This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the users
and databases
parameters.
Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).
Warning: if you use the users
field, you terraform state will contain each user's password in plain text.
This example shows how to setup a project, VPC and a standalone Cloud SQL instance.
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "db-prj"
prefix = var.prefix
services = [
"servicenetworking.googleapis.com",
"sqladmin.googleapis.com",
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
# need only one - psa_config or subnets_psc
psa_configs = [{
ranges = { cloud-sql = "10.60.0.0/16" }
deletion_policy = "ABANDON"
}]
subnets_psc = [
{
ip_cidr_range = "10.0.3.0/24"
name = "psc"
region = var.region
}
]
}
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = module.project.project_id
network_config = {
connectivity = {
psa_config = {
private_network = module.vpc.self_link
}
# psc_allowed_consumer_projects = [var.project_id]
}
}
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=3 resources=15 inventory=simple.yaml e2e
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
prefix = "myprefix"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
replicas = {
replica1 = { region = "europe-west3" }
replica2 = { region = "us-central1" }
}
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=3 inventory=replicas.yaml e2e
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
region = var.region
database_version = "MYSQL_8_0"
tier = "db-g1-small"
flags = {
disconnect_on_expired_password = "on"
}
databases = [
"people",
"departments"
]
users = {
# generatea password for user1
user1 = {
password = null
}
# assign a password to user2
user2 = {
password = "mypassword"
}
# IAM Service Account
(module.iam-service-account.email) = {
type = "CLOUD_IAM_SERVICE_ACCOUNT"
}
}
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest fixtures=fixtures/iam-service-account.tf inventory=custom.yaml e2e
module "project" {
source = "./fabric/modules/project"
name = "cloudsql"
billing_account = var.billing_account_id
prefix = var.prefix
parent = var.folder_id
services = [
"cloudkms.googleapis.com",
"servicenetworking.googleapis.com",
"sqladmin.googleapis.com",
]
}
module "kms" {
source = "./fabric/modules/kms"
project_id = module.project.project_id
keyring = {
location = var.region
name = "keyring"
}
keys = {
"key-regional" = {
}
}
iam = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
module.project.service_agents["cloud-sql"].iam_email
]
}
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = "production"
region = var.region
},
]
psa_configs = [{
ranges = { myrange = "10.0.1.0/24" }
deletion_policy = "ABANDON"
}]
}
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = module.project.project_id
encryption_key_name = module.kms.keys.key-regional.id
network_config = {
connectivity = {
psa_config = {
private_network = module.vpc.self_link
}
}
}
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=4 resources=21 e2e
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psc_allowed_consumer_projects = [var.project_id]
}
}
prefix = "myprefix"
name = "db"
region = var.region
availability_type = "REGIONAL"
database_version = "POSTGRES_13"
tier = "db-g1-small"
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=psc.yaml e2e
Use public_ipv4
to create instances with a public IP.
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
public_ipv4 = true
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
region = var.region
tier = "db-g1-small"
database_version = "MYSQL_8_0"
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=public-ip.yaml e2e
Provide insights_config
(can be just empty {}
) to enable Query Insights
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
insights_config = {
query_string_length = 2048
}
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=1 inventory=insights.yaml e2e
Provide maintenance_config
(can be just empty {}
) to enable Maintenance
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
maintenance_config = {}
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=1 e2e
Provide ssl
(can be just empty {}
) to enable SSL
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network_config = {
connectivity = {
psa_config = {
private_network = var.vpc.self_link
}
}
}
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
ssl = {}
gcp_deletion_protection = false
terraform_deletion_protection = false
}
# tftest modules=1 resources=1 e2e
name | description | type | required | default |
---|---|---|---|---|
database_version | Database type and version to create. | string |
✓ | |
name | Name of primary instance. | string |
✓ | |
network_config | Network configuration for the instance. Only one between private_network and psc_config can be used. | object({…}) |
✓ | |
project_id | The ID of the project where this instances will be created. | string |
✓ | |
region | Region of the primary instance. | string |
✓ | |
tier | The machine type to use for the instances. | string |
✓ | |
activation_policy | This variable specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. Default is ALWAYS. | string |
"ALWAYS" |
|
availability_type | Availability type for the primary replica. Either ZONAL or REGIONAL . |
string |
"ZONAL" |
|
backup_configuration | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) |
{…} |
|
collation | The name of server instance collation. | string |
null |
|
connector_enforcement | Specifies if connections must use Cloud SQL connectors. | string |
null |
|
data_cache | Enable data cache. Only used for Enterprise MYSQL and PostgreSQL. | bool |
false |
|
databases | Databases to create once the primary instance is created. | list(string) |
null |
|
disk_autoresize_limit | The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit. | number |
0 |
|
disk_size | Disk size in GB. Set to null to enable autoresize. | number |
null |
|
disk_type | The type of data disk: PD_SSD or PD_HDD . |
string |
"PD_SSD" |
|
edition | The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. | string |
"ENTERPRISE" |
|
encryption_key_name | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string |
null |
|
flags | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) |
null |
|
gcp_deletion_protection | Set Google's deletion protection attribute which applies across all surfaces (UI, API, & Terraform). | bool |
true |
|
insights_config | Query Insights configuration. Defaults to null which disables Query Insights. | object({…}) |
null |
|
labels | Labels to be attached to all instances. | map(string) |
null |
|
maintenance_config | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | object({…}) |
{} |
|
password_validation_policy | Password validation policy configuration for instances. | object({…}) |
null |
|
prefix | Optional prefix used to generate instance names. | string |
null |
|
replicas | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) |
{} |
|
root_password | Root password of the Cloud SQL instance. Required for MS SQL Server. | string |
null |
|
ssl | Setting to enable SSL, set config and certificates. | object({…}) |
{} |
|
terraform_deletion_protection | Prevent terraform from deleting instances. | bool |
true |
|
time_zone | The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. | string |
null |
|
users | Map of users to create in the primary instance (and replicated to other replicas). For MySQL, anything after the first @ (if present) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'BUILT_IN', 'CLOUD_IAM_USER' or 'CLOUD_IAM_SERVICE_ACCOUNT'. |
map(object({…})) |
null |
name | description | sensitive |
---|---|---|
client_certificates | The CA Certificate used to connect to the SQL Instance via SSL. | ✓ |
connection_name | Connection name of the primary instance. | |
connection_names | Connection names of all instances. | |
dns_name | The dns name of the instance. | |
dns_names | Dns names of all instances. | |
id | Fully qualified primary instance id. | |
ids | Fully qualified ids of all instances. | |
instances | Cloud SQL instance resources. | ✓ |
ip | IP address of the primary instance. | |
ips | IP addresses of all instances. | |
name | Name of the primary instance. | |
names | Names of all instances. | |
psc_service_attachment_link | The link to service attachment of PSC instance. | |
psc_service_attachment_links | Links to service attachment of PSC instances. | |
self_link | Self link of the primary instance. | |
self_links | Self links of all instances. | |
user_passwords | Map of containing the password of all users created through terraform. | ✓ |