Environment Configuration

The infrastructure supports three environments: development, testing, and production. Each environment has its own GCP project and configuration.

Environment Overview

Property	Development	Testing	Production
GCP Project	`serko-northsky-dev`	`serko-northsky-test`	`northsky-473920`
Domain	`dev.serko-northsky.com`	`test.serko-northsky.com`	`serko-northsky.com`
Region	`us-central1`	`us-central1`	`us-central1`
Purpose	Active development	Integration testing	Production traffic

Configuration Files

Each environment has a dedicated Pulumi configuration file:

infra/pulumi/
├── Pulumi.yaml          # Project-level settings
├── Pulumi.dev.yaml      # Development config
├── Pulumi.test.yaml     # Testing config
└── Pulumi.prod.yaml     # Production config

Configuration Structure

Project Settings (`Pulumi.yaml`)

name: serko-northsky
runtime: nodejs
description: Serko Northsky Infrastructure
backend:
  url: gs://serko-northsky-pulumi-state

Environment Settings (`Pulumi.{env}.yaml`)

config:
  # GCP Settings
  gcp:project: project-id
  gcp:region: us-central1

  # Environment Identifier
  serko-northsky:environment: dev

  # Network Configuration
  serko-northsky:gkeSubnetCidr: "10.0.1.0/24"
  serko-northsky:privateSubnetCidr: "10.0.2.0/24"
  serko-northsky:podCidr: "10.1.0.0/16"
  serko-northsky:serviceCidr: "10.2.0.0/16"

  # GKE Configuration
  serko-northsky:gkeReleaseChannel: "REGULAR"

  # Database Configuration
  serko-northsky:databaseCpuCount: "2"
  serko-northsky:databaseReadReplica: "false"

  # Cache Configuration
  serko-northsky:cacheMemorySizeGb: "1"
  serko-northsky:cacheTier: "BASIC"
  serko-northsky:cacheTransitEncryption: "false"

  # Storage Configuration
  serko-northsky:cleanupDays: "7"
  serko-northsky:minVersionsToKeep: "10"
  serko-northsky:retentionDays: "30"

  # Domain Configuration
  serko-northsky:domainSuffix: "dev.serko-northsky.com"

  # Features
  serko-northsky:langfuseEnabled: "true"

Environment Differences

Compute Resources

Resource	Dev	Test	Prod
AlloyDB vCPUs	2	2	4
AlloyDB Read Replica	No	No	Yes
Redis Memory	1 GB	1 GB	2 GB
Redis Tier	BASIC	BASIC	STANDARD_HA

Security Settings

Setting	Dev	Test	Prod
GKE Release Channel	REGULAR	REGULAR	STABLE
Redis Transit Encryption	No	No	Yes
Deletion Protection	No	No	Yes

Retention Policies

Policy	Dev	Test	Prod
Image Cleanup Days	7	7	14
Min Image Versions	10	10	20
Backup Retention	30 days	30 days	90 days

Environment Selection

Use the env.sh script to select an environment:

cd infra

# Select development
source env.sh dev

# Select testing
source env.sh test

# Select production
source env.sh prod

What `env.sh` Does

Sets GCP Credentials: Points to the correct service account key
Configures Project: Sets GOOGLE_PROJECT environment variable
Logs into Pulumi: Authenticates with GCS state backend
Selects Stack: Switches to the correct Pulumi stack
Exports Variables: Makes configuration available to other scripts

Exported Environment Variables

After sourcing env.sh, these variables are available:

Variable	Description	Example
`INFRA_project_id`	GCP Project ID	`serko-northsky-dev`
`INFRA_environment`	Environment name	`dev`
`INFRA_region`	GCP region	`us-central1`
`INFRA_domain_suffix`	Domain for environment	`dev.serko-northsky.com`
`GOOGLE_APPLICATION_CREDENTIALS`	Service account key path	`keys/pulumi-dev-key.json`

Adding a New Environment

To create a new environment:

1. Create GCP Project

gcloud projects create serko-northsky-staging

2. Setup Service Account

./scripts/setup-account.sh staging

3. Create Configuration File

Create Pulumi.staging.yaml:

config:
  gcp:project: serko-northsky-staging
  gcp:region: us-central1
  serko-northsky:environment: staging
  # ... copy and adjust from existing environment

4. Initialize Stack

source env.sh staging
pulumi stack init staging

5. Deploy

pulumi up

Configuration Best Practices

Use Appropriate Resources

Development: Minimal resources for cost savings
Testing: Match production structure, smaller scale
Production: Full resources with high availability

Maintain Consistency

Keep network CIDR blocks consistent across environments
Use the same region for all environments (simplifies operations)
Maintain similar naming conventions

Protect Production

Enable deletion protection
Use stable release channels
Enable encryption in transit
Longer retention periods for backups and logs

Environment Overview​

Configuration Files​

Configuration Structure​

Project Settings (Pulumi.yaml)​

Environment Settings (Pulumi.{env}.yaml)​

Environment Differences​

Compute Resources​

Security Settings​

Retention Policies​

Environment Selection​

What env.sh Does​

Exported Environment Variables​

Adding a New Environment​

1. Create GCP Project​

2. Setup Service Account​

3. Create Configuration File​

4. Initialize Stack​

5. Deploy​

Configuration Best Practices​

Use Appropriate Resources​

Maintain Consistency​

Protect Production​