Fix ip exhaustion by increasing services ip address range.

2021-07-13 20:50:43 -04:00 · 2021-07-13 20:50:43 -04:00 · 40f4a8c398
commit 40f4a8c398
parent 2cf9f93de6
4 changed files with 22 additions and 37 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@ -81,9 +81,9 @@ module "gke" {
  private_subnetwork_id = module.networking.private_subnetwork_id
  service_cloudkms      = google_project_service.cloudkms
-  # depends_on = [
+  depends_on = [
-  #   module.networking
+    module.networking
-  # ]
+  ]
 }
 output "gke_connect_command" {
@ -128,3 +128,7 @@ output "redis_port" {
 }
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@ -25,11 +25,14 @@ variable "private_network_id" {
  type        = string
 }
 resource "random_id" "cloudsql" {
  byte_length = 4
 }
 resource "google_sql_database_instance" "instance" {
  project          = var.project
  region           = var.region
-  name    = "my-database-instance"
+  name             = "my-database-instance-${random_id.cloudsql.hex}"
  database_version = var.db_version
  settings {
@ -41,5 +44,6 @@ resource "google_sql_database_instance" "instance" {
    }
  }
-  deletion_protection = "true"
+  deletion_protection = "false"
  # deletion_protection = "true"
 }
--- a/terraform/modules/gke/gke.tf
+++ b/terraform/modules/gke/gke.tf
@ -43,7 +43,7 @@ resource "google_kms_key_ring" "gke_db" {
  location = var.region
  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }
  depends_on = [
@ -65,7 +65,7 @@ resource "google_kms_crypto_key" "gke_db" {
  key_ring = google_kms_key_ring.gke_db.id
  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }
  depends_on = [
@ -114,24 +114,6 @@ resource "google_storage_bucket_iam_member" "gke_gcr" {
  ]
 }
 resource "google_compute_global_address" "gke_cluster_range" {
  project       = var.project
  name          = "gke-cluster-range"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = var.private_network_id
 }
 resource "google_compute_global_address" "gke_services_range" {
  project       = var.project
  name          = "gke-services-range"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 20
  network       = var.private_network_id
 }
 resource "google_container_cluster" "primary" {
  project    = var.project
  name       = "gke-cluster"
@ -169,12 +151,12 @@ resource "google_container_cluster" "primary" {
  }
  ip_allocation_policy {
-    cluster_secondary_range_name  = google_compute_global_address.gke_cluster_range.name
+    cluster_ipv4_cidr_block  = "/16"
-    services_secondary_range_name = google_compute_global_address.gke_services_range.name
+    services_ipv4_cidr_block = "/20"
  }
  lifecycle {
-    prevent_destroy = true
+    #prevent_destroy = true
  }
  depends_on = [
--- a/terraform/modules/networking/networking.tf
+++ b/terraform/modules/networking/networking.tf
@ -39,11 +39,6 @@ resource "google_compute_subnetwork" "subnet" {
  ip_cidr_range = "10.100.0.0/16"
  region        = var.region
  network       = google_compute_network.private_network.id
  secondary_ip_range {
    range_name    = "private-subnetwork-secondary"
    ip_cidr_range = "192.168.10.0/24"
  }
 }
 resource "google_compute_global_address" "private_ip_address" {
@ -51,7 +46,7 @@ resource "google_compute_global_address" "private_ip_address" {
  name          = "private-ip-address"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
-  prefix_length = 24
+  prefix_length = 16
  network       = google_compute_network.private_network.id
 }