GCP Run (Free Friendly)
Introduction
Coherence, based on the open-source cnc
framework, offers you choices in the architecture your app will use to deploy to GCP. Each architecture has a different goal in terms of trade-offs between cost, compliance, scale, and complexity. Unlike a "black box" platform, usingcnc
you're able to customize these deployments further based on your needs, giving you total control.
The run-lite
flavor is designed to be as free-friendly as possible and still be a robust choice for hosting many applications.
If you're building a bootstraped side-project or hobby full-stack web app, this flavor is made for you! It will often be free, but usage of optional services such as Cloud SQL or Secret Manager might incur some usage costs. These are also often eligible for credits or free use tiers, depending on your GCP billing account.
Resources Used
Cloud Run is the most important services in this flavor. For each service in each environment (only backend
is supported), cnc
will:
- create a cloud run service (get the URL from the GCP Cloud Console)
- create a cloud run job version
- use a GCP SDK in your code to submit jobs with the
CNC_INSTANCE_NAME
as the job name, and you have an autoscaling async work queue - if defined, resources like
Cloud SQL
andCloud Storage
are also supported and will be configured including environment vars for service discovery
Networking
Cloud run operates in a GCP-controlled network with access limited to the URLs provided by the Cloud Run service.
Data Storage
Each environment in Coherence gets a database on a shared instance (for review apps). It gets its own memorystore instance. For production, a distinct instance will be used - you also have the option to provide the name of an existing Cloud SQL instance and we will configure your app to use that instance. Generally we recommend this as a best practice. See the coherence.yml docs for more details.
- Cloud SQL is used to provide database resources. Backups & high availability are not configured by default and the instance type is a
micro
- changing these in the UI or with the CLI will not be treated as drift. - Google Cloud Storage resources for object storage are also supported, the bucket information will be provided via environment varialbes to your application.
Security & Configuration
- IAM Role and Policy are used for providing permissions to the services. Distinct identies are provisioned with minimum permissions for different app components, such as building, deploying, and executing the application.
- Secrets Manager is used to store Environment Variables defined as secrets
- To avoid incurring any cloud costs, using plain variables in your
environments.yml
incnc
is alos possible
- To avoid incurring any cloud costs, using plain variables in your
- Workload Identity as well as Cloud Run and Cloud Build Service Account integrations are used to assume app service accounts as needed without ever touching a key file.
Default Labels
For convenience and auditability, cnc
adds default labels to all cloud resources where applicable:
default_labels = {
environment = "your-collection-name"
managed_by = "cnc"
application = "your-application-name"
}