DEV Community: Majedul Islam The latest articles on DEV Community by Majedul Islam (@mrmajed7). https://dev.to/mrmajed7 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F972304%2F0446ef26-0d6a-4acb-be37-22ecca0736a7.png DEV Community: Majedul Islam https://dev.to/mrmajed7 en Deploy a Polyglot Stack (Spring Boot + FastAPI) on GCP with Cloud Run, Cloud SQL, and Memorystore Majedul Islam Sat, 04 Oct 2025 15:39:41 +0000 https://dev.to/mrmajed7/deploy-a-polyglot-stack-spring-boot-fastapi-on-gcp-with-cloud-run-cloud-sql-and-redis-5ag7 https://dev.to/mrmajed7/deploy-a-polyglot-stack-spring-boot-fastapi-on-gcp-with-cloud-run-cloud-sql-and-redis-5ag7 <h2> Deploy a Polyglot Stack on Google Cloud </h2> <p>Deploying multiple services written in different languages can be tricky, but with Google Cloud managed services, you can run a polyglot stack efficiently. In this guide, we’ll deploy:</p> <ul> <li>Backend: Spring Boot (Java)</li> <li>AI/Service: FastAPI (Python)</li> <li>Database: Cloud SQL (PostgreSQL)</li> <li>Cache: Memorystore (Redis)</li> <li>Networking: Serverless VPC Access Connector</li> <li>CI/CD: Cloud Build + Artifact Registry</li> <li>Hosting: Cloud Run (serverless)</li> </ul> <p>This setup ensures production-grade isolation, scalability, private networking, and clean CI/CD pipelines.</p> <blockquote> <p>All commands use placeholders like <code>PROJECT_ID</code> and <code>REGION</code>. Replace them with your own values. Store sensitive values in Secret Manager, never in shell history.</p> </blockquote> <h2> 1. Install the Google Cloud CLI </h2> <p>To install the Google Cloud CLI on your system, follow the official guide for your platform: <a href="https://cloud.google.com/sdk/docs/install" rel="noopener noreferrer">Google Cloud SDK Installation</a></p> <p>Initialize:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud init </code></pre> </div> <h2> 2. Set Environment Variables </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">PROJECT_ID</span><span class="o">=</span><span class="s2">"your-gcp-project-id"</span> <span class="nb">export </span><span class="nv">REGION</span><span class="o">=</span><span class="s2">"asia-southeast1"</span> <span class="nb">export </span><span class="nv">ARTIFACT_REGION</span><span class="o">=</span><span class="s2">"asia-southeast1"</span> <span class="c"># Networking</span> <span class="nb">export </span><span class="nv">NETWORK</span><span class="o">=</span><span class="s2">"default"</span> <span class="nb">export </span><span class="nv">SUBNET</span><span class="o">=</span><span class="s2">"default"</span> <span class="nb">export </span><span class="nv">VPC_CONNECTOR</span><span class="o">=</span><span class="s2">"serverless-connector-01"</span> <span class="nb">export </span><span class="nv">VPC_CONNECTOR_RANGE</span><span class="o">=</span><span class="s2">"10.8.0.0/28"</span> <span class="c"># Cloud SQL (Postgres)</span> <span class="nb">export </span><span class="nv">SQL_INSTANCE_NAME</span><span class="o">=</span><span class="s2">"app-postgres"</span> <span class="nb">export </span><span class="nv">SQL_TIER</span><span class="o">=</span><span class="s2">"db-f1-micro"</span> <span class="nb">export </span><span class="nv">SQL_DB_BACKEND</span><span class="o">=</span><span class="s2">"backend_db"</span> <span class="nb">export </span><span class="nv">SQL_DB_AI</span><span class="o">=</span><span class="s2">"ai_db"</span> <span class="nb">export </span><span class="nv">SQL_USER</span><span class="o">=</span><span class="s2">"app_user"</span> <span class="nb">export </span><span class="nv">SQL_PASS</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 24<span class="si">)</span><span class="s2">"</span> <span class="c"># store in Secret Manager</span> <span class="c"># Memorystore (Redis)</span> <span class="nb">export </span><span class="nv">REDIS_INSTANCE</span><span class="o">=</span><span class="s2">"app-redis"</span> <span class="nb">export </span><span class="nv">REDIS_TIER</span><span class="o">=</span><span class="s2">"BASIC"</span> <span class="nb">export </span><span class="nv">REDIS_SIZE_GB</span><span class="o">=</span>1 <span class="c"># Artifact Registry</span> <span class="nb">export </span><span class="nv">REPO_BACKEND</span><span class="o">=</span><span class="s2">"apps-backend"</span> <span class="nb">export </span><span class="nv">REPO_AI</span><span class="o">=</span><span class="s2">"apps-ai"</span> <span class="c"># Images and services</span> <span class="nb">export </span><span class="nv">BACKEND_IMAGE</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span><span class="s2">-docker.pkg.dev/</span><span class="k">${</span><span class="nv">PROJECT_ID</span><span class="k">}</span><span class="s2">/</span><span class="k">${</span><span class="nv">REPO_BACKEND</span><span class="k">}</span><span class="s2">/backend:</span><span class="si">$(</span>git rev-parse <span class="nt">--short</span> HEAD<span class="si">)</span><span class="s2">"</span> <span class="nb">export </span><span class="nv">AI_IMAGE</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span><span class="s2">-docker.pkg.dev/</span><span class="k">${</span><span class="nv">PROJECT_ID</span><span class="k">}</span><span class="s2">/</span><span class="k">${</span><span class="nv">REPO_AI</span><span class="k">}</span><span class="s2">/ai:</span><span class="si">$(</span>git rev-parse <span class="nt">--short</span> HEAD<span class="si">)</span><span class="s2">"</span> <span class="nb">export </span><span class="nv">SERVICE_BACKEND</span><span class="o">=</span><span class="s2">"backend"</span> <span class="nb">export </span><span class="nv">SERVICE_AI</span><span class="o">=</span><span class="s2">"ai"</span> </code></pre> </div> <p>Enable required APIs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud services <span class="nb">enable </span>run.googleapis.com sqladmin.googleapis.com redis.googleapis.com <span class="se">\</span> artifactregistry.googleapis.com vpcaccess.googleapis.com secretmanager.googleapis.com </code></pre> </div> <h2> 3. Create Cloud SQL (PostgreSQL) </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create instance</span> gcloud sql instances create <span class="k">${</span><span class="nv">SQL_INSTANCE_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--project</span><span class="o">=</span><span class="k">${</span><span class="nv">PROJECT_ID</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--database-version</span><span class="o">=</span>POSTGRES_15 <span class="se">\</span> <span class="nt">--tier</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_TIER</span><span class="k">}</span> <span class="c"># Create databases</span> gcloud sql databases create <span class="k">${</span><span class="nv">SQL_DB_BACKEND</span><span class="k">}</span> <span class="nt">--instance</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_INSTANCE_NAME</span><span class="k">}</span> gcloud sql databases create <span class="k">${</span><span class="nv">SQL_DB_AI</span><span class="k">}</span> <span class="nt">--instance</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_INSTANCE_NAME</span><span class="k">}</span> <span class="c"># Create user</span> gcloud sql <span class="nb">users </span>create <span class="k">${</span><span class="nv">SQL_USER</span><span class="k">}</span> <span class="nt">--instance</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_INSTANCE_NAME</span><span class="k">}</span> <span class="nt">--password</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">SQL_PASS</span><span class="k">}</span><span class="s2">"</span> <span class="c"># Get connection name for Cloud Run</span> <span class="nb">export </span><span class="nv">SQL_CONNECTION_NAME</span><span class="o">=</span><span class="si">$(</span>gcloud sql instances describe <span class="k">${</span><span class="nv">SQL_INSTANCE_NAME</span><span class="k">}</span> <span class="nt">--format</span><span class="o">=</span><span class="s1">'value(connectionName)'</span><span class="si">)</span> </code></pre> </div> <blockquote> <p>Tip: Use Private IP for production and connect via a VPC connector for better security.