All in with PG
This commit is contained in:
Petri Autero
17
examples/postgres-public-ip/README.md
Normal file
17
examples/postgres-public-ip/README.md
Normal file
@@ -0,0 +1,17 @@
|
||||
# PostgreSQL Cloud SQL Public IP Example
|
||||
|
||||
This folder contains an example of how to use the [MySQL module](/modules/mysql) to create a [Google Cloud SQL](https://cloud.google.com/sql/)
|
||||
[MySQL](https://cloud.google.com/sql/docs/mysql/) database instance with a public IP.
|
||||
|
||||
## How do you run this example?
|
||||
|
||||
To run this example, you need to:
|
||||
|
||||
1. Install [Terraform](https://www.terraform.io/).
|
||||
1. Open up `vars.tf` and set secrets at the top of the file as environment variables and fill in any other variables in
|
||||
the file that don't have defaults.
|
||||
1. `terraform init`.
|
||||
1. `terraform plan`.
|
||||
1. If the plan looks good, run `terraform apply`.
|
||||
|
||||
When the templates are applied, Terraform will output the IP address of the instance and the instance path for [connecting using the Cloud SQL Proxy](https://cloud.google.com/sql/docs/mysql/connect-admin-proxy).
|
||||
88
examples/postgres-public-ip/main.tf
Normal file
88
examples/postgres-public-ip/main.tf
Normal file
@@ -0,0 +1,88 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# LAUNCH A POSTGRESQL CLOUD SQL PUBLIC IP INSTANCE
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# CONFIGURE OUR GCP CONNECTION
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
provider "google-beta" {
|
||||
region = "${var.region}"
|
||||
project = "${var.project}"
|
||||
}
|
||||
|
||||
# Use Terraform 0.10.x so that we can take advantage of Terraform GCP functionality as a separate provider via
|
||||
# https://github.com/terraform-providers/terraform-provider-google
|
||||
terraform {
|
||||
required_version = ">= 0.10.3"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# CREATE A RANDOM SUFFIX AND PREPARE RESOURCE NAMES
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
resource "random_id" "name" {
|
||||
byte_length = 2
|
||||
}
|
||||
|
||||
locals {
|
||||
# If name_override is specified, use that - otherwise use the name_prefix with a random string
|
||||
instance_name = "${length(var.name_override) == 0 ? format("%s-%s", var.name_prefix, random_id.name.hex) : var.name_override}"
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# CREATE DATABASE INSTANCE WITH PUBLIC IP
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
module "mysql" {
|
||||
# When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
|
||||
# to a specific version of the modules, such as the following example:
|
||||
# source = "git::git@github.com:gruntwork-io/terraform-google-sql.git//modules/mysql?ref=v0.1.0"
|
||||
source = "../../modules/mysql"
|
||||
|
||||
project = "${var.project}"
|
||||
region = "${var.region}"
|
||||
name = "${local.instance_name}"
|
||||
db_name = "${var.db_name}"
|
||||
|
||||
engine = "${var.postgres_version}"
|
||||
machine_type = "${var.machine_type}"
|
||||
|
||||
# These together will construct the master_user privileges, i.e.
|
||||
# 'master_user_name'@'master_user_host' IDENTIFIED BY 'master_user_password'.
|
||||
# These should typically be set as the environment variable TF_VAR_master_user_password, etc.
|
||||
# so you don't check these into source control."
|
||||
master_user_password = "${var.master_user_password}"
|
||||
|
||||
master_user_name = "${var.master_user_name}"
|
||||
master_user_host = "%"
|
||||
|
||||
# To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
|
||||
# connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
|
||||
# addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
|
||||
enable_public_internet_access = true
|
||||
|
||||
# Default setting for this is 'false' in 'variables.tf'
|
||||
# In the test cases, we're setting this to true, to test forced SSL.
|
||||
require_ssl = "${var.require_ssl}"
|
||||
|
||||
authorized_networks = [
|
||||
{
|
||||
name = "allow-all-inbound"
|
||||
value = "0.0.0.0/0"
|
||||
},
|
||||
]
|
||||
|
||||
# Set auto-increment flags to test the
|
||||
# feature during automated testing
|
||||
database_flags = [
|
||||
{
|
||||
name = "autovacuum_naptime"
|
||||
value = "2"
|
||||
},
|
||||
]
|
||||
|
||||
custom_labels = {
|
||||
test-id = "postgres-public-ip-example"
|
||||
}
|
||||
}
|
||||
39
examples/postgres-public-ip/outputs.tf
Normal file
39
examples/postgres-public-ip/outputs.tf
Normal file
@@ -0,0 +1,39 @@
|
||||
output "master_instance_name" {
|
||||
description = "The name of the database instance"
|
||||
value = "${module.mysql.master_instance_name}"
|
||||
}
|
||||
|
||||
output "master_ip_addresses" {
|
||||
description = "All IP addresses of the instance as list of maps, see https://www.terraform.io/docs/providers/google/r/sql_database_instance.html#ip_address-0-ip_address"
|
||||
value = "${module.mysql.master_ip_addresses}"
|
||||
}
|
||||
|
||||
output "master_public_ip" {
|
||||
description = "The first IPv4 address of the addresses assigned to the instance. As this instance has only public IP, it is the public IP address."
