Skip to content

Latest commit

 

History

History

cloudsql-instance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

Cloud SQL instance module

This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the users and databases parameters.

Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).

Warning: if you use the users field, you terraform state will contain each user's password in plain text.

Examples

Simple example

This example shows how to setup a project, VPC and a standalone Cloud SQL instance.

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.folder_id
  name            = "db-prj"
  prefix          = var.prefix
  services = [
    "servicenetworking.googleapis.com",
    "sqladmin.googleapis.com",
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  # need only one - psa_config or subnets_psc
  psa_configs = [{
    ranges          = { cloud-sql = "10.60.0.0/16" }
    deletion_policy = "ABANDON"
  }]
  subnets_psc = [
    {
      ip_cidr_range = "10.0.3.0/24"
      name          = "psc"
      region        = var.region
    }
  ]
}

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = module.project.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = module.vpc.self_link
      }
      # psc_allowed_consumer_projects = [var.project_id]
    }
  }
  name                          = "db"
  region                        = var.region
  database_version              = "POSTGRES_13"
  tier                          = "db-g1-small"
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=3 resources=15 inventory=simple.yaml e2e

Cross-regional read replica

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  prefix           = "myprefix"
  region           = var.region
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  replicas = {
    replica1 = { region = "europe-west3" }
    replica2 = { region = "us-central1" }
  }
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=3 inventory=replicas.yaml e2e

Custom flags, databases and users

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = var.region
  database_version = "MYSQL_8_0"
  tier             = "db-g1-small"

  flags = {
    disconnect_on_expired_password = "on"
  }

  databases = [
    "people",
    "departments"
  ]

  users = {
    # generatea password for user1
    user1 = {
      password = null
    }
    # assign a password to user2
    user2 = {
      password = "mypassword"
    }
    # IAM Service Account
    (module.iam-service-account.email) = {
      type = "CLOUD_IAM_SERVICE_ACCOUNT"
    }
  }
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest fixtures=fixtures/iam-service-account.tf inventory=custom.yaml e2e

CMEK encryption

module "project" {
  source          = "./fabric/modules/project"
  name            = "cloudsql"
  billing_account = var.billing_account_id
  prefix          = var.prefix
  parent          = var.folder_id
  services = [
    "cloudkms.googleapis.com",
    "servicenetworking.googleapis.com",
    "sqladmin.googleapis.com",
  ]
}

module "kms" {
  source     = "./fabric/modules/kms"
  project_id = module.project.project_id
  keyring = {
    location = var.region
    name     = "keyring"
  }
  keys = {
    "key-regional" = {
    }
  }
  iam = {
    "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
      module.project.service_agents["cloud-sql"].iam_email
    ]
  }
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  subnets = [
    {
      ip_cidr_range = "10.0.0.0/24"
      name          = "production"
      region        = var.region
    },
  ]
  psa_configs = [{
    ranges          = { myrange = "10.0.1.0/24" }
    deletion_policy = "ABANDON"
  }]
}


module "db" {
  source              = "./fabric/modules/cloudsql-instance"
  project_id          = module.project.project_id
  encryption_key_name = module.kms.keys.key-regional.id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = module.vpc.self_link
      }
    }
  }
  name                          = "db"
  region                        = var.region
  database_version              = "POSTGRES_13"
  tier                          = "db-g1-small"
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}

# tftest modules=4 resources=21 e2e

Instance with PSC enabled

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psc_allowed_consumer_projects = [var.project_id]
    }
  }
  prefix            = "myprefix"
  name              = "db"
  region            = var.region
  availability_type = "REGIONAL"
  database_version  = "POSTGRES_13"
  tier              = "db-g1-small"

  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=psc.yaml e2e

Enable public IP

Use public_ipv4 to create instances with a public IP.

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      public_ipv4 = true
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name                          = "db"
  region                        = var.region
  tier                          = "db-g1-small"
  database_version              = "MYSQL_8_0"
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=public-ip.yaml e2e

Query Insights

Provide insights_config (can be just empty {}) to enable Query Insights

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = var.region
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  insights_config = {
    query_string_length = 2048
  }
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=insights.yaml e2e

Maintenance Config

Provide maintenance_config (can be just empty {}) to enable Maintenance

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = var.region
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  maintenance_config            = {}
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=1 e2e

SSL Config

Provide ssl (can be just empty {}) to enable SSL

module "db" {
  source     = "./fabric/modules/cloudsql-instance"
  project_id = var.project_id
  network_config = {
    connectivity = {
      psa_config = {
        private_network = var.vpc.self_link
      }
    }
  }
  name             = "db"
  region           = var.region
  database_version = "POSTGRES_13"
  tier             = "db-g1-small"

  ssl                           = {}
  gcp_deletion_protection       = false
  terraform_deletion_protection = false
}
# tftest modules=1 resources=1 e2e

Variables

name description type required default
database_version Database type and version to create. string
name Name of primary instance. string
network_config Network configuration for the instance. Only one between private_network and psc_config can be used. object({…})
project_id The ID of the project where this instances will be created. string
region Region of the primary instance. string
tier The machine type to use for the instances. string
activation_policy This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. string "ALWAYS"
availability_type Availability type for the primary replica. Either ZONAL or REGIONAL. string "ZONAL"
backup_configuration Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. object({…}) {…}
collation The name of server instance collation. string null
connector_enforcement Specifies if connections must use Cloud SQL connectors. string null
data_cache Enable data cache. Only used for Enterprise MYSQL and PostgreSQL. bool false
databases Databases to create once the primary instance is created. list(string) null
disk_autoresize_limit The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit. number 0
disk_size Disk size in GB. Set to null to enable autoresize. number null
disk_type The type of data disk: PD_SSD or PD_HDD. string "PD_SSD"
edition The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. string "ENTERPRISE"
encryption_key_name The full path to the encryption key used for the CMEK disk encryption of the primary instance. string null
flags Map FLAG_NAME=>VALUE for database-specific tuning. map(string) null
gcp_deletion_protection Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform). bool true
insights_config Query Insights configuration. Defaults to null which disables Query Insights. object({…}) null
labels Labels to be attached to all instances. map(string) null
maintenance_config Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. object({…}) {}
password_validation_policy Password validation policy configuration for instances. object({…}) null
prefix Optional prefix used to generate instance names. string null
replicas Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. map(object({…})) {}
root_password Root password of the Cloud SQL instance. Required for MS SQL Server. string null
ssl Setting to enable SSL, set config and certificates. object({…}) {}
terraform_deletion_protection Prevent terraform from deleting instances. bool true
time_zone The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. string null
users Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first @ (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. map(object({…})) null

Outputs

name description sensitive
client_certificates The CA Certificate used to connect to the SQL Instance via SSL.
connection_name Connection name of the primary instance.
connection_names Connection names of all instances.
dns_name The dns name of the instance.
dns_names Dns names of all instances.
id Fully qualified primary instance id.
ids Fully qualified ids of all instances.
instances Cloud SQL instance resources.
ip IP address of the primary instance.
ips IP addresses of all instances.
name Name of the primary instance.
names Names of all instances.
psc_service_attachment_link The link to service attachment of PSC instance.
psc_service_attachment_links Links to service attachment of PSC instances.
self_link Self link of the primary instance.
self_links Self links of all instances.
user_passwords Map of containing the password of all users created through terraform.

Fixtures