the values that must differ per environment:
    • project_id, base_domain
    • GCS bucket name
    • Cloud Run service names, images, and basic env vars
    • Cloud SQL instance/database name + credentials
    • Redis instance name
    • Filestore instance name (optional)
    • Rails master key
  • Updated terraform.tfvars.example to mirror the same structure as prod tfvars but with placeholder values.
  • Documented testing option 1 for Cloud SQL:
    • cloud_sql_enable_private_service_connection = true
    • cloud_sql_enable_public_ip = true
    • This enables public IP access while keeping private networking, avoiding empty network references.
  • Added vpc_connector_cidr to example (e.g. 10.8.0.0/28) so that the Serverless VPC connector can be created without 400 errors.
  • Disabled Filestore by default in example:
    • enable_filestore = false
    • Rationale: Filestore is optional for this project and often blocked by additional network/permission requirements; defaulting to off makes the example easier to apply.

2. Instance sizing and HA/replicas

  • Cloud SQL
    • Default tier set to the smallest tier used in this project (e.g. db-f1-micro).
    • Reduced default disk size to 10GB.
    • Availability type set to ZONAL (non‑HA).
    • Backups disabled by default for teaching / minimal‑cost scenarios.
  • Redis (Memorystore)
    • Tier set to BASIC instead of STANDARD_HA.
    • Default memory size reduced to 1GB.
  • Cloud Run
    • Keep small resource limits (1 CPU / 512Mi) and rely on module defaults for min/max instances.
    • Removed redundant overrides from tfvars (no extra replicas configured explicitly).

3. Networking and VPC Connector

  • Kept private networking (enable_private_networking = true) for Cloud SQL and Redis by default.
  • Added explicit vpc_connector_cidr to avoid “CIDR required” errors when creating the Serverless VPC Access Connector.
  • Updated modules/gcp/vpc_connector:
    • Set min_throughput = 200 and max_throughput = 300 to satisfy the API’s throughput constraints (multiples of 100 between 200 and 1000 Mbps).

Motivation

  • Teaching / lab environment: we want students to be able to terraform apply with minimal friction.
  • Cost efficiency: smallest possible instances, no HA, and no unnecessary replicas.
  • Config clarity: move generic defaults into variables.tf and keep tfvars focused on per‑environment differences only.
  • Resilience to common errors:
    • Avoid Filestore/network errors by disabling Filestore by default.
    • Avoid VPC Connector 400s by providing a valid CIDR.
    • Provide a documented pattern for enabling Cloud SQL public IP while retaining private networking.

@WiedersehenM
feat(gcp): add HTTPS LB routing config for Cloud Run (NEG + URL map)
cc88ef2 
- Introduce a load balancer module to create Serverless NEGs and backend services for Cloud Run
- Add URL map host/path routing for buck2hub.com with explicit LFS prefixes (/api/v1, /info/lfs)
- Wire LB module into gcp/prod and expose outputs for LB IP and DNS authorization records
- Update prod variables and tfvars example for domain and routing settings

Signed-off-by: Hongze Gao <15101764808@163.com>
@WiedersehenM
docs(gcp): optimize tfvars layout and add public Cloud SQL test config
3ce4478 
- Add a commented-out example for public Cloud SQL access during testing

Signed-off-by: Hongze Gao <15101764808@163.com>
@WiedersehenM
chore(terraform): simplify prod tfvars for minimal, non-HA instances
01e7f9a 
- Update prod terraform.tfvars.example to favor smallest instance sizes
- Use BASIC tier and 1GB for Redis, disable Filestore by default
- Configure Cloud SQL with minimal tier, small disk, and zonal (non-HA) availability
- Keep testing option to enable public IP while retaining private networking
- Remove unnecessary toggles and rely on sane defaults to reduce config noise

Signed-off-by: Hongze Gao <15101764808@163.com>
@benjamin-747 benjamin-747 added this pull request to the merge queue Feb 10, 2026
Merged via the queue into gitmono-dev:main with commit f9094f9 Feb 10, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benjamin-747 benjamin-747 benjamin-747 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WiedersehenM @benjamin-747