Google Cloud Platform Deployment Guide

Deploy SelfHostedDB on Google Cloud Platform

This guide covers deploying SelfHostedDB on GCP using Cloud Run or GKE.

Option 1: Cloud Run (Serverless)

Best for: Cost-effective, auto-scaling deployments

Steps

1. Push Image to Container Registry

   gcloud builds submit --tag gcr.io/PROJECT-ID/selfhosteddb

2. Deploy to Cloud Run

   gcloud run deploy selfhosteddb \
     --image gcr.io/PROJECT-ID/selfhosteddb \
     --platform managed \
     --region us-central1 \
     --allow-unauthenticated \
     --set-env-vars NODE_ENV=production,PORT=3001 \
     --set-secrets DATABASE_URL=database-url:latest,AUTH_USER=auth-user:latest,AUTH_PASS=auth-pass:latest

3. Configure Secrets

   echo -n 'postgres://...' | gcloud secrets create database-url --data-file=-
   echo -n 'admin' | gcloud secrets create auth-user --data-file=-
   echo -n 'your-password' | gcloud secrets create auth-pass --data-file=-

Benefits

• Automatic HTTPS (Cloud Run provides SSL)
• Auto-scaling to zero when not in use
• Pay-per-request pricing
• No server management required

Option 2: Google Kubernetes Engine (GKE)

Best for: Enterprise deployments

Steps

1. Create GKE Cluster

   gcloud container clusters create selfhosteddb-cluster \
     --num-nodes=2 \
     --machine-type=n1-standard-2 \
     --zone=us-central1-a

2. Deploy Application

   • Use Kubernetes manifests (same as AWS EKS - see Production Guide)
   • Store secrets in Google Secret Manager

Secrets Management

# Create secrets in Secret Manager
echo -n 'postgres://...' | gcloud secrets create database-url --data-file=-
echo -n 'admin' | gcloud secrets create auth-user --data-file=-
echo -n 'your-password' | gcloud secrets create auth-pass --data-file=-
 
# Grant access to GKE service account
gcloud secrets add-iam-policy-binding database-url \
  --member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"

Load Balancer

# Create ingress for HTTPS
kubectl apply -f ingress.yaml

Monitoring

Cloud Monitoring

• Metrics: CPU, memory, request count, latency
• Alerts: Set up alerting policies
• Dashboards: Create custom dashboards

Cloud Logging

• Container Logs: Automatic log collection
• Log Queries: Use LogQL for advanced queries
• Log-based Metrics: Create metrics from logs

Security Best Practices

• Use Google Secret Manager for all secrets
• Enable Workload Identity for service-to-service auth
• Use Private Google Access for database connections
• Enable Cloud Armor for DDoS protection
• Configure IAM roles with least privilege

Cost Optimization

• Cloud Run: Pay only for requests (scales to zero)
• GKE: Use preemptible nodes for non-production
• Cloud SQL: Use committed use discounts for long-term

Related Documentation

• Production Deployment Guide - General production deployment
• Security Best Practices - Security configuration
• Troubleshooting Guide - Common issues
• Installation Guide - Initial setup

Last Updated: 2025-01-27