Skip to content

Latest commit

 

History

History
 
 

cloudsql-instance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Cloud SQL instance with read replicas

This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the users and databases parameters.

Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).

Warning: if you use the users field, you terraform state will contain each user's password in plain text.

Simple example

This example shows how to setup a project, VPC and a standalone Cloud SQL instance.

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.organization_id
  name            = "my-db-project"
  services = [
    "servicenetworking.googleapis.com"
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  psa_config = {
    ranges = { cloud-sql = "10.60.0.0/16" }
    routes = null
  }
}

module "db" {
  source           = "./fabric/modules/cloudsql-instance"
  project_id       = module.project.project_id
  network          = module.vpc.self_link
  name             = "db"
  region           = "europe-west1"
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"
}
# tftest modules=3 resources=9

Cross-regional read replica

module "db" {
  source           = "./fabric/modules/cloudsql-instance"
  project_id       = var.project_id
  network          = var.vpc.self_link
  name             = "db"
  region           = "europe-west1"
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  replicas = {
    replica1 = { region = "europe-west3", encryption_key_name = null }
    replica2 = { region = "us-central1", encryption_key_name = null }
  }
}
# tftest modules=1 resources=3

Custom flags, databases and users

module "db" {
  source           = "./fabric/modules/cloudsql-instance"
  project_id       = var.project_id
  network          = var.vpc.self_link
  name             = "db"
  region           = "europe-west1"
  database_version = "MYSQL_8_0"
  tier             = "db-g1-small"

  flags = {
    disconnect_on_expired_password = "on"
  }

  databases = [
    "people",
    "departments"
  ]

  users = {
    # generatea password for user1
    user1 = null
    # assign a password to user2
    user2 = "mypassword"
  }
}
# tftest modules=1 resources=6

CMEK encryption

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.organization_id
  name            = "my-db-project"
  services = [
    "servicenetworking.googleapis.com",
    "sqladmin.googleapis.com",
  ]
}

module "kms" {
  source     = "./fabric/modules/kms"
  project_id = module.project.project_id
  keyring = {
    name     = "keyring"
    location = var.region
  }
  keys = {
    key-sql = null
  }
  key_iam = {
    key-sql = {
      "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
        "serviceAccount:${module.project.service_accounts.robots.sqladmin}"
      ]
    }
  }
}

module "db" {
  source              = "./fabric/modules/cloudsql-instance"
  project_id          = module.project.project_id
  encryption_key_name = module.kms.keys["key-sql"].id
  network             = var.vpc.self_link
  name                = "db"
  region              = var.region
  database_version    = "POSTGRES_13"
  tier                = "db-g1-small"
}

# tftest modules=3 resources=10

Variables

name description type required default
database_version Database type and version to create. string
name Name of primary instance. string
network VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. string
project_id The ID of the project where this instances will be created. string
region Region of the primary instance. string
tier The machine type to use for the instances. string
allocated_ip_ranges (Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?. object({…}) {}
authorized_networks Map of NAME=>CIDR_RANGE to allow to connect to the database(s). map(string) null
availability_type Availability type for the primary replica. Either ZONAL or REGIONAL. string "ZONAL"
backup_configuration Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. object({…}) {…}
databases Databases to create once the primary instance is created. list(string) null
deletion_protection Allow terraform to delete instances. bool false
disk_size Disk size in GB. Set to null to enable autoresize. number null
disk_type The type of data disk: PD_SSD or PD_HDD. string "PD_SSD"
encryption_key_name The full path to the encryption key used for the CMEK disk encryption of the primary instance. string null
flags Map FLAG_NAME=>VALUE for database-specific tuning. map(string) null
ipv4_enabled Add a public IP address to database instance. bool false
labels Labels to be attached to all instances. map(string) null
postgres_client_certificates Map of cert keys connect to the application(s) using public IP. list(string) null
prefix Optional prefix used to generate instance names. string null
replicas Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. map(object({…})) {}
root_password Root password of the Cloud SQL instance. Required for MS SQL Server. string null
users Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first @ (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. map(string) null

Outputs

name description sensitive
connection_name Connection name of the primary instance.
connection_names Connection names of all instances.
id ID of the primary instance.
ids IDs of all instances.
instances Cloud SQL instance resources.
ip IP address of the primary instance.
ips IP addresses of all instances.
name Name of the primary instance.
names Names of all instances.
postgres_client_certificates The CA Certificate used to connect to the SQL Instance via SSL.
self_link Self link of the primary instance.
self_links Self links of all instances.
user_passwords Map of containing the password of all users created through terraform.