Deploy on Google Cloud in 30 minutes

Production-ready deployment in your Google Cloud project using Terraform. Includes GKE, Cloud SQL for PostgreSQL, and a Global HTTP(S) Load Balancer.

Estimated time: ~30 minutes. You’ll need permissions to provision GKE, Cloud SQL, and networking resources in the target project.

  1. Prerequisites
    • Google Cloud project with billing enabled and IAM roles for compute, container, SQL, and networking.
    • Domain or subdomain for HTTPS (managed in Cloud DNS or external).
    • gcloud CLI and Terraform installed locally (or use Cloud Shell).
  2. Bootstrap

    Clone our Terraform module and set variables for region, network, and database size. From Cloud Shell or your workstation, initialize and apply:

    Open Terraform module (request access if needed)

  3. Key variables
    • gke_machine_type: e2-standard-4 (minimum for pilot workloads).
    • cloud_sql_tier: db-custom-2-7680 (or comparable).
    • cert_mode: managed; lb_type: global external HTTPS.
  4. Post-deploy
    • Update DNS to point to the load balancer frontend IP/hostname.
    • Set admin password and enable SSO (OIDC/SAML).
    • Configure backup/retention in Cloud SQL; set up logging/sinks.
  5. Redis cache (MemoryStore)
    • Create a Redis instance in MemoryStore (standard tier). Start small for pilots.
    • Restrict access to your VPC; record the host:port.
    • Configure REDIS_URL=redis://HOST:6379 in your services.
  6. Messaging (NATS)

    No managed NATS on GCP. For pilots, deploy on GKE using the official chart with JetStream. See the Kubernetes Quickstart for commands.

    • Use private Service/Ingress; secure with auth and network policies.
  7. AI models (GPU)
    • Create a GPU node pool for GKE (e.g., L4). Install the NVIDIA device plugin and drivers.
    • Schedule the models Deployment with limits: { nvidia.com/gpu: 1 } and adequate CPU/RAM.
  8. TLS, observability, and backups
    • TLS: Use Google-managed certs on the HTTPS LB; redirect HTTP→HTTPS.
    • Observability: Send logs to Cloud Logging; create metrics and alerts in Cloud Monitoring.
    • Backups: Enable automated backups and PITR for Cloud SQL; set bucket lifecycle for logs/artifacts.
  9. Security & access
    • Single sign-on: Configure OIDC/SAML in the platform settings.
    • Secrets: Store in Secret Manager; mount via Workload Identity.
    • Least privilege IAM: constrain service account roles and network access.
  10. Cleanup

    Destroy Terraform resources and remove any out-of-band artifacts (MemoryStore, certs, DNS) to avoid charges.

Book a Demo