Simplify GCP prod Terraform config for minimal, non-HA instances

envs/gcp/prod/main.tf

@@ -1,5 +1,4 @@
 locals {
-  enable_build_env = var.enable_build_env
   enable_gcs       = var.enable_gcs
   enable_cloud_sql = var.enable_cloud_sql
   enable_redis     = var.enable_redis
@@ -12,7 +11,7 @@ locals {
   enable_lb = var.enable_lb
 
   lb_routing_plan = {
-    domain = var.lb_domain
+    domain = var.base_domain
     default_backend = (var.ui_service_name != "" ? "ui" : "backend")
     backends = {
       backend = {
@@ -48,14 +47,6 @@ module "network" {
   services_secondary_range = var.services_secondary_range
 }
 
-module "artifact_registry" {
-  count  = local.enable_build_env ? 1 : 0
-  source = "../../../modules/gcp/artifact_registry"
-
-  location  = var.artifact_registry_location
-  repo_name = var.artifact_registry_repo
-}
-
 module "iam" {
   source = "../../../modules/gcp/iam"
 
@@ -194,16 +185,12 @@ module "lb_backends" {
   name_prefix            = var.name_prefix
   backend_service_name   = var.app_service_name
   ui_service_name        = var.ui_service_name
-  lb_domain              = var.lb_domain
+  lb_domain              = var.base_domain
   api_path_prefixes      = var.lb_api_path_prefixes
 }
 
 # Outputs adjusted (removed GKE related ones)
 
-output "artifact_registry_repo" {
-  value = local.enable_build_env ? module.artifact_registry[0].repository : null
-}
-
 output "gcs_bucket_name" {
   value = local.enable_gcs ? module.gcs[0].bucket_name : null
 }

envs/gcp/prod/terraform.tfvars.example

@@ -2,100 +2,44 @@
 # Only list variables commonly customized – others keep defaults.
 
 # Required project and domain
-project_id       = "your-gcp-project-id"
-base_domain      = "mega.example.com"           # used for certificates / app config
-
-# Region / zone (optional overrides)
-# region         = "us-central1"
-# zone           = "us-central1-b"
+project_id       = "infra-20250121-20260121-0235"
+base_domain      = "buck2hub.com" 
 
 # GCS (object storage)
 gcs_bucket                = "mega-prod-storage"
-gcs_force_destroy         = false
-
-# Artifact Registry (container images)
-artifact_registry_repo    = "mega-prod"
 
 # Cloud Run backend application
 app_service_name          = "mega-backend"
-# app_image can point to ECR Public or Artifact Registry
 app_image                 = "public.ecr.aws/m8q5m4u3/mega:mono-0.1.0-pre-release"
 app_env = {
   RAILS_ENV    = "production"
   RACK_ENV     = "production"
 }
-app_cpu                   = "1"          # e.g. "2"
-app_memory                = "512Mi"      # e.g. "1Gi"
-app_min_instances         = 0
-app_max_instances         = 20
-app_allow_unauth          = true         # set false to require IAP / IAM
 
 # Cloud Run UI (Next.js SSR)
-# Leave ui_service_name empty to skip creating UI service
 ui_service_name           = "mega-ui"
 ui_image                  = "public.ecr.aws/m8q5m4u3/mega:mega-ui-staging-0.1.0-pre-release"
 ui_env_vars = {
   APP_ENV = "staging"
 }
-ui_cpu                    = "1"
-ui_memory                 = "512Mi"
-ui_min_instances          = 0
-ui_max_instances          = 10
-ui_allow_unauth           = true
 
 # Database (Cloud SQL)
 cloud_sql_instance_name   = "mega-prod-db"
 cloud_sql_db_name         = "mega"
 db_username               = "mega_user"
 db_password               = "your-prod-db-password"
 
-# Redis (Memorystore)
-redis_instance_name       = "mega-prod-redis"
+# Testing (option 1): enable public IP while keeping private networking to avoid empty network references
+cloud_sql_enable_private_service_connection = true
+cloud_sql_enable_public_ip                  = true
 
-# Filestore (optional – set enable_filestore=false to skip)
-filestore_instance_name   = "mega-prod-fs"
+# VPC Connector CIDR (Required for the module to avoid 400 error)
+vpc_connector_cidr                          = "10.8.0.0/28"
 
-# Storage service keys – only if accessing external S3-compatible storage
-# storage_key             = ""
-# storage_secret_key      = ""
-# storage_bucket          = ""
+# Redis (Memorystore)
+redis_instance_name       = "mega-prod-redis"
+redis_tier                = "BASIC"     # no HA
+redis_memory_size_gb      = 1
 
 # Rails secrets (sensitive)
 rails_master_key          = "your-prod-rails-master-key"
-
-# Feature flags – leave true unless you explicitly want to skip resource creation
-enable_gcs                = true
-enable_cloud_sql          = true
-enable_redis              = true
-enable_filestore          = true
-enable_apps               = true
-
-# Networking mode
-# Production recommendation: use private networking (VPC + VPC Connector) and disable public IP.
-# Testing option: switch to public IP access (NOT recommended for production).
-
-# Private networking for Cloud SQL / Redis (VPC + VPC Connector)
-enable_private_networking = true
-vpc_connector_name        = "mega-prod-cr-conn"
-# vpc_connector_cidr       = "10.43.0.0/28"  # optional: leave null for auto
-cloud_run_vpc_egress      = "private-ranges-only"
-
-# Testing: allow connecting to Cloud SQL via public IP (NOT recommended for production).
-# Note: Set enable_private_networking above to false if you need to enable public access for testing.
-# cloud_sql_enable_private_service_connection = false
-# cloud_sql_enable_public_ip                  = true
-
-# HTTPS Load Balancer & Routing Strategy (Milestone A)
-enable_lb            = true
-lb_domain            = "buck2hub.com"
-lb_api_path_prefixes = ["/api/v1", "/info/lfs"]
-
-enable_logging            = true
-enable_monitoring         = true
-enable_alerts             = true
-
-# Alerting channels example
-# alert_notification_channels = ["projects/your-project/notificationChannels/1234567890"]
-
-# IAM service accounts (optional complex object) – see variables.tf for full schema
-# iam_service_accounts = {}

