Skip to main content

Customer‑Managed GCP Deployment (Terraform)

This guide is for customers who want to run the backend and frontend in their own GCP project, using the Terraform module in infra/terraform.

It assumes:

  • You own and manage the GCP project and billing.
  • You run Terraform yourself (locally or via your own CI).
  • You either build your own images or use images provided by the vendor.

For details of what the module creates, see infra/terraform/ and docs/infra/terraform_agents.md.

Prerequisites

  • A GCP project with billing enabled.
  • Terraform and gcloud installed (or a CI system that can run Terraform).
  • A GCS bucket for Terraform state (recommended).
  • A Terraform runner identity with permissions to provision Cloud Run, Cloud SQL, networking, IAM, Artifact Registry, Secret Manager, and required APIs.

You also need container images for the backend and frontend, for example in Artifact Registry:

  • us-central1-docker.pkg.dev/<project>/smartsre/smartsre-agents:<tag>
  • us-central1-docker.pkg.dev/<project>/smartsre/smartsre-frontend:<tag>

Setup

From the repo root:

cd infra/terraform

Initialize Terraform with a remote state backend (adjust bucket and prefix):

terraform init \
  -backend-config="bucket=<your-tf-state-bucket>" \
  -backend-config="prefix=smartsre/terraform"

Create infra/terraform/terraform.tfvars in your fork/working copy. Example (redact secrets in any shared artifacts):

project_id = "customer-prod-1234"
region     = "us-central1"

image          = "us-central1-docker.pkg.dev/customer-prod-1234/smartsre/smartsre-agents:1.0.0"
frontend_image = "us-central1-docker.pkg.dev/customer-prod-1234/smartsre/smartsre-frontend:1.0.0"

api_domain      = "api.customer-example.com"
frontend_domain = "app.customer-example.com"
backend_url     = "https://api.customer-example.com"
cors_origins    = "https://app.customer-example.com"

platform_admin_emails = "admin@customer-example.com"

google_oauth_client_id     = ""
google_oauth_client_secret = ""

Running Terraform

terraform plan  -var-file="terraform.tfvars"
terraform apply -var-file="terraform.tfvars"

After apply, point your DNS records at the provided load balancer IPs (for api_domain and frontend_domain), then verify:

curl -f "https://api.customer-example.com/health"

Upgrades

For each release:

  1. Build and push new backend/frontend images.
  2. Update image / frontend_image tags in terraform.tfvars.
  3. Run terraform plan / terraform apply.