</p> </blockquote> <h2> 4. Create Memorystore (Redis) </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud redis instances create <span class="k">${</span><span class="nv">REDIS_INSTANCE</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--size</span><span class="o">=</span><span class="k">${</span><span class="nv">REDIS_SIZE_GB</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--tier</span><span class="o">=</span><span class="k">${</span><span class="nv">REDIS_TIER</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--network</span><span class="o">=</span><span class="k">${</span><span class="nv">NETWORK</span><span class="k">}</span> <span class="nb">export </span><span class="nv">REDIS_HOST</span><span class="o">=</span><span class="si">$(</span>gcloud redis instances describe <span class="k">${</span><span class="nv">REDIS_INSTANCE</span><span class="k">}</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="nt">--format</span><span class="o">=</span><span class="s1">'value(host)'</span><span class="si">)</span> <span class="nb">export </span><span class="nv">REDIS_PORT</span><span class="o">=</span><span class="si">$(</span>gcloud redis instances describe <span class="k">${</span><span class="nv">REDIS_INSTANCE</span><span class="k">}</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="nt">--format</span><span class="o">=</span><span class="s1">'value(port)'</span><span class="si">)</span> </code></pre> </div> <h2> 5. Set Up Serverless VPC Access Connector </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud compute networks vpc-access connectors create <span class="k">${</span><span class="nv">VPC_CONNECTOR</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--network</span><span class="o">=</span><span class="k">${</span><span class="nv">NETWORK</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--range</span><span class="o">=</span><span class="k">${</span><span class="nv">VPC_CONNECTOR_RANGE</span><span class="k">}</span> </code></pre> </div> <p>This allows Cloud Run services to reach private resources like Cloud SQL and Redis.</p> <h2> 6. Artifact Registry </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud artifacts repositories create <span class="k">${</span><span class="nv">REPO_BACKEND</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--repository-format</span><span class="o">=</span>docker <span class="se">\</span> <span class="nt">--location</span><span class="o">=</span><span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span> gcloud artifacts repositories create <span class="k">${</span><span class="nv">REPO_AI</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--repository-format</span><span class="o">=</span>docker <span class="se">\</span> <span class="nt">--location</span><span class="o">=</span><span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span> gcloud auth configure-docker <span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span><span class="nt">-docker</span>.pkg.dev </code></pre> </div> <h2> 7. Build and Push Docker Images </h2> <ul> <li>Spring Boot Backend: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> <span class="k">${</span><span class="nv">BACKEND_IMAGE</span><span class="k">}</span> <span class="nt">-f</span> backend/Dockerfile.cloudrun backend docker push <span class="k">${</span><span class="nv">BACKEND_IMAGE</span><span class="k">}</span> </code></pre> </div> <ul> <li>FastAPI AI Service: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> <span class="k">${</span><span class="nv">AI_IMAGE</span><span class="k">}</span> <span class="nt">-f</span> backend-ai/Dockerfile.cloudrun backend-ai docker push <span class="k">${</span><span class="nv">AI_IMAGE</span><span class="k">}</span> </code></pre> </div> <h2> 8. Deploy on Cloud Run </h2> <p>Use VPC connector, Cloud SQL, and Secret Manager for secure connections.</p> <h3> Spring Boot Backend </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud run deploy <span class="k">${</span><span class="nv">SERVICE_BACKEND</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--image</span><span class="o">=</span><span class="k">${</span><span class="nv">BACKEND_IMAGE</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--platform</span><span class="o">=</span>managed <span class="se">\</span> <span class="nt">--allow-unauthenticated</span> <span class="se">\</span> <span class="nt">--min-instances</span><span class="o">=</span>0 <span class="se">\</span> <span class="nt">--vpc-connector</span><span class="o">=</span><span class="k">${</span><span class="nv">VPC_CONNECTOR</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--vpc-egress</span><span class="o">=</span>all-traffic <span class="se">\</span> <span class="nt">--add-cloudsql-instances</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_CONNECTION_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">SPRING_PROFILES_ACTIVE</span><span class="o">=</span>prod <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">CLOUD_SQL_CONNECTION_NAME</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_CONNECTION_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">SPRING_DATASOURCE_URL</span><span class="o">=</span><span class="s2">"jdbc:postgresql://</span><span class="k">${</span><span class="nv">SQL_DB_BACKEND</span><span class="k">}</span><span class="s2">?cloudSqlInstance=</span><span class="k">${</span><span class="nv">SQL_CONNECTION_NAME</span><span class="k">}</span><span class="s2">&amp;socketFactory=com.google.cloud.sql.postgres.SocketFactory"</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">SPRING_DATASOURCE_USERNAME</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_USER</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-secrets</span><span class="o">=</span><span class="nv">SPRING_DATASOURCE_PASSWORD</span><span class="o">=</span>sql-db-password:latest <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">SPRING_DATA_REDIS_HOST</span><span class="o">=</span><span class="k">${</span><span class="nv">REDIS_HOST</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">SPRING_DATA_REDIS_PORT</span><span class="o">=</span><span class="k">${</span><span class="nv">REDIS_PORT</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-secrets</span><span