From 40f4a8c3983ee427ddf3b87699e403334467c66d Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Tue, 13 Jul 2021 20:50:43 -0400 Subject: [PATCH] Fix ip exhaustion by increasing services ip address range. --- terraform/basic_gke/main.tf | 10 +++++--- terraform/modules/cloudsql/cloudsql.tf | 14 +++++++---- terraform/modules/gke/gke.tf | 28 ++++------------------ terraform/modules/networking/networking.tf | 7 +----- 4 files changed, 22 insertions(+), 37 deletions(-) diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf index eb36c27..77aee44 100644 --- a/terraform/basic_gke/main.tf +++ b/terraform/basic_gke/main.tf @@ -81,9 +81,9 @@ module "gke" { private_subnetwork_id = module.networking.private_subnetwork_id service_cloudkms = google_project_service.cloudkms - # depends_on = [ - # module.networking - # ] + depends_on = [ + module.networking + ] } output "gke_connect_command" { @@ -128,3 +128,7 @@ output "redis_port" { } + + + + diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf index 44b1d3f..b9c9520 100644 --- a/terraform/modules/cloudsql/cloudsql.tf +++ b/terraform/modules/cloudsql/cloudsql.tf @@ -25,11 +25,14 @@ variable "private_network_id" { type = string } -resource "google_sql_database_instance" "instance" { - project = var.project - region = var.region - name = "my-database-instance" +resource "random_id" "cloudsql" { + byte_length = 4 +} +resource "google_sql_database_instance" "instance" { + project = var.project + region = var.region + name = "my-database-instance-${random_id.cloudsql.hex}" database_version = var.db_version settings { @@ -41,5 +44,6 @@ resource "google_sql_database_instance" "instance" { } } - deletion_protection = "true" + deletion_protection = "false" + # deletion_protection = "true" } diff --git a/terraform/modules/gke/gke.tf b/terraform/modules/gke/gke.tf index 79a8980..7e5e9aa 100644 --- a/terraform/modules/gke/gke.tf +++ b/terraform/modules/gke/gke.tf @@ -43,7 +43,7 @@ resource "google_kms_key_ring" "gke_db" { location = var.region lifecycle { - prevent_destroy = true + #prevent_destroy = true } depends_on = [ @@ -65,7 +65,7 @@ resource "google_kms_crypto_key" "gke_db" { key_ring = google_kms_key_ring.gke_db.id lifecycle { - prevent_destroy = true + #prevent_destroy = true } depends_on = [ @@ -114,24 +114,6 @@ resource "google_storage_bucket_iam_member" "gke_gcr" { ] } -resource "google_compute_global_address" "gke_cluster_range" { - project = var.project - name = "gke-cluster-range" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = var.private_network_id -} - -resource "google_compute_global_address" "gke_services_range" { - project = var.project - name = "gke-services-range" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 20 - network = var.private_network_id -} - resource "google_container_cluster" "primary" { project = var.project name = "gke-cluster" @@ -169,12 +151,12 @@ resource "google_container_cluster" "primary" { } ip_allocation_policy { - cluster_secondary_range_name = google_compute_global_address.gke_cluster_range.name - services_secondary_range_name = google_compute_global_address.gke_services_range.name + cluster_ipv4_cidr_block = "/16" + services_ipv4_cidr_block = "/20" } lifecycle { - prevent_destroy = true + #prevent_destroy = true } depends_on = [ diff --git a/terraform/modules/networking/networking.tf b/terraform/modules/networking/networking.tf index 0cbd570..97aee17 100644 --- a/terraform/modules/networking/networking.tf +++ b/terraform/modules/networking/networking.tf @@ -39,11 +39,6 @@ resource "google_compute_subnetwork" "subnet" { ip_cidr_range = "10.100.0.0/16" region = var.region network = google_compute_network.private_network.id - - secondary_ip_range { - range_name = "private-subnetwork-secondary" - ip_cidr_range = "192.168.10.0/24" - } } resource "google_compute_global_address" "private_ip_address" { @@ -51,7 +46,7 @@ resource "google_compute_global_address" "private_ip_address" { name = "private-ip-address" purpose = "VPC_PEERING" address_type = "INTERNAL" - prefix_length = 24 + prefix_length = 16 network = google_compute_network.private_network.id }