Skip to main content

Environment Configuration

The infrastructure supports three environments: development, testing, and production. Each environment has its own GCP project and configuration.

Environment Overview

PropertyDevelopmentTestingProduction
GCP Projectserko-northsky-devserko-northsky-testnorthsky-473920
Domaindev.serko-northsky.comtest.serko-northsky.comserko-northsky.com
Regionus-central1us-central1us-central1
PurposeActive developmentIntegration testingProduction traffic

Configuration Files

Each environment has a dedicated Pulumi configuration file:

infra/pulumi/
├── Pulumi.yaml          # Project-level settings
├── Pulumi.dev.yaml      # Development config
├── Pulumi.test.yaml     # Testing config
└── Pulumi.prod.yaml     # Production config

Configuration Structure

Project Settings (Pulumi.yaml)

name: serko-northsky
runtime: nodejs
description: Serko Northsky Infrastructure
backend:
  url: gs://serko-northsky-pulumi-state

Environment Settings (Pulumi.{env}.yaml)

config:
  # GCP Settings
  gcp:project: project-id
  gcp:region: us-central1

  # Environment Identifier
  serko-northsky:environment: dev

  # Network Configuration
  serko-northsky:gkeSubnetCidr: "10.0.1.0/24"
  serko-northsky:privateSubnetCidr: "10.0.2.0/24"
  serko-northsky:podCidr: "10.1.0.0/16"
  serko-northsky:serviceCidr: "10.2.0.0/16"

  # GKE Configuration
  serko-northsky:gkeReleaseChannel: "REGULAR"

  # Database Configuration (Cloud SQL)
  serko-northsky:mainDbTier: "db-custom-2-8192"
  serko-northsky:mainDbDiskSizeGb: "20"
  serko-northsky:mainDbEnableHA: "false"
  serko-northsky:mainDbEnableReadReplica: "false"
  serko-northsky:langfuseDbEnabled: "true"

  # Cache Configuration
  serko-northsky:cacheMemorySizeGb: "1"
  serko-northsky:cacheTier: "BASIC"
  serko-northsky:cacheTransitEncryption: "false"

  # Storage Configuration
  serko-northsky:cleanupDays: "7"
  serko-northsky:minVersionsToKeep: "10"
  serko-northsky:retentionDays: "30"

  # Domain Configuration
  serko-northsky:domainSuffix: "dev.serko-northsky.com"

  # Features
  serko-northsky:langfuseEnabled: "true"

Environment Differences

Compute Resources

ResourceDevTestProd
Cloud SQL Tierdb-custom-2-8192db-custom-2-8192db-custom-4-16384
Cloud SQL HANoNoYes
Cloud SQL Read ReplicaNoNoYes
Redis Memory1 GB1 GB2 GB
Redis TierBASICBASICSTANDARD_HA

Security Settings

SettingDevTestProd
GKE Release ChannelREGULARREGULARSTABLE
Redis Transit EncryptionNoNoYes
Deletion ProtectionNoNoYes

Retention Policies

PolicyDevTestProd
Image Cleanup Days7714
Min Image Versions101020
Backup Retention30 days30 days90 days

Environment Selection

Use the env.sh script to select an environment:

cd infra

# Select development
source env.sh dev

# Select testing
source env.sh test

# Select production
source env.sh prod

What env.sh Does

  1. Sets GCP Credentials: Points to the correct service account key
  2. Configures Project: Sets GOOGLE_PROJECT environment variable
  3. Logs into Pulumi: Authenticates with GCS state backend
  4. Selects Stack: Switches to the correct Pulumi stack
  5. Exports Variables: Makes configuration available to other scripts

Exported Environment Variables

After sourcing env.sh, these variables are available:

VariableDescriptionExample
INFRA_project_idGCP Project IDserko-northsky-dev
INFRA_environmentEnvironment namedev
INFRA_regionGCP regionus-central1
INFRA_domain_suffixDomain for environmentdev.serko-northsky.com
GOOGLE_APPLICATION_CREDENTIALSService account key pathkeys/pulumi-dev-key.json

Configuration Best Practices

Use Appropriate Resources

  • Development: Minimal resources for cost savings
  • Testing: Match production structure, smaller scale
  • Production: Full resources with high availability

Maintain Consistency

  • Keep network CIDR blocks consistent across environments
  • Use the same region for all environments (simplifies operations)
  • Maintain similar naming conventions

Protect Production

  • Enable deletion protection
  • Use stable release channels
  • Enable encryption in transit
  • Longer retention periods for backups and logs