class="o">=</span><span class="nv">SPRING_CUSTOM_SECURITY_JWTSECRET</span><span class="o">=</span>jwt-secret:latest </code></pre> </div> <h3> FastAPI AI Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud run deploy <span class="k">${</span><span class="nv">SERVICE_AI</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--image</span><span class="o">=</span><span class="k">${</span><span class="nv">AI_IMAGE</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--platform</span><span class="o">=</span>managed <span class="se">\</span> <span class="nt">--allow-unauthenticated</span> <span class="se">\</span> <span class="nt">--min-instances</span><span class="o">=</span>0 <span class="se">\</span> <span class="nt">--vpc-connector</span><span class="o">=</span><span class="k">${</span><span class="nv">VPC_CONNECTOR</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--vpc-egress</span><span class="o">=</span>all-traffic <span class="se">\</span> <span class="nt">--add-cloudsql-instances</span><span class="o">=</span><span class="k">${</span><span class="nv">SQL_CONNECTION_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">DEBUG</span><span class="o">=</span>False <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">DATABASE_URL</span><span class="o">=</span><span class="s2">"postgresql+psycopg2://</span><span class="k">${</span><span class="nv">SQL_USER</span><span class="k">}</span><span class="s2">:&lt;from-secret&gt;@/</span><span class="k">${</span><span class="nv">SQL_DB_AI</span><span class="k">}</span><span class="s2">?host=/cloudsql/</span><span class="k">${</span><span class="nv">SQL_CONNECTION_NAME</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">REDIS_URL</span><span class="o">=</span><span class="s2">"redis://</span><span class="k">${</span><span class="nv">REDIS_HOST</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">REDIS_PORT</span><span class="k">}</span><span class="s2">/0"</span> <span class="se">\</span> <span class="nt">--set-secrets</span><span class="o">=</span><span class="nv">JWT_SECRET_KEY</span><span class="o">=</span>jwt-secret:latest <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">JWT_ALGORITHM</span><span class="o">=</span>HS256 <span class="se">\</span> <span class="nt">--set-env-vars</span><span class="o">=</span><span class="nv">JWT_ACCESS_TOKEN_EXPIRE_MINUTES</span><span class="o">=</span>60 </code></pre> </div> <blockquote> <p>Replace <code>&lt;from-secret&gt;</code> with Secret Manager reference.</p> </blockquote> <h2> 9. CI/CD with Cloud Build </h2> <p>Automate builds and deployment using Cloud Build triggers on <code>main</code> branch.</p> <ul> <li>Backend <code>cloudbuild.yaml</code> (template): </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/cloud-builders/docker</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">build'</span><span class="pi">,</span><span class="s1">'</span><span class="s">-t'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_BACKEND}/backend:$COMMIT_SHA'</span><span class="pi">,</span><span class="s1">'</span><span class="s">-f'</span><span class="pi">,</span><span class="s1">'</span><span class="s">backend/Dockerfile.cloudrun'</span><span class="pi">,</span><span class="s1">'</span><span class="s">backend'</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/cloud-builders/docker</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">push'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_BACKEND}/backend:$COMMIT_SHA'</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/google.com/cloudsdktool/cloud-sdk</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="s">gcloud</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">run'</span><span class="pi">,</span><span class="s1">'</span><span class="s">deploy'</span><span class="pi">,</span><span class="s1">'</span><span class="s">backend'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--image'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_BACKEND}/backend:$COMMIT_SHA'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--region'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${REGION}'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--platform'</span><span class="pi">,</span><span class="s1">'</span><span class="s">managed'</span><span class="pi">]</span> <span class="na">options</span><span class="pi">:</span> <span class="na">logging</span><span class="pi">:</span> <span class="s">CLOUD_LOGGING_ONLY</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s1">'</span><span class="s">1200s'</span> </code></pre> </div> <ul> <li>AI <code>cloudbuild.yaml</code> (template): </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/cloud-builders/docker</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">build'</span><span class="pi">,</span><span class="s1">'</span><span class="s">-t'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_AI}/ai:$COMMIT_SHA'</span><span class="pi">,</span><span class="s1">'</span><span class="s">-f'</span><span class="pi">,</span><span class="s1">'</span><span class="s">backend-ai/Dockerfile.cloudrun'</span><span class="pi">,</span><span class="s1">'</span><span class="s">backend-ai'</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/cloud-builders/docker</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">push'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_AI}/ai:$COMMIT_SHA'</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gcr.io/google.com/cloudsdktool/cloud-sdk</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="s">gcloud</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">run'</span><span class="pi">,</span><span class="s1">'</span><span class="s">deploy'</span><span class="pi">,</span><span class="s1">'</span><span class="s">ai'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--image'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${ARTIFACT_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_AI}/ai:$COMMIT_SHA'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--region'</span><span class="pi">,</span><span class="s1">'</span><span class="s">${REGION}'</span><span class="pi">,</span><span class="s1">'</span><span class="s">--platform'</span><span class="pi">,</span><span class="s1">'</span><span class="s">managed'</span><span class="pi">]</span> <span class="na">options</span><span class="pi">:</span> <span class="na">logging</span><span class="pi">:</span> <span class="s">CLOUD_LOGGING_ONLY</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s1">'</span><span class="s">1200s'</span> </code></pre> </div> <blockquote> <p>Ensure the Cloud Build service account has access to Artifact Registry and Cloud Run.</p> </blockquote> <h3> Create a Cloud Build trigger </h3> <p>Create a GitHub-based trigger that runs on <code>main</code> and uses your <code>cloudbuild.