Skip to main content

Overview

The GCP base installer creates a new Google Cloud project for asymptote-integrations and provisions the shared infrastructure integrations run on. GitHub-specific infrastructure is installed in a second step from the GitHub integration guide.

What permissions the installer needs

The identity running ./providers/gcp/install-gcp.sh should have permissions equivalent to the following:
What the installer needs to doGCP IAM permissions
Create projects under the organization or folder you chooseresourcemanager.projects.create
Attach the new project to the billing account you specifybilling.resourceAssociations.create
Enable required Google Cloud APIs in that new projectserviceusage.services.enable
Create the Terraform state bucket and networking resourcesstorage.buckets.create, compute.networks.create, compute.subnetworks.create, compute.globalAddresses.create, servicenetworking.services.addPeering
Create the private PostgreSQL instance and store generated credentials in Secret Managercloudsql.instances.create, cloudsql.databases.create, cloudsql.users.create, secretmanager.secrets.create, secretmanager.versions.add
Before you run the installer, authenticate with Application Default Credentials: 
gcloud auth application-default login
The GitHub integration step needs additional tools and permissions for Artifact Registry, Cloud Build, Cloud Run, IAM, Secret Manager, and Serverless VPC Access. See the GitHub integration guide for that part of the setup.

Fill the base config file

The installer reads providers/gcp/config/install-gcp.yaml by default. Fill in the required values, then leave optional fields blank unless you need custom names, CIDR ranges, or database sizing. This is the full template with comments explaining each field: 
# Fill in this file before running ./providers/gcp/install-gcp.sh.
#
# Keep string values quoted to avoid YAML booleans such as "on", "off", "yes",
# and "no" being coerced unexpectedly.
gcp:
  # Required. Set to "organization" or "folder" depending on where the new project should be created.
  parent_type: "organization"
  # Required. Numeric organization ID or folder ID that will own the new project.
  parent_id: "123456789012"
  # Required. Billing account ID to attach to the new project.
  billing_account_id: "000000-000000-000000"
  # Required. Human-readable name for the new GCP project.
  project_name: "Asymptote Integrations"
  # Required. Unique GCP project ID for the new project.
  project_id: "your-integrations-project-id"
  # Required. Region where the self-hosted infrastructure should run.
  region: "us-central1"
  # Optional. Defaults to "<project-id>-tfstate".
  state_bucket_name: ""
  # Optional. Defaults to "integrations-vpc".
  vpc_name: ""
  # Optional. Defaults to "integrations-subnet".
  subnet_name: ""
  # Optional. Defaults to "10.42.0.0/24".
  subnet_cidr: ""
  # Optional. Defaults to "integrations-psa-range".
  private_service_access_range_name: ""
  # Optional. Defaults to "10.43.0.0/16".
  private_service_access_cidr: ""
  # Optional. Defaults to "integrations-postgres".
  sql_instance_name: ""
  # Optional. Defaults to "integrations".
  database_name: ""
  # Optional. Defaults to "integrations_app".
  db_app_user: ""
  # Optional. Defaults to "db-custom-2-7680".
  sql_tier: ""
  # Optional. Defaults to 50 GB.
  sql_disk_size_gb:

Run the base installer

1

Install prerequisites

Install Terraform >= 1.9, gcloud, and jq.
2

Update `providers/gcp/config/install-gcp.yaml`

Fill in your GCP values before you start the installation.
3

Run the script

From the repository root, run:
./providers/gcp/install-gcp.sh
4

Approve the planned changes

The installer will show the planned infrastructure changes before applying them. Review and approve those changes to continue.
If you want to use a different config file or skip confirmation prompts: 
./providers/gcp/install-gcp.sh --config /path/to/install-gcp.yaml
./providers/gcp/install-gcp.sh --auto-approve

What the base installer creates

At a high level, the GCP base installer:
  • Creates a new GCP project under the parent you selected.
  • Creates a bucket for Terraform state.
  • Provisions a dedicated VPC and private PostgreSQL instance.
  • Reserves the Private Service Access range used for private Cloud SQL networking.
  • Creates the integrations database and an application user for it.
  • Stores generated database credentials in Secret Manager.
  • Writes generated/gcp/<project-id>/install-state.json for later integration installers.
The initial GitHub call graph bootstrap is not part of this step. That happens when you run the GitHub integration installer.

What to expect at the end

When the script completes, it prints the key details you will need to keep:
  • Project ID
  • Terraform state bucket name
  • VPC and subnet names
  • Cloud SQL connection details
  • Database name and application username
  • Secret Manager secret name
  • Install state path
The install state file is the handoff contract for later integration installers. After the shared GCP setup completes, continue with the GitHub integration guide.