GCP
Two deployment paths for GCP: Compute Engine (one-command Docker Compose, ~$49/mo for e2-standard-2) and Cloud Run + Cloud SQL (serverless, scales to zero, ~$37–42/mo).
Compute Engine (Docker Compose)
Spins up an e2-standard-2 instance (2 vCPU, 8 GB RAM), installs Docker, and runs Postgres + Typesense + the gateway in Docker Compose.
Prerequisites
gcloudCLI installed and authenticated- A GCP project with billing enabled
- Compute Engine API enabled
Deploy
bash deploy/gcp/compute_engine/deploy.shThe script prompts for your GCP project ID, then prompts for:
JWT_SECRETTYPESENSE_API_KEYINTERNAL_API_KEYPG_PASSWORDLLM_API_KEY
Then it creates a firewall rule (astra-server tag, TCP 22/80/8080), launches an e2-standard-2 in us-central1-a, SSHes in, writes a .env file, and starts Docker Compose.
Default config
| Setting | Value |
|---|---|
| Zone | us-central1-a |
| Machine type | e2-standard-2 (2 vCPU, 8 GB RAM) |
| Cost | ~$49/mo |
| Gateway port | 8080 |
| Firewall tag | astra-server |
Cloud Run + Cloud SQL (Terraform)
Serverless deployment. Cloud Run hosts the gateway (scales 0–3 instances), Cloud SQL runs PostgreSQL 17 with pgvector on a private IP, and a GCE VM runs Typesense.
Architecture
- Cloud Run — gateway, auto-scales 0–3, private VPC egress
- Cloud SQL PostgreSQL 17 — private IP, pgvector extension
- GCE VM (e2-small) — Typesense with persistent disk
- Artifact Registry — Docker image storage
- Secret Manager — all credentials injected at runtime
Prerequisites
- Terraform 1.5+
gcloudCLI authenticated- APIs enabled: Cloud Run, Cloud SQL, Compute Engine, Artifact Registry, Secret Manager
- Docker image pushed to Artifact Registry
Deploy
cd deploy/gcp/terraform
cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars
terraform init
terraform applyterraform.tfvars
project_id = "your-gcp-project-id"
gateway_image = "us-central1-docker.pkg.dev/your-project/astra-images/gateway:latest"
db_password = "your-secure-password"
jwt_secret = "your-jwt-secret"
typesense_api_key = "your-typesense-key"
internal_api_key = "your-internal-key"
llm_api_key = "your-llm-key"Enable pgvector
Run after the first terraform apply:
# Get connection name from Terraform output
CONNECTION=$(terraform output -raw cloud_sql_connection_name)
# Start Cloud SQL Proxy
cloud-sql-proxy $CONNECTION &
# Enable pgvector
psql -h 127.0.0.1 -U postgres -d astra \
-c "CREATE EXTENSION IF NOT EXISTS vector;"Cost estimate
| Resource | ~Cost/mo |
|---|---|
| Cloud Run (idle/light traffic) | $0–5 |
Cloud SQL (db-f1-micro) | $7 |
GCE VM — Typesense (e2-small) | $12 |
| Persistent disk (20 GB) | $3 |
| VPC Connector (2 instances) | $15 |
| Total | ~$37–42 |
Cloud Run scales to zero when idle, making this the most cost-efficient option for low-traffic or staging deployments. For consistent high traffic, the Compute Engine path avoids cold start latency.
Terraform file reference
| File | Purpose |
|---|---|
main.tf | Provider config and project settings |
artifact_registry.tf | Docker image repository |
cloud_run.tf | Cloud Run service definition |
cloud_sql.tf | PostgreSQL 17 Cloud SQL instance |
typesense_vm.tf | GCE VM for Typesense |
iam.tf | IAM service accounts and bindings |
secrets.tf | Secret Manager resources |
variables.tf | All input variables |
outputs.tf | Exported values (URLs, connection names) |