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud beta builds triggers create github <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span><span class="s2">"polyglot-deploy"</span> <span class="se">\</span> <span class="nt">--repo-owner</span><span class="o">=</span><span class="s2">"GITHUB_OWNER"</span> <span class="se">\</span> <span class="nt">--repo-name</span><span class="o">=</span><span class="s2">"GITHUB_REPO"</span> <span class="se">\</span> <span class="nt">--branch-pattern</span><span class="o">=</span><span class="s2">"^main$"</span> <span class="se">\</span> <span class="nt">--build-config</span><span class="o">=</span><span class="s2">"cloudbuild.yaml"</span> <span class="se">\</span> <span class="nt">--substitutions</span><span class="o">=</span><span class="nv">_REGION</span><span class="o">=</span><span class="k">${</span><span class="nv">REGION</span><span class="k">}</span>,_ARTIFACT_REGION<span class="o">=</span><span class="k">${</span><span class="nv">ARTIFACT_REGION</span><span class="k">}</span>,_REPO_BACKEND<span class="o">=</span><span class="k">${</span><span class="nv">REPO_BACKEND</span><span class="k">}</span>,_REPO_AI<span class="o">=</span><span class="k">${</span><span class="nv">REPO_AI</span><span class="k">}</span> </code></pre> </div> <h2> 10. Best Practices </h2> <ul> <li>Use Secret Manager for DB passwords, JWTs, API keys.</li> <li>Prefer Private IP for Cloud SQL and Redis; connect via VPC connector.</li> <li>Lock down Cloud Run ingress and enforce IAM roles.</li> <li>Tune min/max instances and concurrency to balance cost and cold starts.</li> <li>Monitor using Cloud Logging and Cloud Monitoring dashboards.</li> </ul> <p>With this setup, you have a scalable, secure, and production-ready polyglot deployment with CI/CD and private networking. Both Java and Python services can now run efficiently on GCP serverless infrastructure.</p> gcp spring fastapi devops Cloud HPC: How Google Scales High-Performance Computing Majedul Islam Sun, 28 Sep 2025 12:59:45 +0000 https://dev.to/mrmajed7/cloud-hpc-how-google-scales-high-performance-computing-4922 https://dev.to/mrmajed7/cloud-hpc-how-google-scales-high-performance-computing-4922 <h2> Cloud HPC: How Google Scales High-Performance Computing </h2> <p>When you think of Google Cloud, the first thing that comes to mind is usually hosting apps, databases, or analytics. But behind the scenes, Google runs some of the most advanced <strong>high-performance computing (HPC)</strong> clusters in the world. These clusters power everything from AI training to scientific simulations, using a mix of CPUs, GPUs, and custom TPUs.</p> <p>In this post, we’ll break down how Google Cloud’s architecture works at scale, why different workloads need different hardware, and what it means for performance and sustainability.</p> <h2> From CPUs to Specialized Accelerators </h2> <p>The days of relying solely on CPUs are long gone. Modern cloud platforms mix different types of hardware, each optimized for different workloads:</p> <ul> <li> <strong>CPUs</strong> – General-purpose workhorses. Google’s C4 machine types scale up to <strong>288 vCPUs and ~2.2 TB DDR5 RAM</strong>, with NVMe SSDs (up to 18 TiB) for scratch storage. They are best for request-heavy services, analytics, and orchestration tasks.</li> <li> <strong>GPUs</strong> – Built for massive data-parallelism. GCP offers <strong>A2 instances with up to 16× NVIDIA A100s (40/80 GB HBM2e)</strong> or <strong>A3 instances with H100/H200 GPUs</strong>. NVLink/NVSwitch interconnects provide intra-node bandwidth, while RoCE NICs deliver <strong>100–400 Gbps</strong> for multi-node HPC jobs.</li> <li> <strong>TPUs</strong> – Google’s custom ASICs. A <strong>TPU v3 chip</strong> contains <strong>two 128×128 systolic arrays of MAC units</strong> plus <strong>32 GB of on-chip HBM</strong>. At cluster scale, a <strong>TPU v4 pod has 4096 chips (~1.1 exaFLOPS bf16)</strong>, while <strong>TPU v5p pods scale to 8960 chips with 95 GB each (~4.1 exaFLOPS)</strong>.</li> </ul> <p>This spectrum of compute nodes allows workloads to be mapped to the <strong>most suitable hardware</strong> instead of relying on a one-size-fits-all processor.</p> <h2> Hardware at a Glance </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><strong>Node Type</strong></th> <th><strong>Specs</strong></th> <th><strong>Networking</strong></th> <th><strong>Best For</strong></th> </tr> </thead> <tbody> <tr> <td><strong>CPU Node</strong></td> <td>Up to 288 vCPUs, 2.2 TB DDR5, NVMe SSD</td> <td>25–100 Gbps NICs</td> <td>Web services, orchestration, control plane, analytics</td> </tr> <tr> <td><strong>GPU Node</strong></td> <td>1–16 GPUs (A100/H100/H200), 40–80 GB HBM per GPU</td> <td>NVLink/NVSwitch + RoCE (100–400 Gbps)</td> <td>ML training, HPC simulations, CUDA/OpenCL workloads</td> </tr> <tr> <td><strong>TPU Pod</strong></td> <td>4096–8960 TPU chips (32–95 GB HBM2e each)</td> <td>Custom 3D torus (4800 Gbps links) + PCIe host</td> <td>Large-scale deep learning (TensorFlow/XLA)</td> </tr> </tbody> </table></div> <h2> Networking at Scale: Google’s Jupiter Fabric </h2> <p>Fast accelerators alone aren’t enough — <strong>interconnect bandwidth</strong> is the real bottleneck in distributed HPC. </p> <p>Google’s <a href="https://cloud.google.com/blog/topics/systems/the-evolution-of-googles-jupiter-data-center-network" rel="noopener noreferrer">Jupiter fabric</a> solves this with <strong>multi-petabit per second bisection bandwidth</strong>, enabling:</p> <ul> <li> <strong>All-reduce operations</strong> for deep learning training with minimal synchronization overhead. </li> <li> <strong>MPI scaling</strong> for tightly-coupled scientific simulations (e.g., CFD, weather modeling). </li> <li> <strong>Dataflow workloads</strong> (MapReduce, Spark, Dataflow) that rely on shuffling massive datasets. </li> </ul> <p>By minimizing tail latency, Jupiter allows CPUs, GPUs, and TPUs to communicate at speeds impossible with commodity Ethernet.</p> <h2> Trade-Offs: Throughput vs. Latency </h2> <p>Google’s heterogeneous design reflects workload trade-offs:</p> <ul> <li> <strong>Throughput-focused workloads</strong> (training GPT-style models or running large HPC simulations) thrive on <strong>batch parallelism</strong> with GPUs/TPUs. However, the overhead of distributing data can raise latency. </li> <li> <strong>Latency-sensitive workloads</strong> (search queries, request routing, API responses) map better to CPUs, which can respond in microseconds without batch setup. </li> </ul> <p>This balance highlights the principle: <strong>use TPUs/GPUs when FLOPS/watt is the goal, CPUs when milliseconds matter.</strong></p> <h2> The Energy Challenge </h2> <p>Pushing HPC to exascale introduces energy and cooling challenges:</p> <ul> <li> <strong>Rack density</strong> – AI racks today draw <strong>30–100 kW each</strong>, often requiring <strong>liquid cooling</strong>. </li> <li> <strong>Cooling overhead</strong> – Cooling consumes <strong>40–50% of data center power</strong> if unmanaged. </li> <li> <strong>Carbon footprint</strong> – Global data centers consume ~<strong>2% of electricity</strong>, projected to double by 2030. </li> </ul> <p>Google mitigates this by: </p> <ul> <li>Running with an industry-leading <strong>PUE ≈ 1.10</strong> vs. ~1.58 average. </li> <li>Making TPUs <strong>67% more energy-efficient per chip</strong> than previous generations. </li> <li>Committing to <strong>24/7 carbon-free energy by 2030</strong>, aligning compute growth with renewables. </li> </ul> <p>This ensures scaling to exaFLOP-level compute doesn’t scale emissions at the same rate.