Skip to content

Latest commit

 

History

History
315 lines (282 loc) · 17.3 KB

File metadata and controls

315 lines (282 loc) · 17.3 KB

AlloyDB module

This module manages the creation of an AlloyDB cluster. It also supports cross-region replication scenario by setting up a secondary cluster. It can also create an initial set of users via the users variable.

Note that this module assumes that some options are the same for both the primary instance and the secondary one in case of cross regional replication configuration.

Warning

If you use the users field, you terraform state will contain each user's password in plain text.

Examples

Simple example

This example shows how to setup a project, VPC and AlloyDB cluster and instance.

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.folder_id
  name            = "alloydb"
  prefix          = var.prefix
  services = [
    "servicenetworking.googleapis.com",
    "alloydb.googleapis.com",
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  # need only one - psa_config or subnets_psc
  psa_configs = [{
    ranges = { alloydb = "10.60.0.0/16" }
  }]
  subnets_psc = [{
    ip_cidr_range = "10.0.3.0/24"
    name          = "psc"
    region        = var.region
  }]
}

module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = module.project.project_id
  project_number = var.project_number
  cluster_name   = "db"
  network_config = {
    psa_config = {
      network = module.vpc.id
    }
  }
  instance_name = "db"
  location      = var.region
}
# tftest modules=3 resources=16 inventory=simple.yaml e2e

Cross region replication

module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = var.project_id
  project_number = var.project_number
  cluster_name   = "db"
  location       = var.region
  instance_name  = "db"
  network_config = {
    psa_config = {
      network = var.vpc.id
    }
  }
  cross_region_replication = {
    enabled = true
    region  = "europe-west12"
  }
}
# tftest modules=1 resources=4 inventory=cross_region_replication.yaml e2e

In a cross-region replication scenario (like in the previous example) this module also supports

PSC instance

module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = var.project_id
  project_number = var.project_number
  cluster_name   = "db"
  location       = var.region
  instance_name  = "db"
  network_config = {
    psc_config = { allowed_consumer_projects = [var.project_number] }
  }
}
# tftest modules=1 resources=2 inventory=psc.yaml e2e

Custom flags and users definition

module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = var.project_id
  project_number = var.project_number
  cluster_name   = "primary"
  location       = var.region
  instance_name  = "primary"
  flags = {
    "alloydb.enable_pgaudit"            = "on"
    "alloydb.iam_authentication"        = "on"
    idle_in_transaction_session_timeout = "900000"
    timezone                            = "'UTC'"
  }
  network_config = {
    psa_config = {
      network = var.vpc.id
    }
  }
  users = {
    # generate a password for user1
    user1 = {
      password = null
    }
    # assign a password to user2
    user2 = {
      password = "mypassword"
    }
  }
}
# tftest modules=1 resources=5 inventory=custom.yaml e2e

CMEK encryption

module "project" {
  source          = "./fabric/modules/project"
  name            = "alloycmek"
  billing_account = var.billing_account_id
  prefix          = var.prefix
  parent          = var.folder_id
  services = [
    "alloydb.googleapis.com",
    "cloudkms.googleapis.com",
    "servicenetworking.googleapis.com"
  ]
}

module "kms" {
  source     = "./fabric/modules/kms"
  project_id = module.project.project_id
  keyring = {
    location = var.region
    name     = "keyring"
  }
  keys = {
    "key-regional" = {
    }
  }
  iam = {
    "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
      module.project.service_agents.alloydb.iam_email
    ]
  }
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  subnets = [
    {
      ip_cidr_range = "10.0.0.0/24"
      name          = "production"
      region        = var.region
    },
  ]
  psa_configs = [{
    ranges = { myrange = "10.0.1.0/24" }
  }]
}


module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = module.project.project_id
  project_number = var.project_number
  cluster_name   = "primary"
  location       = var.region
  instance_name  = "primary"
  network_config = {
    psa_config = {
      network = module.vpc.id
    }
  }
  encryption_config = {
    primary_kms_key_name = module.kms.keys.key-regional.id
  }
}

# tftest inventory=cmek.yaml e2e

Tag bindings

Refer to the Creating and managing tags documentation for details on usage.

module "org" {
  source          = "./fabric/modules/organization"
  organization_id = var.organization_id
  tags = {
    environment = {
      description = "Environment specification."
      values = {
        dev     = {}
        prod    = {}
        sandbox = {}
      }
    }
  }
}

module "alloydb" {
  source         = "./fabric/modules/alloydb"
  project_id     = var.project_id
  project_number = var.project_number
  cluster_name   = "primary"
  location       = var.region
  instance_name  = "primary"
  network_config = {
    psa_config = {
      network = var.vpc.id
    }
  }
  tag_bindings = {
    env-sandbox = module.org.tag_values["environment/sandbox"].id
  }
}
# tftest modules=2 resources=7

Variables

name description type required default
cluster_name Name of the primary cluster. string
instance_name Name of primary instance. string
location Region or zone of the cluster and instance. string
network_config Network configuration for cluster and instance. Only one between psa_config and psc_config can be used. object({…})
project_id The ID of the project where this instances will be created. string
annotations Map FLAG_NAME=>VALUE for annotations which allow client tools to store small amount of arbitrary data. map(string) null
automated_backup_configuration Automated backup settings for cluster. object({…}) {…}
availability_type Availability type for the primary replica. Either ZONAL or REGIONAL. string "REGIONAL"
client_connection_config Client connection config. object({…}) null
cluster_display_name Display name of the primary cluster. string null
continuous_backup_configuration Continuous backup settings for cluster. object({…}) {…}
cross_region_replication Cross region replication config. object({…}) {}
database_version Database type and version to create. string "POSTGRES_15"
deletion_policy AlloyDB cluster and instance deletion policy. string null
display_name AlloyDB instance display name. string null
encryption_config Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. object({…}) null
flags Map FLAG_NAME=>VALUE for database-specific tuning. map(string) null
gce_zone The GCE zone that the instance should serve from. This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. string null
initial_user AlloyDB cluster initial user credentials. object({…}) null
labels Labels to be attached to all instances. map(string) null
machine_config AlloyDB machine config. object({…}) {…}
maintenance_config Set maintenance window configuration. object({…}) {…}
prefix Optional prefix used to generate instance names. string null
project_number The project number of the project where this instances will be created. Only used for testing purposes. string null
query_insights_config Query insights config. object({…}) {…}
tag_bindings Tag bindings for this service, in key => tag value id format. map(string) {}
users Map of users to create in the primary instance (and replicated to other replicas). Set PASSWORD to null if you want to get an autogenerated password. The user types available are: 'ALLOYDB_BUILT_IN' or 'ALLOYDB_IAM_USER'. map(object({…})) null

Outputs

name description sensitive
id Fully qualified primary instance id.
ids Fully qualified ids of all instances.
instances AlloyDB instance resources.
ip IP address of the primary instance.
ips IP addresses of all instances.
name Name of the primary instance.
names Names of all instances.
psc_dns_name AlloyDB Primary instance PSC DNS name.
psc_dns_names AlloyDB instances PSC DNS names.
secondary_id Fully qualified primary instance id.
secondary_ip IP address of the primary instance.
service_attachment AlloyDB Primary instance service attachment.
service_attachments AlloyDB instances service attachment.
user_passwords Map of containing the password of all users created through terraform.