Deployment
Infrastructure, configuration, and deployment reference for GoTamil API.
Cloud Run
| Property | Value |
|---|---|
| Ingress | Internal load balancer only |
| Max instances | 20 |
| Request timeout | 30 seconds |
| Port | 8080 |
| Container | node:22-bookworm-slim (multi-stage build) |
Environments
| Environment | Service Name | Cloud Tasks Queue | Terraform State |
|---|---|---|---|
| Dev | gotamil-api-dev | gotamil-api-operations-dev | GCS |
| Staging | gotamil-api-staging | gotamil-api-operations-staging | Pending |
| Prod | gotamil-api-prod | gotamil-api-operations-prod | Pending |
Service Accounts
Runtime (gotamil-api-runtime)
- Secret Manager accessor
- Cloud Logging writer
- Cloud Monitoring metrics writer
- Cloud Tasks enqueuer + viewer
- Self-impersonation (OIDC token generation)
Deploy (gotamil-api-deploy)
- Cloud Run admin
- Runtime service account impersonation
Cloud Tasks
| Property | Value |
|---|---|
| Queue | gotamil-api-operations-{env} |
| Max retries | 5 |
| Backoff | 2s min, 30s max |
| Logging | 100% sampling |
Configuration Reference
Core
| Variable | Default | Description |
|---|---|---|
NODE_ENV | development | Runtime environment |
PORT | 8080 | Server port |
LOG_LEVEL | info | Logging level |
Storage
| Variable | Default | Description |
|---|---|---|
STORE_BACKEND | memory | memory or prisma |
DATABASE_URL | — | PostgreSQL URL (required for prisma) |
Provider
| Variable | Default | Description |
|---|---|---|
PROVIDER_BACKEND | mock | mock or gemini |
PROVIDER_SECRET_RESOLUTION_MODE | env | env or db |
GEMINI_API_KEY_SECRET | — | Secret Manager ref |
GEMINI_MODEL | gemini-2.5-flash | Default model |
GEMINI_REQUEST_TIMEOUT_MS | 30000 | Request timeout |
Async Processing
| Variable | Default | Description |
|---|---|---|
ASYNC_BACKEND | memory | memory or cloud-tasks |
SYNC_TIMEOUT_MS | 8000 | Sync processing timeout |
SYNC_TEXT_THRESHOLD | 1200 | Char threshold for async routing |
CLOUD_TASKS_PROJECT_ID | — | GCP project ID |
CLOUD_TASKS_LOCATION | asia-southeast1 | Queue region |
CLOUD_TASKS_QUEUE | gotamil-api-operations | Queue name |
Authentication
| Variable | Default | Description |
|---|---|---|
OIDC_ISSUER | https://nimir.internal | Token issuer |
OIDC_AUDIENCE | gotamil-api | Token audience |
OIDC_TENANT_CLAIM | tenant_id | JWT claim for tenant ID |
OIDC_JWKS_JSON | — | JWKS set (required in production) |
INTERNAL_TASK_AUTH_MODE | token | token or oidc |
Invites & Email
| Variable | Default | Description |
|---|---|---|
CONSOLE_BASE_URL | http://localhost:3000 | Admin console URL |
INVITE_TOKEN_SECRET | — | HMAC signing secret |
INVITE_DEFAULT_TTL_HOURS | 72 | Invite expiry |
INVITE_EMAIL_DELIVERY_MODE | none | none or zepto |
Health Checks
| Endpoint | Purpose | Auth |
|---|---|---|
GET /v1/health | Liveness — lightweight ping | None |
GET /v1/ready | Readiness — checks all 6 dependencies | None |
Readiness checks: repository, provider, async_backend, auth, identity_auth, internal_task_auth.
Last updated on