</p> <h2> Cloud HPC Architecture Diagram </h2> <p>Since Dev.to doesn’t natively render Mermaid diagrams, here’s the architecture as an embedded image:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2Fpako%3AeNp9kG9rwjAQxr9KuNdVGlu7Ni8GrmPO4USmY7B1L2Ib27A2KTHZP_G7L6kMUcR7ceTuee5-R7aQy4IBgXUtv_KKKo2mT5lANjZmVSraViidP79lYDOaWe8mg_e9wcUIW-mFrdCCqU-en6oDq44ErX80zw8SE0UmTiDjDjI-C7lxkMcpWirKBRflsegY9_MULXhjaqq5FJdJy45kM5rL4hiUOtCMGUVrNGP6PDB1wClVJUOjCZqINVNM5Owi0y6zQw-m5ZopdEdXiufnBtwn93rXzr9vjE8by0MDPCgVL4BoZZgHDVMNdSVsnTUDXbHGnkXss6DqI4NM7OxMS8WrlM3_mJKmrICsab2xlWkLqtktp_bug8VeyFQqjdBAht0GIFv4BhLipB_EYTKIkhAP_SDw4AdIjPtJjHHgR0kcBgGOdh78dki_H2M_xlc4HvhR6A-jcPcH7DC-Bg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2Fpako%3AeNp9kG9rwjAQxr9KuNdVGlu7Ni8GrmPO4USmY7B1L2Ib27A2KTHZP_G7L6kMUcR7ceTuee5-R7aQy4IBgXUtv_KKKo2mT5lANjZmVSraViidP79lYDOaWe8mg_e9wcUIW-mFrdCCqU-en6oDq44ErX80zw8SE0UmTiDjDjI-C7lxkMcpWirKBRflsegY9_MULXhjaqq5FJdJy45kM5rL4hiUOtCMGUVrNGP6PDB1wClVJUOjCZqINVNM5Owi0y6zQw-m5ZopdEdXiufnBtwn93rXzr9vjE8by0MDPCgVL4BoZZgHDVMNdSVsnTUDXbHGnkXss6DqI4NM7OxMS8WrlM3_mJKmrICsab2xlWkLqtktp_bug8VeyFQqjdBAht0GIFv4BhLipB_EYTKIkhAP_SDw4AdIjPtJjHHgR0kcBgGOdh78dki_H2M_xlc4HvhR6A-jcPcH7DC-Bg" alt="Cloud HPC Architecture" width="800" height="400"></a></p> <h2> Why This Matters </h2> <p>For developers and researchers, Google Cloud’s HPC design offers:</p> <ul> <li> <strong>Faster training and simulations</strong> by matching workloads to the right hardware. </li> <li> <strong>Lower latency services</strong> thanks to CPU-optimized nodes. </li> <li> <strong>Better cost efficiency</strong> by reducing wasted compute cycles. </li> <li> <strong>A greener footprint</strong> through efficient chips and renewable energy. </li> </ul> <p>Under the hood: </p> <ul> <li> <strong>Schedulers (Borg/Kubernetes)</strong> dynamically allocate jobs to CPUs, GPUs, or TPUs, ensuring utilization without starving latency-sensitive tasks. </li> <li> <strong>Memory hierarchy</strong> (DDR5 vs. GPU HBM vs. TPU HBM2e) is optimized for bandwidth, not just capacity. </li> <li> <strong>Topology-aware placement</strong> ensures data-parallel jobs run on nodes physically closer in the Jupiter network, reducing cross-rack congestion. </li> <li> <strong>Elastic scaling</strong> lets users spin up single VMs or entire TPU pods with APIs that abstract parallelism complexity. </li> </ul> <h2> Final Thoughts </h2> <p>Cloud HPC may sound like something only AI labs and scientists care about, but the reality is it underpins much of the technology we use every day. </p> <p>Whether it’s smarter search results, real-time translation, or massive generative AI training runs, the infrastructure Google builds affects millions of users worldwide. </p> <p>For engineers, the takeaways are clear: </p> <ul> <li> <strong>Heterogeneous compute</strong> will only grow — CPUs, GPUs, TPUs, and new accelerators (genomics, video codecs, even quantum). </li> <li> <strong>Energy-aware orchestration</strong> will be as important as performance in the coming decade. </li> <li> <strong>Networking fabrics</strong> like Jupiter redefine what’s possible at datacenter scale — bandwidth is as critical as FLOPS. </li> <li> <strong>Domain-specific hardware</strong> (like TPUs) shows that specialization beats general-purpose silicon at hyperscale. </li> </ul> <p>As cloud providers race toward exascale and beyond, staying current with these architectures is key — not just for researchers but for any developer building applications that rely on scalable, efficient compute.</p> cloud hpc googlecloud computerarchitecture Polyglot Dockerization: Java + Python + Vue in Local and Production Majedul Islam Wed, 24 Sep 2025 18:14:08 +0000 https://dev.to/mrmajed7/polyglot-dockerization-java-python-vue-in-local-and-production-5c22 https://dev.to/mrmajed7/polyglot-dockerization-java-python-vue-in-local-and-production-5c22 <h2> Polyglot Dockerization: Java + Python + Vue in Local and Production </h2> <ul> <li> <strong>Why these services</strong>: A polyglot stack where Spring Boot powers core business workflows, FastAPI powers AI/RAG, and Vue powers the frontend.</li> <li> <strong>Why dockerization matters</strong>: Containers keep Java, Python, and Node toolchains consistent everywhere, eliminating cross-language environment drift.</li> <li> <strong>Two goals</strong>: (1) frictionless local development with one command, (2) production-grade images and configuration for reliable deploys.</li> </ul> <blockquote> <p>Keep secrets and configuration in <code>.env</code> files. Compose reads values like <code>POSTGRES_PASSWORD</code>, <code>JWT_SECRET</code>, <code>GOOGLE_API_KEY</code>, etc., from a local <code>.env</code> placed next to <code>docker-compose.yml</code>.</p> </blockquote> <h2> Local Dockerization with Docker Compose </h2> <ul> <li><strong>Spring Boot service</strong></li> </ul> <p>Dockerfile (multi-stage: build with Maven, run on JRE):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ---------- Build stage ----------</span> <span class="k">FROM</span><span class="w"> </span><span class="s">maven:3.9-eclipse-temurin-21</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /workspace/legalconnect</span> <span class="c"># Copy Maven wrapper and pom.xml first for better caching</span> <span class="k">COPY</span><span class="s"> legalconnect/mvnw legalconnect/mvnw.cmd ./</span> <span class="k">COPY</span><span class="s"> legalconnect/.mvn ./.mvn</span> <span class="k">COPY</span><span class="s"> legalconnect/pom.xml ./</span> <span class="c"># Download dependencies</span> <span class="k">RUN </span>./mvnw dependency:go-offline <span class="nt">-B</span> <span class="c"># Copy source code and build</span> <span class="k">COPY</span><span class="s"> legalconnect/src ./src</span> <span class="k">RUN </span>./mvnw clean package <span class="nt">-DskipTests</span> <span class="nt">-B</span> <span class="c"># ---------- Runtime stage ----------</span> <span class="k">FROM</span><span class="s"> eclipse-temurin:21-jre-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Non-root user + logs dir</span> <span class="k">RUN </span>addgroup <span class="nt">-g</span> 1001 <span class="nt">-S</span> spring <span class="o">&amp;&amp;</span> adduser <span class="nt">-S</span> spring <span class="nt">-u</span> 1001 <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /app/logs <span class="o">&amp;&amp;</span> <span class="nb">chown</span> <span class="nt">-R</span> spring:spring /app <span class="c"># Copy fat jar</span> <span class="k">COPY</span><span class="s"> --from=builder /workspace/legalconnect/target/legalconnect-0.0.1-SNAPSHOT.jar /app/app.jar</span> <span class="k">RUN </span><span class="nb">chown </span>spring:spring /app/app.jar <span class="k">USER</span><span class="s"> spring</span> <span class="k">ENV</span><span class="s"> JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC -XX:+UseContainerSupport"</span> <span class="k">ENV</span><span class="s"> SERVER_PORT=8080</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">ENTRYPOINT</span><span class="s"> ["sh", "-c", "java $JAVA_OPTS -jar /app/app.jar"]</span> </code></pre> </div> <ul> <li><strong>FastAPI service</strong></li> </ul> <p>Dockerfile (Python slim base, pinned requirements, uvicorn):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.12-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">--upgrade</span> pip <span class="se">\ </span> <span class="o">&amp;&amp;</span> pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="k">COPY</span><span class="s"> . .