Fix ip exhaustion by increasing services ip address range.

3 years ago · 40f4a8c398
parent 2cf9f93de6
commit 40f4a8c398
4 changed files with 22 additions and 37 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@ -81,9 +81,9 @@ module "gke" {
  private_subnetwork_id = module.networking.private_subnetwork_id
  service_cloudkms      = google_project_service.cloudkms

-  # depends_on = [
-  #   module.networking
-  # ]
+  depends_on = [
+    module.networking
+  ]
 }

 output "gke_connect_command" {
@ -128,3 +128,7 @@ output "redis_port" {
 }


+
+
+
+
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@ -25,11 +25,14 @@ variable "private_network_id" {
  type        = string
 }

-resource "google_sql_database_instance" "instance" {
-  project = var.project
-  region  = var.region
-  name    = "my-database-instance"
+resource "random_id" "cloudsql" {
+  byte_length = 4
+}

+resource "google_sql_database_instance" "instance" {
+  project          = var.project
+  region           = var.region
+  name             = "my-database-instance-${random_id.cloudsql.hex}"
  database_version = var.db_version

  settings {
@ -41,5 +44,6 @@ resource "google_sql_database_instance" "instance" {
    }
  }

-  deletion_protection = "true"
+  deletion_protection = "false"
+  # deletion_protection = "true"
 }
--- a/terraform/modules/gke/gke.tf
+++ b/terraform/modules/gke/gke.tf
@ -43,7 +43,7 @@ resource "google_kms_key_ring" "gke_db" {
  location = var.region

  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }

  depends_on = [
@ -65,7 +65,7 @@ resource "google_kms_crypto_key" "gke_db" {
  key_ring = google_kms_key_ring.gke_db.id

  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }

  depends_on = [
@ -114,24 +114,6 @@ resource "google_storage_bucket_iam_member" "gke_gcr" {
  ]
 }

-resource "google_compute_global_address" "gke_cluster_range" {
-  project       = var.project
-  name          = "gke-cluster-range"
-  purpose       = "VPC_PEERING"
-  address_type  = "INTERNAL"
-  prefix_length = 16
-  network       = var.private_network_id
-}
-
-resource "google_compute_global_address" "gke_services_range" {
-  project       = var.project
-  name          = "gke-services-range"
-  purpose       = "VPC_PEERING"
-  address_type  = "INTERNAL"
-  prefix_length = 20
-  network       = var.private_network_id
-}
-
 resource "google_container_cluster" "primary" {
  project    = var.project
  name       = "gke-cluster"
@ -169,12 +151,12 @@ resource "google_container_cluster" "primary" {
  }

  ip_allocation_policy {
-    cluster_secondary_range_name  = google_compute_global_address.gke_cluster_range.name
-    services_secondary_range_name = google_compute_global_address.gke_services_range.name
+    cluster_ipv4_cidr_block  = "/16"
+    services_ipv4_cidr_block = "/20"
  }

  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }

  depends_on = [
--- a/terraform/modules/networking/networking.tf
+++ b/terraform/modules/networking/networking.tf
@ -39,11 +39,6 @@ resource "google_compute_subnetwork" "subnet" {
  ip_cidr_range = "10.100.0.0/16"
  region        = var.region
  network       = google_compute_network.private_network.id
-
-  secondary_ip_range {
-    range_name    = "private-subnetwork-secondary"
-    ip_cidr_range = "192.168.10.0/24"
-  }
 }

 resource "google_compute_global_address" "private_ip_address" {
@ -51,7 +46,7 @@ resource "google_compute_global_address" "private_ip_address" {
  name          = "private-ip-address"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
-  prefix_length = 24
+  prefix_length = 16
  network       = google_compute_network.private_network.id
 }