Google Cloud Platform setup including Cloud Run services, API Gateway, IAM policies, and VPC configuration.

GCP Infrastructure

Environment: Development (all services = prod, separation only in database: dev/stage/prod)

Cloud Run Services

Service	Status	Port	Public Access
search-service	Ready	8080	allUsers + Gateway SA
payment-service	Ready	8080	allUsers + Gateway SA
delivery-api	Ready	8080	allUsers + Gateway SA
delivery-worker	Ready	8080	No (correct)
health-analytics	Ready	8080	allUsers + Gateway SA

Service URLs

search-service:        https://search-service-222426967009.us-east1.run.app
payment-service:       https://payment-service-222426967009.us-east1.run.app
delivery-api:          https://delivery-api-222426967009.us-east1.run.app
health-analytics:      https://health-analytics-service-222426967009.us-east1.run.app

API Gateway

All services are accessed through a single API Gateway, proxied via Cloudflare.

Gateway URL:     https://crop-gateway-2u6j9u5d.ue.gateway.dev
Cloudflare:      https://api.crop-dev.app (proxies to Gateway)
Current Config:  crop-api-v5

Target Architecture

┌─────────────────┐
│ crop-front-admin│ ─┐
└─────────────────┘  │
                     │      ┌─────────────────┐      ┌─────────────────┐
┌─────────────────┐  ├────► │   Cloudflare    │ ───► │   API Gateway   │
│   CROP-front    │ ─┤      │ api.crop-dev.app│      │   crop-gateway  │
└─────────────────┘  │      └─────────────────┘      └────────┬────────┘
                     │                                        │
┌─────────────────┐  │                           ┌────────────┼────────────┐
│  External APIs  │ ─┘                           │            │            │
└─────────────────┘                              ▼            ▼            ▼
                                          ┌──────────┐ ┌──────────┐ ┌──────────┐
                                          │ search   │ │ payment  │ │ delivery │
                                          └──────────┘ └──────────┘ └──────────┘
                                                 │            │
                                                 ▼            ▼
                                          ┌──────────┐ ┌──────────┐
                                          │ health-  │ │ identity │
                                          │ analytics│ └──────────┘
                                          └──────────┘

Benefits:

Single entry point — all via api.crop-dev.app
Cloudflare CDN — caching, DDoS protection
Centralized rate limiting — in API Gateway
Unified authentication — Clerk JWT via Gateway
Easier monitoring — all logs in one place

Database Environment

Important: We are in dev phase, all services point to the same infrastructure:

Cloud Run services: "prod" (only one set)
API Gateway: one (crop-gateway)
Cloudflare: one domain (api.crop-dev.app)

Separation only in MongoDB database:

crop_dev — development database
crop_stage — staging database
crop_prod — production database

Services point to crop_stage via MONGODB_DB_NAME env var.

IAM & Service Accounts

The API Gateway service account (api-gateway@noted-bliss-466410-q6.iam.gserviceaccount.com) has roles/run.invoker on all backend Cloud Run services.

API Gateway Expansion Plan — detailed audit and action plan for Gateway coverage
Deployment Overview — deployment process for Cloud Run services
Production Service URLs — live service endpoints

GCP Infrastructure

On this page