Infrastructure Templates
GCP Resources
Terraform modules for GCP — GKE, Cloud SQL, Memorystore, Firestore, and more.
GCP Resources
The GCP template set (infra/templates/vine/gcp/) provides cloud-native equivalents for all supported resource types.
Resources
| File | Resources Created |
|---|---|
main.tf | GKE cluster with Workload Identity, node pool |
vpn.tf | VPC network, subnets, Cloud NAT, Cloud Router |
cloudsql.tf | Cloud SQL instances (PostgreSQL/MySQL), HA configuration |
memorystore.tf | Memorystore Redis instance |
firestore.tf | Firestore database, indexes |
artifact-registry.tf | Artifact Registry repository |
cloud-storage.tf | Cloud Storage buckets |
cloud-dns.tf | Cloud DNS managed zones, record sets |
pubsub.tf | Pub/Sub topics and subscriptions |
secret-manager.tf | Secret Manager secrets |
cloud-armor.tf | Cloud Armor security policies (WAF) |
Modules
| Module | Purpose |
|---|---|
modules/gke/ | GKE cluster with Workload Identity, Autopilot option |
modules/cloud-sql/ | Cloud SQL instance with HA, backups |
modules/memorystore/ | Memorystore Redis |
modules/firestore/ | Firestore database |
modules/artifact-registry/ | Container image registry |
modules/cloud-storage/ | GCS buckets |
modules/cloud-armor/ | WAF policies |
modules/cloud-dns/ | DNS zones and records |
modules/pubsub/ | Pub/Sub topics |
modules/secret-manager/ | Secrets |
modules/vpc-network/ | VPC with subnets and Cloud NAT |
Key Features
Workload Identity — GKE pods authenticate to GCP services via their Kubernetes service account, mapped to a GCP service account. No key files needed.
GKE Autopilot — Fully managed node provisioning. Google handles node scaling, patching, and resource optimization. Enabled via the enable_autopilot provider config toggle.
Cloud NAT — Managed NAT service for outbound internet access from private subnets. Uses Cloud Router for BGP routing.