Skip to content

Infrastructure

Tomoda runs across three providers. Each one owns a clear slice of the stack — there is no overlap, no failover between them, and no shared state outside of DNS records.

  • Google Cloud

    Compute and data. GKE cluster, Cloud Build, Artifact Registry, Secret Manager, GCS buckets for Postgres backups and the Photon index. Everything lives in a single project (development-485000) in asia-east1; environments are split by Kubernetes namespace, not by GCP project.

  • AWS

    Static assets only. S3 buckets behind CloudFront for the marketing site and user-uploaded media. No compute, no databases, no secrets. Documentation pending.

  • :material-cloudflare:{ .lg .middle } Cloudflare

    DNS, edge TLS, and DDoS. All tomoda.life records terminate here before reaching either GCP (Traefik ingress) or AWS (CloudFront). Documentation pending.

Why this split

The three providers were picked for what each does best, not for redundancy:

  • GCP is where workloads run and where state lives. GKE + Workload Identity + CNPG-on-GCS makes the operator surface small.
  • AWS S3 + CloudFront is the cheapest, most boring way to serve static bytes globally. We do not want to run an object store ourselves on GKE.
  • Cloudflare is the only public-facing layer. It hides origin IPs, terminates TLS for the apex, and gives us a flat zone file to grep.

If you are tracing a request from browser to database, the order is: Cloudflare DNS resolves the hostname; the client hits either Traefik on GKE or CloudFront on AWS; from there, GCP serves dynamic traffic and AWS serves static. Nothing crosses providers at runtime.

Start with the GCP section — that is where 95% of operational work happens.