Skip to main content

Available environments

  • production/gke
  • production/kubernetes
  • production/cloud-run
  • production/fly
  • production/digital-ocean

Typical workflow

cd infra/terraform/environments/production/<target>
cp terraform.tfvars.example terraform.tfvars
terraform init
terraform plan
terraform apply

Target notes

Creates the Kubernetes cluster itself. After apply, fetch credentials with gcloud container clusters get-credentials.
Deploys app resources into an existing cluster, such as one created by the GKE target.
Requires Secret Manager secrets to exist before apply.
Uses flyctl deploy via Terraform local-exec. Secrets are still managed manually in Fly.io.
Requires DIGITALOCEAN_TOKEN and repository access configured in App Platform.

General rules

  • Use immutable image refs whenever possible.
  • Point SITE_URL to the public canonical endpoint.
  • For Cloud Run, Kubernetes, and DigitalOcean, provide core secrets plus exactly one storage profile.
  • Keep scheduler behavior aligned with Scheduled Jobs.