Skip to content

Latest commit

 

History

History
 
 

cloudsql-instance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Cloud SQL instance with read replicas

This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the users and databases parameters.

Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).

Warning: if you use the users field, you terraform state will contain each user's password in plain text.

Simple example

This example shows how to setup a project, VPC and a standalone Cloud SQL instance.

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.organization_id
  name            = "my-db-project"
  services = [
    "servicenetworking.googleapis.com"
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  psa_config = {
    ranges = { cloud-sql = "10.60.0.0/16" }
  }
}

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = module.project.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = module.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = "europe-west1"
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"
}
# tftest modules=3 resources=11 inventory=simple.yaml

Cross-regional read replica

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  prefix           = "myprefix"
  name             = "db"
  region           = "europe-west1"
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  replicas = {
    replica1 = { region = "europe-west3", encryption_key_name = null }
    replica2 = { region = "us-central1", encryption_key_name = null }
  }
}
# tftest modules=1 resources=3 inventory=replicas.yaml

Custom flags, databases and users

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = "europe-west1"
  database_version = "MYSQL_8_0"
  tier             = "db-g1-small"

  flags = {
    disconnect_on_expired_password = "on"
  }

  databases = [
    "people",
    "departments"
  ]

  users = {
    # generatea password for user1
    user1 = {
      password = null
    }
    # assign a password to user2
    user2 = {
      password = "mypassword"
    }
  }
}
# tftest modules=1 resources=6 inventory=custom.yaml

CMEK encryption

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.organization_id
  name            = "my-db-project"
  services = [
    "servicenetworking.googleapis.com",
    "sqladmin.googleapis.com",
  ]
}

module "kms" {
  source     = "./fabric/modules/kms"
  project_id = module.project.project_id
  keyring = {
    name     = "keyring"
    location = var.region
  }
  keys = {
    key-sql = {
      iam = {
        "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
          "serviceAccount:${module.project.service_accounts.robots.sqladmin}"
        ]
      }
    }
  }
}

module "db" {
  source              = "./fabric/modules/cloudsql-instance"
  project_id          = module.project.project_id
  encryption_key_name = module.kms.keys["key-sql"].id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = var.region
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"
}

# tftest modules=3 resources=10

Instance with PSC enabled

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psc_allowed_consumer_projects = ["my-project-id"]
    }
  }
  prefix            = "myprefix"
  name              = "db"
  region            = "europe-west1"
  availability_type = "REGIONAL"
  database_version  = "POSTGRES_13"
  tier              = "db-g1-small"
}
# tftest modules=1 resources=1

Enable public IP

Use ipv_enabled to create instances with a public IP.

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      public_ipv4 = true
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = "europe-west1"
  tier             = "db-g1-small"
  database_version = "MYSQL_8_0"
  replicas = {
    replica1 = { region = "europe-west3", encryption_key_name = null }
  }
}
# tftest modules=1 resources=2 inventory=public-ip.yaml

Query Insights

Provide insights_config (can be just empty {}) to enable Query Insights

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = "europe-west1"
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  insights_config = {
    query_string_length = 2048
  }
}
# tftest modules=1 resources=1 inventory=insights.yaml

Variables

name description type required default
database_version Database type and version to create. string
name Name of primary instance. string
network_config Network configuration for the instance. Only one between private_network and psc_config can be used. object({…})
project_id The ID of the project where this instances will be created. string
region Region of the primary instance. string
tier The machine type to use for the instances. string
activation_policy This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. string "ALWAYS"
availability_type Availability type for the primary replica. Either ZONAL or REGIONAL. string "ZONAL"
backup_configuration Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. object({…}) {…}
collation The name of server instance collation. string null
connector_enforcement Specifies if connections must use Cloud SQL connectors. string null
databases Databases to create once the primary instance is created. list(string) null
deletion_protection Prevent terraform from deleting instances. bool true
deletion_protection_enabled Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform). bool true
disk_autoresize_limit The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit. number 0
disk_size Disk size in GB. Set to null to enable autoresize. number null
disk_type The type of data disk: PD_SSD or PD_HDD. string "PD_SSD"
edition The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. string "ENTERPRISE"
encryption_key_name The full path to the encryption key used for the CMEK disk encryption of the primary instance. string null
flags Map FLAG_NAME=>VALUE for database-specific tuning. map(string) null
insights_config Query Insights configuration. Defaults to null which disables Query Insights. object({…}) null
labels Labels to be attached to all instances. map(string) null
postgres_client_certificates Map of cert keys connect to the application(s) using public IP. list(string) null
prefix Optional prefix used to generate instance names. string null
replicas Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. map(object({…})) {}
root_password Root password of the Cloud SQL instance. Required for MS SQL Server. string null
users Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything afterr the first @ (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. map(object({…})) null

Outputs

name description sensitive
connection_name Connection name of the primary instance.
connection_names Connection names of all instances.
dns_name The dns name of the instance.
dns_names Dns names of all instances.
id Fully qualified primary instance id.
ids Fully qualified ids of all instances.
instances Cloud SQL instance resources.
ip IP address of the primary instance.
ips IP addresses of all instances.
name Name of the primary instance.
names Names of all instances.
postgres_client_certificates The CA Certificate used to connect to the SQL Instance via SSL.
psc_service_attachment_link The link to service attachment of PSC instance.
psc_service_attachment_links Links to service attachment of PSC instances.
self_link Self link of the primary instance.
self_links Self links of all instances.
user_passwords Map of containing the password of all users created through terraform.