Google Cloud Platform Deployment Guide
Deploy SelfHostedDB on Google Cloud Platform
This guide covers deploying SelfHostedDB on GCP using Cloud Run or GKE.
Option 1: Cloud Run (Serverless)
Best for: Cost-effective, auto-scaling deployments
Steps
-
Push Image to Container Registry
gcloud builds submit --tag gcr.io/PROJECT-ID/selfhosteddb -
Deploy to Cloud Run
gcloud run deploy selfhosteddb \ --image gcr.io/PROJECT-ID/selfhosteddb:latest \ --platform managed \ --region us-central1 \ --allow-unauthenticated \ --port 3001 \ --set-env-vars NODE_ENV=production,PORT=3001,LICENSE_SERVER_URL=https://license.selfhosteddb.com \ --set-secrets DATABASE_URL=database-url:latest,AUTH_USER=auth-user:latest,AUTH_PASS=auth-pass:latest,LICENSE_KEY=license-key:latest,LICENSE_EMAIL=license-email:latest \ --cpu 1 \ --memory 1Gi \ --max-instances 10 \ --min-instances 1Note: Cloud Run is stateless, so license activation via environment variables is required. The license data won't persist across container restarts, but the auto-activation will run on each startup.
-
Configure Secrets
echo -n 'postgres://...' | gcloud secrets create database-url --data-file=- echo -n 'admin' | gcloud secrets create auth-user --data-file=- echo -n 'your-password' | gcloud secrets create auth-pass --data-file=- echo -n 'your-license-key' | gcloud secrets create license-key --data-file=- echo -n 'your@email.com' | gcloud secrets create license-email --data-file=-
Benefits
- Automatic HTTPS (Cloud Run provides SSL)
- Auto-scaling to zero when not in use
- Pay-per-request pricing
- No server management required
Option 2: Google Kubernetes Engine (GKE)
Best for: Enterprise deployments
Steps
-
Create GKE Cluster
gcloud container clusters create selfhosteddb-cluster \ --num-nodes=2 \ --machine-type=n1-standard-2 \ --zone=us-central1-a -
Store Secrets in Google Secret Manager
echo -n 'postgres://...' | gcloud secrets create database-url --data-file=- echo -n 'admin' | gcloud secrets create auth-user --data-file=- echo -n 'your-password' | gcloud secrets create auth-pass --data-file=- echo -n 'your-license-key' | gcloud secrets create license-key --data-file=- echo -n 'your@email.com' | gcloud secrets create license-email --data-file=- # Grant access to GKE service account gcloud secrets add-iam-policy-binding database-url \ --member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \ --role="roles/secretmanager.secretAccessor" -
Deploy Application
- Use Kubernetes manifests (same as AWS EKS - see AWS EKS section)
- Include license environment variables and persistent volume for license data
- Store secrets in Google Secret Manager
Load Balancer
# Create ingress for HTTPS
kubectl apply -f ingress.yamlMonitoring
Cloud Monitoring
- Metrics: CPU, memory, request count, latency
- Alerts: Set up alerting policies
- Dashboards: Create custom dashboards
Cloud Logging
- Container Logs: Automatic log collection
- Log Queries: Use LogQL for advanced queries
- Log-based Metrics: Create metrics from logs
Security Best Practices
- Use Google Secret Manager for all secrets
- Enable Workload Identity for service-to-service auth
- Use Private Google Access for database connections
- Enable Cloud Armor for DDoS protection
- Configure IAM roles with least privilege
Cost Optimization
- Cloud Run: Pay only for requests (scales to zero)
- GKE: Use preemptible nodes for non-production
- Cloud SQL: Use committed use discounts for long-term
Related Documentation
- Production Deployment Guide - General production deployment
- Security Best Practices - Security configuration
- Troubleshooting Guide - Common issues
- Installation Guide - Initial setup
Last Updated: 2025-01-27