2021-10-07 09:22:43 -07:00
# Cloud SQL instance with read replicas
2021-10-07 09:20:07 -07:00
2021-10-07 10:41:12 -07:00
This module manages the creation of Cloud SQL instances with potential read replicas in other regions. It can also create an initial set of users and databases via the `users` and `databases` parameters.
2021-10-07 09:20:07 -07:00
Note that this module assumes that some options are the same for both the primary instance and all the replicas (e.g. tier, disks, labels, flags, etc).
2021-10-07 12:50:16 -07:00
*Warning:* if you use the `users` field, you terraform state will contain each user's password in plain text.
2021-10-07 09:20:07 -07:00
## Simple example
This example shows how to setup a project, VPC and a standalone Cloud SQL instance.
```hcl
module "project" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/project"
2021-10-07 09:20:07 -07:00
billing_account = var.billing_account_id
parent = var.organization_id
name = "my-db-project"
services = [
"servicenetworking.googleapis.com"
]
}
module "vpc" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/net-vpc"
2021-10-07 09:20:07 -07:00
project_id = module.project.project_id
name = "my-network"
2022-03-17 06:29:28 -07:00
psa_config = {
ranges = { cloud-sql = "10.60.0.0/16" }
routes = null
}
2021-10-07 09:20:07 -07:00
}
module "db" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloudsql-instance"
2021-10-07 09:20:07 -07:00
project_id = module.project.project_id
network = module.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "POSTGRES_13"
tier = "db-g1-small"
}
2022-03-17 06:29:28 -07:00
# tftest modules=3 resources=9
2021-10-07 09:20:07 -07:00
```
## Cross-regional read replica
```hcl
module "db" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloudsql-instance"
2021-10-07 09:20:07 -07:00
project_id = var.project_id
network = var.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "POSTGRES_13"
tier = "db-g1-small"
replicas = {
2022-04-12 15:22:54 -07:00
replica1 = { region = "europe-west3", encryption_key_name = null }
replica2 = { region = "us-central1", encryption_key_name = null }
2021-10-07 09:20:07 -07:00
}
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=3
2021-10-07 09:20:07 -07:00
```
## Custom flags, databases and users
```hcl
module "db" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloudsql-instance"
2021-10-07 09:20:07 -07:00
project_id = var.project_id
network = var.vpc.self_link
name = "db"
region = "europe-west1"
database_version = "MYSQL_8_0"
tier = "db-g1-small"
flags = {
disconnect_on_expired_password = "on"
}
databases = [
"people",
"departments"
]
users = {
# generatea password for user1
user1 = null
# assign a password to user2
user2 = "mypassword"
}
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=6
2021-10-07 09:20:07 -07:00
```
2022-04-12 10:01:34 -07:00
2022-04-12 23:59:14 -07:00
### CMEK encryption
2022-04-12 10:01:34 -07:00
```hcl
module "project" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/project"
2022-04-12 10:01:34 -07:00
billing_account = var.billing_account_id
parent = var.organization_id
name = "my-db-project"
services = [
2022-04-12 15:22:54 -07:00
"servicenetworking.googleapis.com",
"sqladmin.googleapis.com",
2022-04-12 10:01:34 -07:00
]
}
module "kms" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/kms"
2022-04-12 10:01:34 -07:00
project_id = module.project.project_id
keyring = {
name = "keyring"
location = var.region
}
keys = {
key-sql = null
}
key_iam = {
key-sql = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
2022-04-12 15:22:54 -07:00
"serviceAccount:${module.project.service_accounts.robots.sqladmin}"
2022-04-12 10:01:34 -07:00
]
}
}
}
module "db" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloudsql-instance"
2022-04-12 10:01:34 -07:00
project_id = module.project.project_id
encryption_key_name = module.kms.keys["key-sql"].id
network = var.vpc.self_link
name = "db"
region = var.region
database_version = "POSTGRES_13"
tier = "db-g1-small"
}
2022-04-12 15:22:54 -07:00
# tftest modules=3 resources=10
2022-04-12 10:01:34 -07:00
```
2021-10-07 09:20:07 -07:00
<!-- BEGIN TFDOC -->
2021-12-20 23:51:51 -08:00
2021-10-07 09:20:07 -07:00
## Variables
| name | description | type | required | default |
2021-12-20 23:51:51 -08:00
|---|---|:---:|:---:|:---:|
2022-01-22 04:34:35 -08:00
| [database_version ](variables.tf#L50 ) | Database type and version to create. | < code > string</ code > | ✓ | |
2022-04-12 15:22:54 -07:00