</span> <span class="k">EXPOSE</span><span class="s"> 8000</span> <span class="k">CMD</span><span class="s"> ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]</span> </code></pre> </div> <ul> <li><strong>Frontend (Vue) service</strong></li> </ul> <p>Dockerfile (build with Node 22, serve static with <code>serve</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ---- Build stage ----</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:22-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Install deps first (better layer caching)</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="c"># Copy source</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="c"># Accept build-time envs for Vite</span> <span class="k">ARG</span><span class="s"> VITE_API_BASE_URL</span> <span class="k">ARG</span><span class="s"> VITE_AI_CHAT_BASE_URL</span> <span class="k">ARG</span><span class="s"> VITE_JAAS_URL</span> <span class="k">ARG</span><span class="s"> VITE_JITSI_APP_ID</span> <span class="k">ENV</span><span class="s"> VITE_API_BASE_URL=${VITE_API_BASE_URL}</span> <span class="k">ENV</span><span class="s"> VITE_AI_CHAT_BASE_URL=${VITE_AI_CHAT_BASE_URL}</span> <span class="k">ENV</span><span class="s"> VITE_JAAS_URL=${VITE_JAAS_URL}</span> <span class="k">ENV</span><span class="s"> VITE_JITSI_APP_ID=${VITE_JITSI_APP_ID}</span> <span class="c"># Build</span> <span class="k">RUN </span>npm run build <span class="c"># ---- Runtime stage (serve) ----</span> <span class="k">FROM</span><span class="s"> node:22-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">ENV</span><span class="s"> NODE_ENV=production</span> <span class="k">RUN </span>npm i <span class="nt">-g</span> serve@14 <span class="k">COPY</span><span class="s"> --from=builder /app/dist /app</span> <span class="c"># Use port 5173 to match development server</span> <span class="k">ENV</span><span class="s"> PORT=5173</span> <span class="k">EXPOSE</span><span class="s"> 5173</span> <span class="c"># Bind to 0.0.0.0 and use port 5173</span> <span class="k">CMD</span><span class="s"> ["sh","-c","serve -s /app -l tcp://0.0.0.0:${PORT}"]</span> </code></pre> </div> <ul> <li><strong>docker-compose.yml (all services)</strong></li> </ul> <p>One Compose file orchestrates everything locally: Postgres, Redis, Elasticsearch, Spring Boot, FastAPI, and the frontend. Services depend on each other with health checks. Environment variables are injected from <code>.env</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:17.5</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">POSTGRES_DB=${POSTGRES_DB:-legalconnect}</span> <span class="pi">-</span> <span class="s">POSTGRES_USER=${POSTGRES_USER:-root}</span> <span class="pi">-</span> <span class="s">POSTGRES_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">5432:5432"</span><span class="pi">]</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres_data:/var/lib/postgresql/data</span> <span class="pi">-</span> <span class="s">./backend/legalconnect/src/main/resources/quartz_tables.sql:/docker-entrypoint-initdb.d/10_quartz.sql:ro</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">${POSTGRES_USER:-root}</span><span class="nv"> </span><span class="s">-d</span><span class="nv"> </span><span class="s">${POSTGRES_DB:-legalconnect}"</span><span class="pi">]</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">redis-server"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">--appendonly"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">yes"</span><span class="pi">]</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">6379:6379"</span><span class="pi">]</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">redis-cli"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">ping"</span><span class="pi">]</span> <span class="na">elasticsearch</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/elasticsearch/elasticsearch:9.1.1</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">discovery.type=single-node</span> <span class="pi">-</span> <span class="s">xpack.security.enabled=false</span> <span class="pi">-</span> <span class="s">ES_JAVA_OPTS=-Xms512m -Xmx512m</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">9200:9200"</span><span class="pi">]</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">context</span><span class="pi">:</span> <span class="nv">./backend</span><span class="pi">,</span> <span class="nv">dockerfile</span><span class="pi">:</span> <span class="nv">Dockerfile</span> <span class="pi">}</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/${POSTGRES_DB:-legalconnect}</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_USERNAME=${POSTGRES_USER:-root}</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="pi">-</span> <span class="s">SPRING_DATA_REDIS_HOST=redis</span> <span class="pi">-</span> <span class="s">SPRING_DATA_REDIS_PORT=6379</span> <span class="pi">-</span> <span class="s">SPRING_ELASTICSEARCH_URIS=http://elasticsearch:9200</span> <span class="pi">-</span> <span class="s">SPRING_CUSTOM_SECURITY_JWTSECRET=${JWT_SECRET}</span> <span class="pi">-</span> <span class="s">FRONTEND_URL=${FRONTEND_URL:-http://localhost:5173}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8080:8080"</span><span class="pi">]</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_healthy</span> <span class="pi">}</span> <span class="na">redis</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_healthy</span> <span class="pi">}</span> <span class="na">elasticsearch</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_healthy</span> <span class="pi">}</span> <span class="na">backend-ai</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">context</span><span class="pi">:</span> <span class="nv">./backend-ai</span><span class="pi">,</span> <span class="nv">dockerfile</span><span class="pi">:</span> <span class="nv">Dockerfile</span> <span class="pi">}</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">DATABASE_URL=postgresql://${POSTGRES_USER:-root}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-legalconnect}</span> <span class="pi">-</span> <span class="s">REDIS_URL=redis://redis:6379/0</span> <span class="pi">-</span> <span class="s">QDRANT_URL=${QDRANT_URL}</span> <span class="pi">-</span> <span class="s">QDRANT_API_KEY=${QDRANT_API_KEY}</span> <span class="pi">-</span> <span class="s">QDRANT_COLLECTION_NAME=${QDRANT_COLLECTION_NAME}</span> <span class="pi">-</span> <span class="s">GOOGLE_API_KEY=${GOOGLE_API_KEY}</span> <span class="pi">-</span> <span class="s">JWT_SECRET_KEY=${JWT_SECRET}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8000:8000"</span><span class="pi">]</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_healthy</span> <span class="pi">}</span> <span class="na">redis</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_healthy</span> <span class="pi">}</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">VITE_API_BASE_URL=${VITE_API_BASE_URL:-http://localhost:8080/v1}</span> <span class="pi">-</span> <span class="s">VITE_AI_CHAT_BASE_URL=${VITE_AI_CHAT_BASE_URL:-http://localhost:8000/api/v1}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">5173:5173"</span><span class="pi">]</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">postgres_data</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <ul> <li> <p><strong>What this compose does</strong></p> <ul> <li>Brings up stateful services (Postgres, Redis, Elasticsearch) first, then app services.