This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the users
and databases
parameters.
Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).
Warning: if you use the users
field, you terraform state will contain each user's password in plain text.
This example shows how to setup a project, VPC and a standalone Cloud SQL instance.
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.organization_id
name = "my-db-project"
services = [
"servicenetworking.googleapis.com"
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_config = {
ranges = { cloud-sql = "10.60.0.0/16" }
routes = null
}
}
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = module.project.project_id
network = module.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "POSTGRES_13"
tier = "db-g1-small"
}
# tftest modules=3 resources=9
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network = var.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "POSTGRES_13"
tier = "db-g1-small"
replicas = {
replica1 = { region = "europe-west3", encryption_key_name = null }
replica2 = { region = "us-central1", encryption_key_name = null }
}
}
# tftest modules=1 resources=3
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network = var.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "MYSQL_8_0"
tier = "db-g1-small"
flags = {
disconnect_on_expired_password = "on"
}
databases = [
"people",
"departments"
]
users = {
# generatea password for user1
user1 = null
# assign a password to user2
user2 = "mypassword"
}
}
# tftest modules=1 resources=6
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.organization_id
name = "my-db-project"
services = [
"servicenetworking.googleapis.com",
"sqladmin.googleapis.com",
]
}
module "kms" {
source = "./fabric/modules/kms"
project_id = module.project.project_id
keyring = {
name = "keyring"
location = var.region
}
keys = {
key-sql = null
}
key_iam = {
key-sql = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
"serviceAccount:${module.project.service_accounts.robots.sqladmin}"
]
}
}
}
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = module.project.project_id
encryption_key_name = module.kms.keys["key-sql"].id
network = var.vpc.self_link
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
}
# tftest modules=3 resources=10
name | description | type | required | default |
---|---|---|---|---|
database_version | Database type and version to create. | string |
✓ | |
name | Name of primary instance. | string |
✓ | |
network | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string |
✓ | |
project_id | The ID of the project where this instances will be created. | string |
✓ | |
region | Region of the primary instance. | string |
✓ | |
tier | The machine type to use for the instances. | string |
✓ | |
allocated_ip_ranges | (Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?. | object({…}) |
{} |
|
authorized_networks | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) |
null |
|
availability_type | Availability type for the primary replica. Either ZONAL or REGIONAL . |
string |
"ZONAL" |
|
backup_configuration | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) |
{…} |
|
databases | Databases to create once the primary instance is created. | list(string) |
null |
|
deletion_protection | Allow terraform to delete instances. | bool |
false |
|
disk_size | Disk size in GB. Set to null to enable autoresize. | number |
null |
|
disk_type | The type of data disk: PD_SSD or PD_HDD . |
string |
"PD_SSD" |
|
encryption_key_name | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string |
null |
|
flags | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) |
null |
|
ipv4_enabled | Add a public IP address to database instance. | bool |
false |
|
labels | Labels to be attached to all instances. | map(string) |
null |
|
postgres_client_certificates | Map of cert keys connect to the application(s) using public IP. | list(string) |
null |
|
prefix | Optional prefix used to generate instance names. | string |
null |
|
replicas | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) |
{} |
|
root_password | Root password of the Cloud SQL instance. Required for MS SQL Server. | string |
null |
|
users | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first @ (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. |
map(string) |
null |
name | description | sensitive |
---|---|---|
connection_name | Connection name of the primary instance. | |
connection_names | Connection names of all instances. | |
id | ID of the primary instance. | |
ids | IDs of all instances. | |
instances | Cloud SQL instance resources. | ✓ |
ip | IP address of the primary instance. | |
ips | IP addresses of all instances. | |
name | Name of the primary instance. | |
names | Names of all instances. | |
postgres_client_certificates | The CA Certificate used to connect to the SQL Instance via SSL. | ✓ |
self_link | Self link of the primary instance. | |
self_links | Self links of all instances. | |
user_passwords | Map of containing the password of all users created through terraform. | ✓ |