Repository Map
Repositories
| Repo | What it owns |
|---|---|
platform-api-gateway | Cloudflare Workers: admin-gateway, public-gateway |
iac-api-gateway | Gateway subnet, VM template, MIG, health check, CF Tunnel, DNS, secrets, IAM |
iac-access | Cloud Run services (svc-access, svc-access-public), Cloud SQL |
iac-foundation | VPC, Cloud NAT, firewall rules (egress tags), WIF, service accounts |
svc-access | Backend application code |
Key files in iac-api-gateway/gateway/
| File | Purpose |
|---|---|
cf_proxy.py | cf-proxy source — embedded into VM startup script by Terraform |
vm.tf | Instance template, MIG, health check, routes_json local |
tunnel.tf | CF Tunnel resource + ingress rules |
dns.tf | CNAME records for internal hostnames |
secrets.tf | INTERNAL_AUTH_TOKEN generation, GCP SM, CF Secrets Store push |
access.tf | CF Access service tokens (pending cleanup) |
network.tf | Gateway subnet |
iam.tf | Gateway VM service account bindings |
main.tf | Locals, VPC data source, Cloud Run service data sources |