</li> <li>Uses container DNS for internal networking (<code>postgres</code>, <code>redis</code>, <code>elasticsearch</code>).</li> <li>Exposes only required ports to the host, keeping service internals private.</li> <li>Injects configuration via <code>.env</code> and built-in defaults for quick start.</li> </ul> </li> <li><p><strong>Benefits</strong>: One command (<code>docker compose up -d</code>) to bring the entire stack up; reproducible environments; isolated dependencies; easy resets via volumes.</p></li> <li><p><strong>Challenges</strong>: Service-to-service networking (use container names like <code>postgres</code>, <code>redis</code>); managing env vars across services (centralize in <code>.env</code>); ensuring startup order (use <code>depends_on</code> + health checks); volume mounts for logs/data; port collisions.</p></li> </ul> <h3> Run Only One Backend (single-service Compose files) </h3> <p>Sometimes you need to run just one backend service for focused development.</p> <ul> <li> <strong>Spring Boot only</strong> (<code>backend/docker-compose.yml</code>): </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">authors-note</span><span class="pi">:</span> <span class="s">run only Spring Boot with Postgres/Redis locally</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:17.5</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">POSTGRES_DB=${POSTGRES_DB:-legalconnect}</span> <span class="pi">-</span> <span class="s">POSTGRES_USER=${POSTGRES_USER:-root}</span> <span class="pi">-</span> <span class="s">POSTGRES_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">5432:5432"</span><span class="pi">]</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">6379:6379"</span><span class="pi">]</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">maven:3.9-eclipse-temurin-21</span> <span class="na">working_dir</span><span class="pi">:</span> <span class="s">/workspace/backend/legalconnect</span> <span class="na">command</span><span class="pi">:</span> <span class="s">./mvnw spring-boot:run</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_URL=jdbc:postgresql://db:5432/${POSTGRES_DB:-legalconnect}</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_USERNAME=${POSTGRES_USER:-root}</span> <span class="pi">-</span> <span class="s">SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="pi">-</span> <span class="s">SPRING_DATA_REDIS_HOST=redis</span> <span class="pi">-</span> <span class="s">SPRING_DATA_REDIS_PORT=6379</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./legalconnect:/workspace/backend/legalconnect</span> <span class="pi">-</span> <span class="s">~/.m2:/root/.m2</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8080:8080"</span><span class="pi">]</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_started</span> <span class="pi">}</span> <span class="na">redis</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_started</span> <span class="pi">}</span> </code></pre> </div> <ul> <li> <p><strong>What this compose does</strong></p> <ul> <li>Runs Spring Boot directly via Maven wrapper inside the container for fast feedback.</li> <li>Mounts your project folder and local Maven cache for quick rebuilds.</li> <li>Provides local Postgres + Redis with simple default credentials.</li> </ul> </li> <li><p><strong>FastAPI only</strong> (<code>backend-ai/docker-compose.yml</code>):<br><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">authors-note</span><span class="pi">:</span> <span class="s">run only FastAPI with Postgres/Redis locally</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:17.5</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">POSTGRES_DB=${POSTGRES_DB:-legal_connect_db}</span> <span class="pi">-</span> <span class="s">POSTGRES_USER=${POSTGRES_USER:-legal}</span> <span class="pi">-</span> <span class="s">POSTGRES_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">5432:5432"</span><span class="pi">]</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">6379:6379"</span><span class="pi">]</span> <span class="na">fastapi-app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">context</span><span class="pi">:</span> <span class="nv">.</span><span class="pi">,</span> <span class="nv">dockerfile</span><span class="pi">:</span> <span class="nv">Dockerfile</span> <span class="pi">}</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">DATABASE_URL=postgresql://${POSTGRES_USER:-legal}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-legal_connect_db}</span> <span class="pi">-</span> <span class="s">REDIS_URL=redis://redis:6379/0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8000:8000"</span><span class="pi">]</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_started</span> <span class="pi">}</span> <span class="na">redis</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">condition</span><span class="pi">:</span> <span class="nv">service_started</span> <span class="pi">}</span> </code></pre> </div> <ul> <li> <strong>What this compose does</strong> <ul> <li>Builds your FastAPI app image and runs it with DB/Redis dependencies.</li> <li>Uses the standard <code>DATABASE_URL</code>/<code>REDIS_URL</code> patterns for twelve-factor configuration.</li> <li>Exposes only the FastAPI port to your host for API testing.</li> </ul> </li> </ul> <h2> How to run locally </h2> <p>1) Prepare environment</p> <ul> <li>Keep you environment variables and secrets (DB password, JWT secrets, API keys) in a .env file.</li> <li>Ensure no local services are occupying ports: 5432, 6379, 9200, 8080, 8000, 5173. Stop them or free ports.