From 2b788c4ea46d0f7fe719101e1f85fa6a8d3da3a8 Mon Sep 17 00:00:00 2001 From: Steven Platt <31355889+stevenplatt@users.noreply.github.com> Date: Thu, 19 Oct 2023 22:42:43 -0400 Subject: [PATCH 1/2] template for cloud postgres deployment --- .../google-cloud/cloud-postgres/README.md | 26 ++++++++++++++ .../google-cloud/cloud-postgres/main.tf | 33 +++++++++++++++++ .../google-cloud/cloud-postgres/output.tf | 13 +++++++ .../google-cloud/cloud-postgres/vars.tf | 35 +++++++++++++++++++ 4 files changed, 107 insertions(+) create mode 100644 automation/terraform/modules/google-cloud/cloud-postgres/README.md create mode 100644 automation/terraform/modules/google-cloud/cloud-postgres/main.tf create mode 100644 automation/terraform/modules/google-cloud/cloud-postgres/output.tf create mode 100644 automation/terraform/modules/google-cloud/cloud-postgres/vars.tf diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/README.md b/automation/terraform/modules/google-cloud/cloud-postgres/README.md new file mode 100644 index 00000000000..7ac9d424959 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/README.md @@ -0,0 +1,26 @@ +# Google Cloud Postgres Deployment + +This terraform configuration is used to deploy an instance of Google Cloud Postgres. Although the default configuration works without creating a conflict, it is recommended to deploy the postgres instance as a module within a larger terraform deployment (which passes it unique var values). + +The default configuration uses Google Secret Manager to pull in a password for the default `postgres` user. After deployment, the assigned IP addresses, username, and password will be printed to the terminal as shown below: + +``` +Outputs: + +cloud_postgres_ip = tolist([ + { + "ip_address" = "35.35.35.35" <---- example IP + "time_to_retire" = "" + "type" = "PRIMARY" + }, + { + "ip_address" = "34.34.34.34" <---- example IP + "time_to_retire" = "" + "type" = "OUTGOING" + }, +]) +db_password = "PASSWORD_HERE" +db_user = "postgres" +``` + +The `PRIMARY` IP should be used when connecting to the new instance. By default, not database or schema is defined on the newly deployed db. diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/main.tf b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf new file mode 100644 index 00000000000..c4a7ad0816e --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf @@ -0,0 +1,33 @@ +# Configure the Google Cloud provider +provider "google" { + project = var.gcp_project + region = var.gcp_region +} + +resource "random_id" "instance_id" { + byte_length = 4 +} + +data "google_secret_manager_secret_version" "db_password" { + provider = google + secret = var.db_pass +} + +# Create a Google Cloud SQL PostgreSQL instance +resource "google_sql_database_instance" "postgres_instance" { + name = "${var.db_name}-${random_id.instance_id.hex}" + database_version = var.postgres_version + project = var.gcp_project + region = var.gcp_region + settings { + tier = var.db_spec + } + deletion_protection = var.deletion_protection +} + +# Define the database user +resource "google_sql_user" "database_user" { + name = var.db_user + instance = google_sql_database_instance.postgres_instance.name + password = data.google_secret_manager_secret_version.db_password.secret_data +} diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/output.tf b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf new file mode 100644 index 00000000000..b6f2e78cd34 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf @@ -0,0 +1,13 @@ +output "cloud_postgres_ip" { + value = google_sql_database_instance.postgres_instance.ip_address +} + +output "db_user" { + value = google_sql_user.database_user.name +} + +output "db_password" { + value = data.google_secret_manager_secret_version.db_password.secret_data +} + + diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf new file mode 100644 index 00000000000..bc64df8d285 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf @@ -0,0 +1,35 @@ +variable "gcp_project" { + default = "o1labs-192920" +} + +variable "gcp_region" { + default = "us-east4" +} + +variable "gcp_zone" { + default = "us-east4-b" +} + +variable "db_name" { + default = "o1db" +} + +variable "db_user" { + default = "postgres" +} + +variable "db_pass" { + default = "o1db-pass" +} + +variable "deletion_protection" { + default = false +} + +variable "postgres_version" { + default = "POSTGRES_14" +} + +variable "db_spec" { + default = "db-g1-small" +} From 2e68482e3a5a155853a95223b22120f726d08fcf Mon Sep 17 00:00:00 2001 From: Steven Platt <31355889+stevenplatt@users.noreply.github.com> Date: Thu, 19 Oct 2023 22:59:23 -0400 Subject: [PATCH 2/2] added "service" label --- .../terraform/modules/google-cloud/cloud-postgres/main.tf | 3 +++ .../terraform/modules/google-cloud/cloud-postgres/vars.tf | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/main.tf b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf index c4a7ad0816e..bcf21243df1 100644 --- a/automation/terraform/modules/google-cloud/cloud-postgres/main.tf +++ b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf @@ -21,6 +21,9 @@ resource "google_sql_database_instance" "postgres_instance" { region = var.gcp_region settings { tier = var.db_spec + user_labels = { + service = var.service_label + } } deletion_protection = var.deletion_protection } diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf index bc64df8d285..fe6c59fbdd6 100644 --- a/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf +++ b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf @@ -33,3 +33,7 @@ variable "postgres_version" { variable "db_spec" { default = "db-g1-small" } + +variable "service_label" { + default = "none" +}