Deploy on Google Cloud
Run Elixium on your own GCP infrastructure. Start with a single Compute Engine instance via Terraform in minutes, then scale to managed services as your team grows.
Prerequisites
- GCP project with billing enabled
- Terraform 1.5+ installed (
brew install terraformor download) - Elixium enterprise license key (from your Command Center → Deployment tab)
Getting Started with Terraform
The fastest path to a running Elixium instance. Download a pre-configured Terraform bundle from your Command Center — no gcloud CLI required.
# 1. Download your deployment bundle from the Command Center
Go to Command Center → Deployment → Docker Compose → Download Bundle
# 2. Extract and navigate to the GCP Terraform directory
$ unzip elixium-docker-compose-bundle-*.zip
$ cd terraform/deployments/gcp/docker-compose
# 3. Add your GCP project ID and GHCR credentials to terraform.tfvars
$ nano terraform.tfvars
project_id = "your-gcp-project"
ghcr_user = "your-github-user"
ghcr_token = "your-ghcr-pat"
# 4. Deploy
$ terraform init
$ terraform plan
$ terraform apply
# 5. Validate (~5 minutes after apply)
$ ./scripts/validate-deployment.sh $(terraform output -raw public_ip)
What Terraform Creates
| Resource | Details |
|---|---|
| VPC Network + Subnet | Isolated network with Cloud Router/NAT |
| Firewall Rules | SSH + HTTPS only (configurable deployer CIDR) |
| Compute Engine Instance | e2-standard-4 (4 vCPU, 16GB) with Docker Compose via startup script |
| External IP | Static regional IP |
| TLS | Auto-generated via nginx on port 443 |
Supports FIPS 140-2 for FedRAMP environments. Passwords are auto-generated if not provided. Air-gapped mode disables egress. GCE encrypts disks by default with Google-managed keys.
Estimated Monthly Cost
| Service | Configuration | Est. Cost |
|---|---|---|
| Compute Engine | e2-standard-4 (4 vCPU, 16GB RAM) | ~$97 |
| Boot Disk | 100GB pd-balanced | ~$10 |
| Static IP | Regional external IP | ~$3 |
| Total | ~$110/mo | |
Troubleshooting
Compute Engine API has not been used in this project
New GCP projects don't have the Compute Engine API enabled by default. Terraform will fail with a 403 error on the first apply.
Fix: Run gcloud services enable compute.googleapis.com --project=your-project then wait a minute and re-run terraform apply.
Application Default Credentials expired
If terraform plan fails with "invalid_grant" or "reauth related error", your local credentials have expired.
Fix: Run gcloud auth application-default login to refresh your credentials.
Startup script fails on reboot
GCE startup scripts run on every boot. If Docker was already installed from the first boot, the GPG key import may fail with "cannot open /dev/tty" in the non-interactive context.
Fix: SSH into the instance and run cd /opt/elixium && sudo docker compose up -d to start services manually. Docker and the config files are already in place.
Production Architecture: Managed Services
For larger teams or high-availability requirements, deploy Elixium using managed GCP services. This architecture uses Cloud Run, Cloud SQL, and Cloud Storage — replacing the single-instance Docker Compose setup with auto-scaling and managed backups.
Requires gcloud CLI
The managed services setup below uses gcloud CLI commands. Install it from the Google Cloud SDK docs. If you're just getting started, use the Terraform approach above instead.
Architecture Overview
| Component | GCP Service | Notes |
|---|---|---|
| Frontend + API | Cloud Run | Fully managed, scales to zero |
| Database | Cloud SQL (PostgreSQL 16) | Managed backups, HA optional |
| File Storage | Cloud Storage (GCS) | S3-compatible interop API |
| Authentication | Cloud Run (Keycloak) | Backed by Cloud SQL |
| AI Inference | Gemini (default), OpenAI, Azure OpenAI, or Ollama | Cloud AI or self-hosted Ollama (external GPU) |
| Container Registry | Artifact Registry | Mirror images from GHCR |
Step 1: Mirror Container Images
# Create Artifact Registry repository gcloud artifacts repositories create elixium \ --repository-format=docker --location=<region> # Pull from GHCR and push to Artifact Registry docker login ghcr.io docker pull ghcr.io/indirecttek/elixium-app:latest docker pull ghcr.io/indirecttek/elixium-api:latest gcloud auth configure-docker <region>-docker.pkg.dev docker tag ghcr.io/indirecttek/elixium-app:latest \ <region>-docker.pkg.dev/<project>/elixium/elixium-app:latest docker tag ghcr.io/indirecttek/elixium-api:latest \ <region>-docker.pkg.dev/<project>/elixium/elixium-api:latest docker push <region>-docker.pkg.dev/<project>/elixium/elixium-app:latest docker push <region>-docker.pkg.dev/<project>/elixium/elixium-api:latest
Step 2: Provision Database & Storage
# Cloud SQL PostgreSQL gcloud sql instances create elixium-db \ --database-version=POSTGRES_16 --tier=db-custom-2-4096 \ --region=<region> --root-password=<your-secure-password> gcloud sql databases create elixium --instance=elixium-db gcloud sql users create elixium --instance=elixium-db \ --password=<your-secure-password> # Cloud Storage bucket with HMAC key for S3-compatible access gsutil mb -l <region> gs://elixium-uploads-<your-org> gsutil hmac create <service-account-email>
Step 3: Deploy Cloud Run Services
# Elixium API gcloud run deploy elixium-api \ --image=<region>-docker.pkg.dev/<project>/elixium/elixium-api:latest \ --port=3001 --memory=2Gi --cpu=1 --min-instances=1 \ --set-env-vars="ELIXIUM_MODE=local,NODE_ENV=production,AI_PROVIDER=gemini" \ --set-env-vars="KEYCLOAK_URL=<keycloak-cloud-run-url>,MINIO_ENDPOINT=storage.googleapis.com" \ --set-secrets="DATABASE_URL=elixium-db-url:latest,ELIXIUM_LICENSE_KEY=elixium-license:latest" \ --add-cloudsql-instances=<project>:<region>:elixium-db \ --region=<region> --allow-unauthenticated # Elixium App (Frontend) gcloud run deploy elixium-app \ --image=<region>-docker.pkg.dev/<project>/elixium/elixium-app:latest \ --port=3000 --memory=1Gi --cpu=1 --min-instances=1 \ --set-env-vars="ELIXIUM_MODE=local,NODE_ENV=production" \ --region=<region> --allow-unauthenticated
Step 4: Custom Domain & DNS
gcloud run domain-mappings create \ --service=elixium-app --domain=elixium.yourcompany.com --region=<region> # Add the CNAME record shown in the output to your DNS provider
Estimated Monthly Cost (Managed)
| Service | Configuration | Est. Cost |
|---|---|---|
| Cloud Run (3 services) | App + API + Keycloak, min 1 instance | ~$70 |
| Cloud SQL | db-custom-2-4096, 20GB SSD | ~$50 |
| Cloud Storage | Standard, minimal usage | <$1 |
| AI Provider (optional GPU) | Gemini API or Ollama on GCE with T4 | $0–$300 |
| Total (without GPU) | ~$150/mo | |
Need help with your GCP deployment? Contact [email protected] or back to self-hosted docs.