</li> </ul> <p>2) Run the full stack</p> <ul> <li>Build and start: <code>docker compose up -d --build</code> </li> <li>Check health: <code>docker compose ps</code> and <code>docker compose logs -f backend backend-ai frontend</code> </li> <li>App URLs: backend <code>http://localhost:8080</code>, AI <code>http://localhost:8000</code>, frontend <code>http://localhost:5173</code> </li> </ul> <p>3) Run only one backend</p> <ul> <li>Spring Boot only: <code>docker compose -f backend/docker-compose.yml up -d</code> </li> <li>FastAPI only: <code>docker compose -f backend-ai/docker-compose.yml up -d</code> </li> </ul> <p>4) Tear down and reset</p> <ul> <li>Stop: <code>docker compose down</code> </li> <li>Stop + remove volumes (DB reset): <code>docker compose down -v</code> </li> </ul> <h2> Production Dockerization </h2> <ul> <li> <strong>Spring Boot optimized Dockerfile (multi-stage, smaller image)</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Build stage</span> <span class="k">FROM</span><span class="w"> </span><span class="s">maven:3.9-eclipse-temurin-21</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /workspace/legalconnect</span> <span class="k">COPY</span><span class="s"> legalconnect/mvnw legalconnect/mvnw.cmd ./</span> <span class="k">COPY</span><span class="s"> legalconnect/.mvn ./.mvn</span> <span class="k">COPY</span><span class="s"> legalconnect/pom.xml ./</span> <span class="k">RUN </span>./mvnw dependency:go-offline <span class="nt">-B</span> <span class="k">COPY</span><span class="s"> legalconnect/src ./src</span> <span class="k">RUN </span>./mvnw clean package <span class="nt">-DskipTests</span> <span class="nt">-B</span> <span class="c"># Runtime stage</span> <span class="k">FROM</span><span class="s"> eclipse-temurin:21-jre-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>addgroup <span class="nt">-g</span> 1001 <span class="nt">-S</span> spring <span class="o">&amp;&amp;</span> adduser <span class="nt">-S</span> spring <span class="nt">-u</span> 1001 <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /app/logs <span class="o">&amp;&amp;</span> <span class="nb">chown</span> <span class="nt">-R</span> spring:spring /app <span class="k">COPY</span><span class="s"> --from=builder /workspace/legalconnect/target/legalconnect-0.0.1-SNAPSHOT.jar /app/app.jar</span> <span class="k">USER</span><span class="s"> spring</span> <span class="k">ENV</span><span class="s"> SPRING_PROFILES_ACTIVE=prod</span> <span class="k">ENV</span><span class="s"> JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0 -XX:+UseG1GC -XX:+UseStringDeduplication"</span> <span class="k">ENV</span><span class="s"> PORT=8080</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">ENTRYPOINT</span><span class="s"> ["sh", "-c", "java $JAVA_OPTS -Dserver.port=$PORT -jar /app/app.jar"]</span> </code></pre> </div> <ul> <li> <strong>FastAPI optimized Dockerfile (lightweight base, non-root, healthcheck)</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.12-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> gcc g++ <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">--upgrade</span> pip <span class="se">\ </span> <span class="o">&amp;&amp;</span> pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>groupadd <span class="nt">-r</span> appuser <span class="o">&amp;&amp;</span> useradd <span class="nt">-r</span> <span class="nt">-g</span> appuser appuser <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /app/logs /app/bdcode_json <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">chown</span> <span class="nt">-R</span> appuser:appuser /app <span class="k">USER</span><span class="s"> appuser</span> <span class="k">ENV</span><span class="s"> PYTHONPATH=/app</span> <span class="k">ENV</span><span class="s"> PYTHONUNBUFFERED=1</span> <span class="k">ENV</span><span class="s"> PYTHONDONTWRITEBYTECODE=1</span> <span class="k">ENV</span><span class="s"> PORT=8000</span> <span class="k">EXPOSE</span><span class="s"> 8000</span> <span class="k">HEALTHCHECK</span><span class="s"> --interval=30s --timeout=10s --start-period=60s --retries=3 \</span> CMD python -c "import requests; requests.get('http://localhost:$PORT/health')" || exit 1 <span class="k">CMD</span><span class="s"> ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port $PORT --workers 1"]</span> </code></pre> </div> <ul> <li> <strong>Config differences vs local</strong>: In production, deploy images directly (Cloud Run/Kubernetes). Prefer managed services: Cloud SQL (Postgres), Memorystore (Redis), Elastic Cloud. Service discovery and autoscaling are handled by the platform.</li> <li> <strong>Handling env vars + secrets</strong>: Use Secret Manager/Key Vault and runtime env vars. Keep <code>.env</code> for local only; mirror variable names across environments for parity.</li> </ul> <h2> Comparing Local vs Prod Setup </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Service</th> <th>Local</th> <th>Production</th> </tr> </thead> <tbody> <tr> <td>Spring Boot</td> <td>Compose + Postgres/Redis/Elasticsearch</td> <td>Multi-stage image, managed Postgres (Cloud SQL), managed Redis (Memorystore), Elastic Cloud</td> </tr> <tr> <td>FastAPI</td> <td>Compose + Postgres + Redis</td> <td>Lightweight image, managed Postgres/Redis, scale-to-zero via Cloud Run</td> </tr> <tr> <td>Frontend</td> <td>Compose-built image (Vite args)</td> <td>Static hosting or container image served behind CDN</td> </tr> <tr> <td>Config</td> <td> <code>.env</code> + docker compose</td> <td>Secret manager + platform env vars</td> </tr> <tr> <td>Networking</td> <td>Container DNS names (<code>postgres</code>, <code>redis</code>)</td> <td>Platform service URLs, VPC connectors if needed</td> </tr> </tbody> </table></div> <h2> Potential Issues to Watch For </h2> <ul> <li> <strong>Port conflicts</strong>: Stop anything already running on <code>5432</code> (Postgres), <code>6379</code> (Redis), <code>9200</code> (Elasticsearch), <code>8080</code> (Spring), <code>8000</code> (FastAPI), <code>5173</code> (Frontend). Use <code>lsof -i :PORT</code> or <code>sudo fuser -k PORT/tcp</code> to free ports.</li> <li> <strong>Stale volumes/config</strong>: Remove volumes when schema or config changes: <code>docker compose down -v</code>.</li> <li> <strong>Env var drift</strong>: Missing <code>.env</code> keys cause startup errors (DB auth, JWT, API keys). Keep sample <code>.env.example</code> in sync.</li> <li> <strong>Service startup race</strong>: Ensure DB/Redis are healthy before app starts (health checks + <code>depends_on</code>).</li> <li> <strong>Memory limits</strong>: Elasticsearch can fail on low memory; adjust <code>ES_JAVA_OPTS</code> or allocate more resources.</li> <li> <strong>File permissions</strong>: Volume-mounted logs or cache dirs may need proper ownership for non-root users.</li> <li> <strong>Networking visibility</strong>: Containers resolve by service name (e.g., <code>postgres</code>); don’t use <code>localhost</code> from inside containers.</li> </ul> <h2> Lessons Learned </h2> <ul> <li> <strong>Image size optimization</strong>: Multi-stage builds; slim base images; <code>--no-cache-dir</code>; remove build tools from runtime.</li> <li> <strong>Isolate configs per environment</strong>: Same variable names across <code>.env</code>, CI/CD, and prod reduce drift.</li> <li> <strong>FastAPI vs Spring Boot</strong>: Python starts fast and is small; JVM needs warm-up but offers strong concurrency and tooling.</li> <li> <strong>Debug container networking</strong>: Use container names, verify health checks, confirm exposed ports, and tail logs with <code>docker compose logs -f</code>.</li> </ul> <p>Dockerizing a polyglot stack ensures reliable, reproducible environments end-to-end. With Compose locally and optimized images for production, we can iterate quickly and deploy confidently. Next up: deploying both services on Cloud Run with a CI/CD pipeline that builds, scans, and rolls out images automatically.</p> <blockquote> <p>Tip: Keep sensitive values in <code>.env</code> locally and in a secret manager in production. Validate required vars early and fail fast when missing.</p> </blockquote> docker spring fastapi vue