tofu setup

.tofu/platforms/gke/prod/main.tf

@@ -0,0 +1,31 @@
+module "cluster" {
+  source = "../modules/cluster"
+
+  project_id = var.project_id
+  region     = var.region
+  prefix     = "devhub"
+
+  # GKE — general-purpose nodes for production
+  node_machine_type   = "e2-standard-4"
+  node_count          = 3
+  deletion_protection = true
+
+  # Cloud SQL — general-purpose HA tier for production
+  pg_tier               = "db-n1-standard-2"
+  pg_disk_size_gb       = 100
+  pg_availability_type  = "REGIONAL" # HA with hot standby
+  pg_backup_enabled     = true
+  pg_deletion_protection = true
+
+  # Memorystore Redis — STANDARD_HA for production
+  redis_tier           = "STANDARD_HA"
+  redis_memory_size_gb = 4
+
+  # GCS — STANDARD storage (geo-redundant via multi-region location if needed)
+  gcs_storage_class = "STANDARD"
+
+  labels = {
+    environment = "prod"
+    managed-by  = "tofu"
+  }
+}

.tofu/platforms/gke/prod/outputs.tf

@@ -0,0 +1,14 @@
+output "cluster_name"            { value = module.cluster.cluster_name }
+output "project_id"              { value = module.cluster.project_id }
+output "region"                  { value = module.cluster.region }
+output "pg_host"                 { value = module.cluster.pg_host }
+output "pg_port"                 { value = module.cluster.pg_port }
+output "pg_admin_login"          { value = module.cluster.pg_admin_login }
+output "pg_admin_password"       { value = module.cluster.pg_admin_password;       sensitive = true }
+output "pg_keycloak_password"    { value = module.cluster.pg_keycloak_password;    sensitive = true }
+output "pg_gitlab_password"      { value = module.cluster.pg_gitlab_password;      sensitive = true }
+output "redis_host"              { value = module.cluster.redis_host }
+output "redis_port"              { value = module.cluster.redis_port }
+output "redis_auth_string"       { value = module.cluster.redis_auth_string;       sensitive = true }
+output "gitlab_gcs_bucket_prefix" { value = module.cluster.gitlab_gcs_bucket_prefix }
+output "gitlab_gsa_email"        { value = module.cluster.gitlab_gsa_email }

.tofu/platforms/gke/prod/providers.tf

@@ -0,0 +1,28 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 6.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+variable "project_id" {
+  description = "GCP project ID for the prod environment"
+  type        = string
+}
+
+variable "region" {
+  description = "GCP region"
+  type        = string
+  default     = "europe-west1"
+}