| [name ](variables.tf#L97 ) | Name of primary instance. | < code > string</ code > | ✓ | |
| [network ](variables.tf#L102 ) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | < code > string</ code > | ✓ | |
2022-11-10 07:05:53 -08:00
| [project_id ](variables.tf#L117 ) | The ID of the project where this instances will be created. | < code > string</ code > | ✓ | |
| [region ](variables.tf#L122 ) | Region of the primary instance. | < code > string</ code > | ✓ | |
| [tier ](variables.tf#L142 ) | The machine type to use for the instances. | < code > string</ code > | ✓ | |
2022-01-22 04:34:35 -08:00
| [authorized_networks ](variables.tf#L17 ) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | < code > map( string) </ code > | | < code > null</ code > |
2022-01-31 01:45:34 -08:00
| [availability_type ](variables.tf#L23 ) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL` . | < code > string</ code > | | < code > " ZONAL" </ code > |
2022-04-10 03:33:00 -07:00
| [backup_configuration ](variables.tf#L29 ) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | < code title = "object({ enabled = bool binary_log_enabled = bool start_time = string location = string log_retention_days = number retention_count = number })" > object({…}) </ code > | | < code title = "{ enabled = false binary_log_enabled = false start_time = "23:00" location = null log_retention_days = 7 retention_count = 7 }" > {…} </ code > |
2022-01-22 04:34:35 -08:00
| [databases ](variables.tf#L55 ) | Databases to create once the primary instance is created. | < code > list( string) </ code > | | < code > null</ code > |
| [deletion_protection ](variables.tf#L61 ) | Allow terraform to delete instances. | < code > bool</ code > | | < code > false</ code > |
| [disk_size ](variables.tf#L67 ) | Disk size in GB. Set to null to enable autoresize. | < code > number</ code > | | < code > null</ code > |
| [disk_type ](variables.tf#L73 ) | The type of data disk: `PD_SSD` or `PD_HDD` . | < code > string</ code > | | < code > " PD_SSD" </ code > |
2022-04-12 15:22:54 -07:00
| [encryption_key_name ](variables.tf#L79 ) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | < code > string</ code > | | < code > null</ code > |
| [flags ](variables.tf#L85 ) | Map FLAG_NAME=>VALUE for database-specific tuning. | < code > map( string) </ code > | | < code > null</ code > |
2022-11-10 07:05:53 -08:00
| [ipv4_enabled ](variables.tf#L153 ) | Add a public IP address to database instance. | < code > bool</ code > | | < code > false</ code > |
2022-04-12 15:22:54 -07:00
| [labels ](variables.tf#L91 ) | Labels to be attached to all instances. | < code > map( string) </ code > | | < code > null</ code > |
2022-11-10 07:05:53 -08:00
| [prefix ](variables.tf#L107 ) | Optional prefix used to generate instance names. | < code > string</ code > | | < code > null</ code > |
| [replicas ](variables.tf#L127 ) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | < code title = "map(object({ region = string encryption_key_name = string }))" > map( object({…})) </ code > | | < code > {} </ code > |
| [root_password ](variables.tf#L136 ) | Root password of the Cloud SQL instance. Required for MS SQL Server | < code > string</ code > | | < code > null</ code > |
| [users ](variables.tf#L147 ) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | < code > map( string) </ code > | | < code > null</ code > |
2021-10-07 09:20:07 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
2022-01-31 01:45:34 -08:00
| [connection_name ](outputs.tf#L24 ) | Connection name of the primary instance. | |
| [connection_names ](outputs.tf#L29 ) | Connection names of all instances. | |
| [id ](outputs.tf#L37 ) | ID of the primary instance. | |
| [ids ](outputs.tf#L42 ) | IDs of all instances. | |
| [instances ](outputs.tf#L50 ) | Cloud SQL instance resources. | ✓ |
| [ip ](outputs.tf#L56 ) | IP address of the primary instance. | |
| [ips ](outputs.tf#L61 ) | IP addresses of all instances. | |
2022-04-12 15:22:54 -07:00
| [name ](outputs.tf#L69 ) | Name of the primary instance. | |
| [names ](outputs.tf#L74 ) | Names of all instances. | |
| [self_link ](outputs.tf#L82 ) | Self link of the primary instance. | |
| [self_links ](outputs.tf#L87 ) | Self links of all instances. | |
| [user_passwords ](outputs.tf#L95 ) | Map of containing the password of all users created through terraform. | ✓ |
2021-12-20 23:51:51 -08:00
2021-10-07 09:20:07 -07:00
<!-- END TFDOC -->