|
||||
value = "${module.mysql.master_first_ip_address}"
|
||||
}
|
||||
|
||||
output "master_ca_cert" {
|
||||
value = "${module.mysql.master_ca_cert}"
|
||||
description = "The CA Certificate used to connect to the SQL Instance via SSL"
|
||||
}
|
||||
|
||||
output "master_instance" {
|
||||
description = "Self link to the master instance"
|
||||
value = "${module.mysql.master_instance}"
|
||||
}
|
||||
|
||||
output "master_proxy_connection" {
|
||||
description = "Instance path for connecting with Cloud SQL Proxy. Read more at https://cloud.google.com/sql/docs/mysql/sql-proxy"
|
||||
value = "${module.mysql.master_proxy_connection}"
|
||||
}
|
||||
|
||||
output "db_name" {
|
||||
description = "Name of the default database"
|
||||
value = "${module.mysql.db_name}"
|
||||
}
|
||||
|
||||
output "db" {
|
||||
description = "Self link to the default database"
|
||||
value = "${module.mysql.db}"
|
||||
}
|
||||
56
examples/postgres-public-ip/variables.tf
Normal file
56
examples/postgres-public-ip/variables.tf
Normal file
@@ -0,0 +1,56 @@
|
||||
# ---------------------------------------------------------------------------------------------------------------------
|
||||
# REQUIRED PARAMETERS
|
||||
# These variables are expected to be passed in by the operator
|
||||
# ---------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
variable "project" {
|
||||
description = "The project ID to host the database in."
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "The region to host the database in."
|
||||
}
|
||||
|
||||
# Note, after a name db instance is used, it cannot be reused for up to one week.
|
||||
variable "name_prefix" {
|
||||
description = "The name prefix for the database instance. Will be appended with a random string. Use lowercase letters, numbers, and hyphens. Start with a letter."
|
||||
}
|
||||
|
||||
variable "master_user_name" {
|
||||
description = "The username part for the default user credentials, i.e. 'master_user_name'@'master_user_host' IDENTIFIED BY 'master_user_password'. This should typically be set as the environment variable TF_VAR_master_user_name so you don't check it into source control."
|
||||
}
|
||||
|
||||
variable "master_user_password" {
|
||||
description = "The password part for the default user credentials, i.e. 'master_user_name'@'master_user_host' IDENTIFIED BY 'master_user_password'. This should typically be set as the environment variable TF_VAR_master_user_password so you don't check it into source control."
|
||||
}
|
||||
|
||||
# ---------------------------------------------------------------------------------------------------------------------
|
||||
# OPTIONAL PARAMETERS
|
||||
# Generally, these values won't need to be changed.
|
||||
# ---------------------------------------------------------------------------------------------------------------------
|
||||
variable "postgres_version" {
|
||||
description = "The engine version of the database, e.g. `POSTGRES_9_6`. See https://cloud.google.com/sql/docs/features for supported versions."
|
||||
default = "POSTGRES_9_6"
|
||||
}
|
||||
|
||||
variable "machine_type" {
|
||||
description = "The machine type to use, see https://cloud.google.com/sql/pricing for more details"
|
||||
default = "db-f1-micro"
|
||||
}
|
||||
|
||||
variable "db_name" {
|
||||
description = "Name for the db"
|
||||
default = "default"
|
||||
}
|
||||
|
||||
variable "name_override" {
|
||||
description = "You may optionally override the name_prefix + random string by specifying an override"
|
||||
default = ""
|
||||
}
|
||||
|
||||
# When configuring a public IP instance, you should only allow secure connections
|
||||
# For testing purposes, we're initially allowing unsecured connections.
|
||||
variable "require_ssl" {
|
||||
description = "True if the instance should require SSL/TLS for users connecting over IP. Note: SSL/TLS is needed to provide security when you connect to Cloud SQL using IP addresses. If you are connecting to your instance only by using the Cloud SQL Proxy or the Java Socket Library, you do not need to configure your instance to use SSL/TLS."
|
||||
default = false
|
||||
}
|
||||
Reference in New Issue
Block a user