Google Cloud Provider Overview

The officially supported Nitric Google Cloud Platform (GCP) Provider.

provider: nitric/gcp@latest

See the Overview page for general information on Nitric Pulumi providers.

The Google Cloud provider is supported by the Nitric SDKs and CLI by default. However, credentials for a Google Cloud account will be required when using the up command from the CLI.

Google Cloud Credentials

Authorize gcloud to access the Cloud Platform with Google user credentials:

gcloud auth application-default login

Google CLI Installation

Installing the Google Cloud CLI assists with credentials setup. You can install it using these summarized instructions, for more options see the Google docs.

Download & install the latest CLI release.

Create Billing Account

For Google Cloud to allow deployments, a billing account must be created and attached to the project you deploy to.

Importing Existing Resources

The Nitric team is working to expand the list of resources that can be imported. Currently, only the following resources are supported:

Only resources in the same GCP project as specified by gcp-project-id are currently supported.

Secrets

To import a secret, you will need to know the secret's unique name. You can find the name of a secret in the Google Cloud Secret Manager in the browser or by using the gcloud CLI.

First, add the secret to your project as you usually would if it wasn't imported. Then add the secret to the import section of your stack file. Here's an example of how to import a secret:

import { secret } from "@nitric/sdk



const mySecret = secret("credentials").allow("access");
import:

  secrets:

    credentials: existing-secret

Need to import another resource type or have another question? Chat with us on Discord or open an issue on GitHub.

Stack Configuration

# The provider to use and it's published version

# See releases:

# https://github.com/nitrictech/nitric/tags

provider: nitric/gcp@latest



# The target GCP region to deploy to

# See available regions:

# https://cloud.google.com/run/docs/locations

region: my-gcp-stack-region



# ID of the google cloud project to deploy into

gcp-project-id: my-gcp-project-id



# All configuration below is optional



# The timezone that deployed schedules will run with

# Format is in tz identifiers:

# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

schedule-timezone: Australia/Sydney



# Import existing GCP Resources

# Currently only secrets are supported

# Available since v1.4.0

import:

  # A map of nitric names to GCP Secret Manager names

  secrets: # Available since v1.4.0

    # NOTE: Imported secrets must exist in the same project as specified by gcp-project-id

    # In typescript this would import the provided secret reference for a secret declared as

    # const mySecret = secret('my-secret');

    my-secret: existing-secret



# Apply configuration to nitric APIs

apis:

  # Target an API by its nitric name

  my-api:

    # provide domains to be used for the api

    description: An Azure API



# Add CDN configuration, required for websites deployments

# Available since v1.20.0

cdn:

  # The name of the Google Cloud DNS Zone to use when configuring the website DNS

  zone-name: yourzone

  # A valid subdomain for the DNS Zone to use for the deployed websites endpoint

  domain-name: app.example.com

  # The following configuration values are optional

  # Specify the TTL the CDN sends in the Cache-Control or Expires headers to clients

  client-ttl: 3600

  # Specify the TTL for content cached by the CDN when the origin server does not provide any caching directives

  default-ttl: 604800

  # Skip CDN cache invalidation during deployments (defaults to false)

  skip-cache-invalidation: true



# Configure your deployed services

config:

  # How services without a type will be deployed

  default:

    # configure services to deploy to Google Cloud Run

    cloudrun:

      # set 512MB of RAM

      # See cloudrun configuration docs here:

      # https://cloud.google.com/run/docs/configuring/memory-limits

      memory: 512

      # set a timeout of 15 seconds

      # https://cloud.google.com/run/docs/configuring/request-timeout

      timeout: 15

      # The maximum number of instances to scale down to

      # https://cloud.google.com/run/docs/configuring/min-instances

      min-instances: 0

      # The maximum number of instances to scale up to

      # https://cloud.google.com/run/docs/configuring/max-instances

      max-instances: 10

      # Number of concurrent requests that each instance can handle

      # https://cloud.google.com/run/docs/configuring/concurrency

      concurrency: 80

  # Additional deployment types

  # You can target these types by setting a `type` in your project configuration

  big-service:

    cloudrun:

      memory: 1024

      timeout: 60

      min-instances: 2

      max-instances: 100

      concurrency: 1000

Websites

When deploying websites, Google Cloud CDN doesn't automatically provide DNS names for deployed sites, so a DNS name must be provided. To do this you'll need to register a new domain name (or use one you already own), then configure the domain (or a subdomain) so that it uses the Google Name Servers (using a Google Cloud DNS Zone).

The DNS Zone in Google will then allow Nitric to create DNS records that route traffic to the CDN. Here are the steps:

  • Purchase/Register a domain name with your domain registrar of choice.
  • Navigate to https://console.cloud.google.com/net-services/dns/zones in your GCP Project
  • Click CREATE ZONE
  • Leave Public selected
  • Enter a Zone name, and Description of your choice
  • Enter your domain name (or subdomain) in the DNS name field
  • Optionally enable DNSSEC
  • Click CREATE

Now that the DNS Zone is created, you need to configure your registrar (domain) or existing DNS (subdomain) to point at the new name servers created for the zone.

The configuration detail are available on the Zone details page by clicking REGISTRAR SETUP. This step is different depending on your chosen domain registrar. Below are some general steps depending on whether your configuring the primary domain or a subdomain.

Domain

Your registrar (e.g. Namecheap, GoDaddy, Cloudflare, etc.) will allow you to change the name servers for you domain, sometimes this is called 'Custom DNS'. Add each of the name servers (NS records) from the Registrar setup dialog in the relevant config page for your registrar.

Subdomain

If you're configuring a subdomain e.g. app.yourdomain.com, you can simply add the NS records to your existing DNS configuration for the chosen subdomain. Typically, the config will look something like this:

Substitute your values for Host and Nameserver
Record TypeHostNameserver
NS Recordappns-cloud-a1.googledomains.com
NS Recordappns-cloud-a2.googledomains.com
NS Recordappns-cloud-a3.googledomains.com
NS Recordappns-cloud-a4.googledomains.com

If you enabled DNSSEC for the zone you will also need to create the relevant DS record

Stack file configuration

Now that you have your DNS Zone created and Nameservers configured you can add the relevant config to your GCP stack file.

# Add to your stack file

cdn:

  # The name of the DNS Zone you configured in Google Cloud DNS

  zone-name: yourzone

  # The domain name or subdomain you want to use for your website (any valid subdomain for the zone is permitted)

  domain-name: app.example.com

Missing something? Let us know by raising an issue in GitHub or by dropping us a line on Discord

Edit this page on GitHub
Last updated on Apr 3, 2025