日本語 | English | 简体中文 | Français
A project for setting up a private Dify platform on your cloud infrastructure using Infrastructure as Code.
This project provides Infrastructure as Code solutions for deploying Dify in a private cloud environment, with optional secure state management using Terraform Cloud.
- Automated setup of Dify platform on cloud platforms
- Infrastructure as Code using Terraform
- (Optional) Secure state management with Terraform Cloud
- Designed for organizational use
- Platform-agnostic architecture design
- Secure authentication using Workload Identity Federation (no static credentials)
- Infrastructure administrators
- Organizations seeking IaC solutions for Dify deployment
- Teams using Terraform
- Teams interested in managed Terraform state using Terraform Cloud (optional)
graph TB
subgraph "Infrastructure Management"
TC[Terraform Cloud]
GIT[Git Repository]
end
subgraph "Cloud Platforms"
GCP[Google Cloud Platform]
AZURE[Azure<br/>planned]
AWS[AWS<br/>planned]
end
subgraph "Dify Platform"
API[Dify API]
WEB[Dify Web]
DB[(Database)]
STORAGE[(Storage)]
end
TC -->|State Management| GCP
TC -->|Future Support| AZURE
TC -->|Future Support| AWS
GIT -->|IaC Definitions| TC
GCP --> API
GCP --> WEB
GCP --> DB
GCP --> STORAGE
graph TB
subgraph "Infrastructure Management"
direction TB
TC[Terraform Cloud]
WIF[Workload Identity Federation]
SA[Service Account]
TC -->|authenticates| WIF
WIF -->|assumes| SA
end
subgraph "Network Layer"
direction TB
VPC[Virtual Private Cloud]
CLB[Cloud Load Balancer]
CP[Cloud NAT]
PSC[Private Service Connect]
end
subgraph "Compute Layer"
direction TB
CR[Cloud Run]
subgraph "Services"
API[Dify API Service]
WEB[Dify Web Service]
end
CR --> API
CR --> WEB
end
subgraph "Data Layer"
direction TB
CS[Cloud SQL]
GCS[Cloud Storage]
subgraph "Database"
PG[PostgreSQL]
end
CS --> PG
end
subgraph "Security Layer"
direction TB
SM[Secret Manager]
IAM[IAM]
end
SA -->|manages| VPC
SA -->|manages| CR
SA -->|manages| CS
SA -->|manages| GCS
CLB -->|routes| CR
VPC -->|connects| PSC
PSC -->|private access| CS
API -->|uses| CS
API -->|stores| GCS
WEB -->|calls| API
CR -->|accesses| SM
IAM -->|controls| CR
IAM -->|controls| CS
IAM -->|controls| GCS
This repository contains the following components:
-
- IaC implementation for Dify on Google Cloud
- Current reference implementation
- Detailed deployment instructions
- Configuration guidelines
-
Terraform Dynamic Credentials Setup
- Optional Terraform Cloud integration
- Secure credential management
- State management automation
-
Clone this repository and perform initial setup:
# Initialize and login to gcloud gcloud init --no-launch-browser gcloud auth application-default login # Create GCS bucket for state management gsutil mb gs://your-tfstate-bucket
-
Specify state management bucket in
dify-google-cloud-terraform/terraform/environments/dev/provider.tf:backend "gcs" { bucket = "your-tfstate-bucket" # Replace with your bucket name prefix = "dify" }
-
Edit required configuration values in
dify-google-cloud-terraform/terraform/environments/dev/terraform.tfvars -
Follow steps 2-6 in dify-google-cloud-terraform's Getting Started
-
Prerequisites
- Create Google Cloud Project
- Create Organization, Project, and Workspace in Terraform Cloud
-
Clone this repository and edit configuration files
# Configuration for Dify deployment # Only change the `project_id` vim dify-google-cloud-terraform/terraform/environments/dev/terraform.tfvars # Configuration for Terraform Cloud authentication vim terraform-dynamic-credentials-setup/gcp/terraform.tfvars
-
Commit changes and push to repository
-
Configure Workspace in Terraform Cloud
- Select Version Control Workflow
- Connect to VCS and specify cloned repository
- Set Working Directory to
dify-google-cloud-terraform/terraform/environments/dev
-
Clone repository in Google Cloud Shell and set up authentication
git clone <your-repository-url> cd <repository-name>/terraform-dynamic-credentials-setup # Connect to Terraform Cloud terraform login # Configure Workload Identity Federation cd gcp terraform plan terraform apply
-
Follow steps 2-4 in dify-google-cloud-terraform の Getting Started to build and push docker image
-
Execute Run in Terraform Cloud
- Confirm Plan is automatically executed
- Approve Apply
For detailed setup instructions, refer to terraform-dynamic-credentials-setup.
Currently implemented:
- Google Cloud Platform
Future platform support planned:
- Azure
- AWS
- Other major cloud providers
Contributions for adding support for additional cloud platforms are welcome. Please follow the existing implementation patterns and documentation standards.
This project incorporates code from the following open-source projects:
-
dify-google-cloud-terraform by DeNA (MIT License)
- Provides the base implementation for Google Cloud deployment
- Located in
./dify-google-cloud-terraform/
-
terraform-dynamic-credentials-setup-examples by HashiCorp (MPL-2.0 License)
- Provides the implementation for secure credential management
- Located in
./terraform-dynamic-credentials-setup/
This project is licensed under the MIT License - see the LICENSE file for details.