envs/gcp/prod/variables.tf

@@ -25,11 +25,6 @@ variable "base_domain" {
   default = ""
 }
 
-variable "enable_build_env" {
-  type        = bool
-  description = "(deprecated) Was used for GKE build env. Default to false after migration to Cloud Run."
-  default     = false
-}
 
 variable "enable_gcs" {
   type    = bool
@@ -133,17 +128,6 @@ variable "cloud_run_vpc_egress" {
   default = "private-ranges-only"
 }
 
-variable "artifact_registry_location" {
-  type    = string
-  default = "us-central1"
-}
-
-variable "artifact_registry_repo" {
-  type        = string
-  description = "Artifact Registry repository name"
-  default     = "mega-prod"
-}
-
 variable "gcs_bucket" {
   type        = string
   description = "GCS bucket name"
@@ -177,13 +161,13 @@ variable "cloud_sql_database_version" {
 variable "cloud_sql_tier" {
   type        = string
   description = "Cloud SQL instance tier"
-  default     = "db-g1-small"
+  default     = "db-f1-micro"  # smallest tier for this project
 }
 
 variable "cloud_sql_disk_size" {
   type        = number
   description = "Cloud SQL disk size in GB"
-  default     = 100
+  default     = 10
 }
 
 variable "cloud_sql_disk_type" {
@@ -195,7 +179,7 @@ variable "cloud_sql_disk_type" {
 variable "cloud_sql_availability_type" {
   type        = string
   description = "Cloud SQL availability type"
-  default     = "REGIONAL"
+  default     = "ZONAL"
 }
 
 variable "cloud_sql_private_ip_prefix_length" {
@@ -221,7 +205,7 @@ variable "cloud_sql_db_name" {
 
 variable "cloud_sql_backup_enabled" {
   type    = bool
-  default = true
+  default = false
 }
 
 variable "cloud_sql_deletion_protection" {
@@ -237,12 +221,12 @@ variable "redis_instance_name" {
 
 variable "redis_tier" {
   type    = string
-  default = "STANDARD_HA"
+  default = "BASIC"
 }
 
 variable "redis_memory_size_gb" {
   type    = number
-  default = 4
+  default = 1
 }
 
 variable "redis_transit_encryption_mode" {
@@ -417,14 +401,9 @@ variable "ui_allow_unauth" {
 variable "enable_lb" {
   type        = bool
   description = "Whether to enable Global HTTPS Load Balancer"
-  default     = false
+  default     = true
 }
 
-variable "lb_domain" {
-  type        = string
-  description = "The FQDN for the load balancer (e.g., buck2hub.com)"
-  default     = "buck2hub.com"
-}
 
 variable "lb_api_path_prefixes" {
   type        = list(string)

modules/gcp/load_balancer/main.tf

@@ -32,8 +32,6 @@ variable "api_path_prefixes" {
   default     = ["/api/v1", "/info/lfs"]
 }
 
-# --- 1. Serverless NEGs (Milestone B) ---
-
 resource "google_compute_region_network_endpoint_group" "backend" {
   project               = var.project_id
   region                = var.region
@@ -57,8 +55,6 @@ resource "google_compute_region_network_endpoint_group" "ui" {
   }
 }
 
-# --- 2. Backend Services (Milestone B) ---
-
 resource "google_compute_backend_service" "backend" {
   project               = var.project_id
   name                  = "${var.name_prefix}-backend-bs"
@@ -82,8 +78,6 @@ resource "google_compute_backend_service" "ui" {
   }
 }
 
-# --- 3. URL Map (Milestone C) ---
-
 resource "google_compute_url_map" "this" {
   project = var.project_id
   name    = "${var.name_prefix}-urlmap"
@@ -109,8 +103,6 @@ resource "google_compute_url_map" "this" {
   }
 }
 
-# --- 4. Load Balancer Entry (Milestone D) ---
-
 resource "google_compute_global_address" "this" {
   project = var.project_id
   name    = "${var.name_prefix}-lb-ip"
@@ -132,8 +124,6 @@ resource "google_compute_global_forwarding_rule" "https" {
   load_balancing_scheme = "EXTERNAL_MANAGED"
 }
 
-# --- 5. Certificate Manager (Milestone E) ---
-
 resource "google_certificate_manager_dns_authorization" "this" {
   project     = var.project_id
   name        = "${var.name_prefix}-dns-auth"

modules/gcp/vpc_connector/main.tf

@@ -20,6 +20,10 @@ resource "google_vpc_access_connector" "this" {
   region        = var.region
   network       = var.network
   ip_cidr_range = var.ip_cidr_range
+
+  # Required by the API: throughput must be a multiple of 100 between 200 and 1000 Mbps.
+  min_throughput = 200
+  max_throughput = 300
 }
 
 output "id" {