Overview

This guide walks you through deploying CaseBender on Google Cloud Run using our pre-built Docker images.

Prerequisites

  1. Google Cloud Account
  2. Google Cloud CLI installed
  3. Docker installed

Step 1: Initial Setup

Install Google Cloud CLI

# Using Homebrew
brew install google-cloud-sdk

# Login to Google Cloud

gcloud auth login

# Configure Docker to use Google Cloud

gcloud auth configure-docker

Initialize Project

# Set your project ID
gcloud config set project YOUR_PROJECT_ID

# Enable required APIs
gcloud services enable \
  cloudbuild.googleapis.com \
  run.googleapis.com \
  secretmanager.googleapis.com \
  cloudresourcemanager.googleapis.com \
  artifactregistry.googleapis.com

Step 2: Set Up Cloud Infrastructure

Create Cloud Storage Bucket

# Create storage bucket
gsutil mb -l us-central1 gs://casebender-storage

# Create service account for storage
gcloud iam service-accounts create casebender-storage \
  --display-name "CaseBender Storage Service Account"

# Get the service account email
STORAGE_SA_EMAIL=$(gcloud iam service-accounts list \
  --filter="displayName:CaseBender Storage Service Account" \
  --format="value(email)")

# Grant permissions
gsutil iam ch \
  serviceAccount:$STORAGE_SA_EMAIL:objectViewer,objectCreator \
  gs://casebender-storage

# Create and download service account key
gcloud iam service-accounts keys create storage-key.json \
  --iam-account=$STORAGE_SA_EMAIL

# Create secret for storage credentials
gcloud secrets create casebender-storage-key \
  --replication-policy="automatic"

# Import the service account key as a secret
gcloud secrets versions add casebender-storage-key \
  --data-file=storage-key.json

Set Up Cloud SQL (PostgreSQL)

# Create PostgreSQL instance
gcloud sql instances create casebender-db \
  --database-version=POSTGRES_14 \
  --cpu=2 \
  --memory=4GB \
  --region=us-central1 \
  --root-password="YOUR_SECURE_PASSWORD"

# Create database
gcloud sql databases create casebender \
  --instance=casebender-db

# Create user
gcloud sql users create casebender \
  --instance=casebender-db \
  --password="YOUR_SECURE_PASSWORD"

Set Up Memorystore (Redis)

# Create Redis instance
gcloud redis instances create casebender-redis \
  --size=2 \
  --region=us-central1 \
  --redis-version=redis_6_x

Configure Secret Manager

# Create and store environment variables
cat << EOF | gcloud secrets create casebender-env --data-file=-
AUTH_SECRET=your-auth-secret
AUTH_SALT=your-auth-salt
POSTGRES_PRISMA_URL="postgresql://casebender:YOUR_SECURE_PASSWORD@/casebender?host=/cloudsql/YOUR_PROJECT_ID:us-central1:casebender-db"
REDIS_URL="redis://REDIS_IP_ADDRESS:6379"
GOOGLE_STORAGE_BUCKET=casebender-storage
EOF

Step 3: Pull and Push Docker Images

# Create Artifact Registry repository
gcloud artifacts repositories create casebender \
  --repository-format=docker \
  --location=us-central1

# Configure Docker for Artifact Registry
gcloud auth configure-docker us-central1-docker.pkg.dev

# Pull CaseBender images
docker pull casebender/casebender:latest
docker pull casebender/workflow-processor:latest
docker pull casebender/misp-processor:latest

# Tag images for Google Artifact Registry
docker tag casebender/casebender:latest us-central1-docker.pkg.dev/$PROJECT_ID/casebender/app:latest
docker tag casebender/workflow-processor:latest us-central1-docker.pkg.dev/$PROJECT_ID/casebender/workflow-processor:latest
docker tag casebender/misp-processor:latest us-central1-docker.pkg.dev/$PROJECT_ID/casebender/misp-processor:latest

# Push images
docker push us-central1-docker.pkg.dev/$PROJECT_ID/casebender/app:latest
docker push us-central1-docker.pkg.dev/$PROJECT_ID/casebender/workflow-processor:latest
docker push us-central1-docker.pkg.dev/$PROJECT_ID/casebender/misp-processor:latest

Step 4: Deploy Services

Deploy Main Application

# Deploy to Cloud Run
gcloud run deploy casebender \
  --image us-central1-docker.pkg.dev/$PROJECT_ID/casebender/app:latest \
  --platform managed \
  --region us-central1 \
  --allow-unauthenticated \
  --set-env-vars GOOGLE_STORAGE_BUCKET=casebender-storage \
  --set-secrets "/secrets/storage-key=casebender-storage-key:latest" \
  --service-account=$STORAGE_SA_EMAIL \
  --add-cloudsql-instances $PROJECT_ID:us-central1:casebender-db \
  --set-secrets "/app/.env=casebender-env:latest"

Deploy Workflow Processor

# Deploy workflow processor
gcloud run deploy workflow-processor \
  --image us-central1-docker.pkg.dev/$PROJECT_ID/casebender/workflow-processor:latest \
  --platform managed \
  --region us-central1 \
  --no-allow-unauthenticated \
  --service-account=$STORAGE_SA_EMAIL \
  --add-cloudsql-instances $PROJECT_ID:us-central1:casebender-db \
  --set-secrets "/app/.env=casebender-env:latest"

Deploy MISP Processor

# Deploy MISP processor
gcloud run deploy misp-processor \
  --image us-central1-docker.pkg.dev/$PROJECT_ID/casebender/misp-processor:latest \
  --platform managed \
  --region us-central1 \
  --no-allow-unauthenticated \
  --service-account=$STORAGE_SA_EMAIL \
  --add-cloudsql-instances $PROJECT_ID:us-central1:casebender-db \
  --set-secrets "/app/.env=casebender-env:latest"

Step 5: Configure Domain and SSL

Map Custom Domain

# Add domain mapping
gcloud run domain-mappings create \
  --service casebender \
  --domain your-domain.com \
  --region us-central1

Follow the DNS verification steps in the Google Cloud Console to complete domain mapping.

Monitoring and Maintenance

Set Up Monitoring

  1. Navigate to Cloud Monitoring in Google Cloud Console
  2. Create an uptime check for your service
  3. Set up alerts for:
    • Error rates
    • Latency
    • Instance count
    • Memory usage

View Logs

# View service logs
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=casebender" --limit 50

# Stream logs
gcloud logging tail "resource.type=cloud_run_revision AND resource.labels.service_name=casebender"

Update Application

To deploy updates:

# Build and deploy new version
gcloud builds submit --config cloudbuild.yaml

# Roll back if needed
gcloud run services rollback casebender \
  --to-revision=REVISION_ID \
  --region=us-central1

Cost Optimization

  1. Autoscaling Configuration

    gcloud run services update casebender \
  --min-instances=1 \
  --max-instances=10 \
  --region=us-central1

  2. Resource Allocation

    gcloud run services update casebender \
  --memory=1Gi \
  --cpu=1 \
  --region=us-central1

Troubleshooting

Common Issues

  1. Connection Issues

    • Verify Cloud SQL connection
    • Check Redis connectivity
    • Validate environment variables

  2. Performance Problems

    • Review instance metrics
    • Check resource allocation
    • Analyze request patterns

  3. Deployment Failures

    • Check build logs
    • Verify service account permissions
    • Review deployment configuration

Next Steps

  • Set up CI/CD pipelines
  • Configure backup strategies
  • Implement monitoring and alerting
  • Review security best practices