From b487b2c9389671143a4fc0feda054a6f0d2f580c Mon Sep 17 00:00:00 2001 From: Ankur Saxena Date: Tue, 20 Dec 2022 07:08:00 +0000 Subject: [PATCH] Feature - CloudSQL pre-allocation private IP range and GKE Cluster ignore_change lifecycle hook. (#1056) * Update to include allocate_ip_range * Updates to GKE Cluster module * Add boot_disk_kms_key to ignore changes * Update ignore lifecycle block * Update docs * Remove default_pool_boot_disk * Refactor as per suggestions in PR * Update readme * Update variable sort * Changes to address review comments Co-authored-by: Ankur Saxena --- modules/cloudsql-instance/README.md | 45 +++++++++++++------------- modules/cloudsql-instance/main.tf | 10 +++--- modules/cloudsql-instance/variables.tf | 9 ++++++ modules/gke-cluster/main.tf | 5 +++ modules/gke-cluster/variables.tf | 2 +- 5 files changed, 44 insertions(+), 27 deletions(-) diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md index cdf329d1..92fc1894 100644 --- a/modules/cloudsql-instance/README.md +++ b/modules/cloudsql-instance/README.md @@ -146,28 +146,29 @@ module "db" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [database_version](variables.tf#L49) | Database type and version to create. | string | ✓ | | -| [name](variables.tf#L102) | Name of primary instance. | string | ✓ | | -| [network](variables.tf#L107) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | -| [project_id](variables.tf#L128) | The ID of the project where this instances will be created. | string | ✓ | | -| [region](variables.tf#L133) | Region of the primary instance. | string | ✓ | | -| [tier](variables.tf#L153) | The machine type to use for the instances. | string | ✓ | | -| [authorized_networks](variables.tf#L17) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null | -| [availability_type](variables.tf#L23) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" | -| [backup_configuration](variables.tf#L29) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) | | {…} | -| [databases](variables.tf#L54) | Databases to create once the primary instance is created. | list(string) | | null | -| [deletion_protection](variables.tf#L60) | Allow terraform to delete instances. | bool | | false | -| [disk_size](variables.tf#L66) | Disk size in GB. Set to null to enable autoresize. | number | | null | -| [disk_type](variables.tf#L72) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | -| [encryption_key_name](variables.tf#L78) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null | -| [flags](variables.tf#L84) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | -| [ipv4_enabled](variables.tf#L90) | Add a public IP address to database instance. | bool | | false | -| [labels](variables.tf#L96) | Labels to be attached to all instances. | map(string) | | null | -| [postgres_client_certificates](variables.tf#L112) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null | -| [prefix](variables.tf#L118) | Optional prefix used to generate instance names. | string | | null | -| [replicas](variables.tf#L138) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | -| [root_password](variables.tf#L147) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null | -| [users](variables.tf#L158) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null | +| [database_version](variables.tf#L58) | Database type and version to create. | string | ✓ | | +| [name](variables.tf#L111) | Name of primary instance. | string | ✓ | | +| [network](variables.tf#L116) | VPC self link where the instances will be deployed. Private Service Networking must be enabled and configured in this VPC. | string | ✓ | | +| [project_id](variables.tf#L137) | The ID of the project where this instances will be created. | string | ✓ | | +| [region](variables.tf#L142) | Region of the primary instance. | string | ✓ | | +| [tier](variables.tf#L162) | The machine type to use for the instances. | string | ✓ | | +| [allocated_ip_ranges](variables.tf#L17) | (Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?. | object({…}) | | {} | +| [authorized_networks](variables.tf#L26) | Map of NAME=>CIDR_RANGE to allow to connect to the database(s). | map(string) | | null | +| [availability_type](variables.tf#L32) | Availability type for the primary replica. Either `ZONAL` or `REGIONAL`. | string | | "ZONAL" | +| [backup_configuration](variables.tf#L38) | Backup settings for primary instance. Will be automatically enabled if using MySQL with one or more replicas. | object({…}) | | {…} | +| [databases](variables.tf#L63) | Databases to create once the primary instance is created. | list(string) | | null | +| [deletion_protection](variables.tf#L69) | Allow terraform to delete instances. | bool | | false | +| [disk_size](variables.tf#L75) | Disk size in GB. Set to null to enable autoresize. | number | | null | +| [disk_type](variables.tf#L81) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" | +| [encryption_key_name](variables.tf#L87) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null | +| [flags](variables.tf#L93) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null | +| [ipv4_enabled](variables.tf#L99) | Add a public IP address to database instance. | bool | | false | +| [labels](variables.tf#L105) | Labels to be attached to all instances. | map(string) | | null | +| [postgres_client_certificates](variables.tf#L121) | Map of cert keys connect to the application(s) using public IP. | list(string) | | null | +| [prefix](variables.tf#L127) | Optional prefix used to generate instance names. | string | | null | +| [replicas](variables.tf#L147) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} | +| [root_password](variables.tf#L156) | Root password of the Cloud SQL instance. Required for MS SQL Server. | string | | null | +| [users](variables.tf#L167) | Map of users to create in the primary instance (and replicated to other replicas) in the format USER=>PASSWORD. For MySQL, anything afterr the first `@` (if persent) will be used as the user's host. Set PASSWORD to null if you want to get an autogenerated password. | map(string) | | null | ## Outputs diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf index 9020fb50..ebfc3c42 100644 --- a/modules/cloudsql-instance/main.tf +++ b/modules/cloudsql-instance/main.tf @@ -61,8 +61,9 @@ resource "google_sql_database_instance" "primary" { user_labels = var.labels ip_configuration { - ipv4_enabled = var.ipv4_enabled - private_network = var.network + ipv4_enabled = var.ipv4_enabled + private_network = var.network + allocated_ip_range = var.allocated_ip_ranges.primary dynamic "authorized_networks" { for_each = var.authorized_networks != null ? var.authorized_networks : {} iterator = network @@ -126,8 +127,9 @@ resource "google_sql_database_instance" "replicas" { user_labels = var.labels ip_configuration { - ipv4_enabled = var.ipv4_enabled - private_network = var.network + ipv4_enabled = var.ipv4_enabled + private_network = var.network + allocated_ip_range = var.allocated_ip_ranges.replica dynamic "authorized_networks" { for_each = var.authorized_networks != null ? var.authorized_networks : {} iterator = network diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf index 3ce3cbf4..538fd1fe 100644 --- a/modules/cloudsql-instance/variables.tf +++ b/modules/cloudsql-instance/variables.tf @@ -14,6 +14,15 @@ * limitations under the License. */ +variable "allocated_ip_ranges" { + description = "(Optional)The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?." + type = object({ + primary = optional(string) + replica = optional(string) + }) + default = {} + nullable = false +} variable "authorized_networks" { description = "Map of NAME=>CIDR_RANGE to allow to connect to the database(s)." type = map(string) diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf index f4b86bf6..3ef14391 100644 --- a/modules/gke-cluster/main.tf +++ b/modules/gke-cluster/main.tf @@ -15,6 +15,11 @@ */ resource "google_container_cluster" "cluster" { + lifecycle { + ignore_changes = [ + node_config[0].boot_disk_kms_key + ] + } provider = google-beta project = var.project_id name = var.name diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf index f9a3b69e..62d871e9 100644 --- a/modules/gke-cluster/variables.tf +++ b/modules/gke-cluster/variables.tf @@ -225,4 +225,4 @@ variable "vpc_config" { master_authorized_ranges = optional(map(string)) }) nullable = false -} +} \ No newline at end of file