From edb515da098843f24b7a4253a441ef24ddbb2a45 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@harmonic.ai>
Date: Mon, 12 Jul 2021 00:06:49 -0400
Subject: [PATCH 1/3] Add a cloudsql instance.

---
 terraform/basic_gke/main.tf            |  8 ++++++
 terraform/modules/cloudsql/cloudsql.tf | 39 ++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 terraform/modules/cloudsql/cloudsql.tf

diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index cd6b3dc..44451f3 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -241,3 +241,11 @@ output "gke_connect_command" {
   description = "Command to run to connect to the kubernetes cluster."
   value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${var.region} --project ${var.project}"
 }
+
+#################### SQL ##################################
+
+module "cloudsql" {
+  source  = "../modules/cloudsql"
+  project = var.project
+  region  = var.region
+}
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
new file mode 100644
index 0000000..bf9c702
--- /dev/null
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -0,0 +1,39 @@
+variable "project" {
+  description = "Project ID."
+  type        = string
+}
+
+variable "region" {
+  description = "Region."
+  type        = string
+}
+
+variable "tier" {
+  description = "DB machine type."
+  type        = string
+  default     = "db-f1-micro"
+}
+
+variable "db_version" {
+  description = "Database version."
+  type        = string
+  default     = "POSTGRES_13"
+}
+
+resource "google_sql_database_instance" "instance" {
+  project = var.project
+  region  = var.region
+  name    = "my-database-instance"
+
+  database_version = var.db_version
+
+  settings {
+    tier = var.tier
+
+    ip_configuration {
+      private_network = true
+    }
+  }
+
+  deletion_protection = "true"
+}

From 07b38295c3213fba2a7e941dca58c8a26d87faee Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@harmonic.ai>
Date: Mon, 12 Jul 2021 00:40:01 -0400
Subject: [PATCH 2/3] Starting a networking module to get a private ip address
 for cloudsql.

---
 terraform/basic_gke/main.tf                |  7 +++++++
 terraform/modules/cloudsql/cloudsql.tf     |  4 ----
 terraform/modules/networking/networking.tf | 10 ++++++++++
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 terraform/modules/networking/networking.tf

diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index 44451f3..b9cc263 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -43,6 +43,13 @@ data "google_project" "project" {
   project_id = var.project
 }
 
+#################### Networking ###########################
+
+module "networking" {
+  source  = "../modules/networking"
+  project = var.project
+}
+
 #################### Workload Identity ####################
 
 resource "random_id" "identity_pool" {
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
index bf9c702..317d9f7 100644
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -29,10 +29,6 @@ resource "google_sql_database_instance" "instance" {
 
   settings {
     tier = var.tier
-
-    ip_configuration {
-      private_network = true
-    }
   }
 
   deletion_protection = "true"
diff --git a/terraform/modules/networking/networking.tf b/terraform/modules/networking/networking.tf
new file mode 100644
index 0000000..0297682
--- /dev/null
+++ b/terraform/modules/networking/networking.tf
@@ -0,0 +1,10 @@
+variable "project" {
+  description = "Project ID."
+  type        = string
+}
+
+resource "google_compute_network" "private_network" {
+  project                 = var.project
+  name                    = "private-network"
+  auto_create_subnetworks = false
+}

From b8216c71be714c76e436849c97b84ae6bd25a4ef Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Mon, 12 Jul 2021 22:25:12 -0400
Subject: [PATCH 3/3] Only use local networking for cloudsql.

---
 terraform/basic_gke/main.tf                | 11 +++++---
 terraform/modules/cloudsql/cloudsql.tf     | 10 ++++++++
 terraform/modules/networking/networking.tf | 29 ++++++++++++++++++++++
 3 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index b9cc263..0bb5b87 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -252,7 +252,12 @@ output "gke_connect_command" {
 #################### SQL ##################################
 
 module "cloudsql" {
-  source  = "../modules/cloudsql"
-  project = var.project
-  region  = var.region
+  source             = "../modules/cloudsql"
+  project            = var.project
+  region             = var.region
+  private_network_id = module.networking.private_network_id
+
+  depends_on = [
+    module.networking
+  ]
 }
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
index 317d9f7..44b1d3f 100644
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -20,6 +20,11 @@ variable "db_version" {
   default     = "POSTGRES_13"
 }
 
+variable "private_network_id" {
+  description = "Private network id."
+  type        = string
+}
+
 resource "google_sql_database_instance" "instance" {
   project = var.project
   region  = var.region
@@ -29,6 +34,11 @@ resource "google_sql_database_instance" "instance" {
 
   settings {
     tier = var.tier
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = var.private_network_id
+    }
   }
 
   deletion_protection = "true"
diff --git a/terraform/modules/networking/networking.tf b/terraform/modules/networking/networking.tf
index 0297682..4a7b757 100644
--- a/terraform/modules/networking/networking.tf
+++ b/terraform/modules/networking/networking.tf
@@ -3,8 +3,37 @@ variable "project" {
   type        = string
 }
 
+output "private_network_id" {
+  description = "Private network id."
+  value       = google_compute_network.private_network.id
+}
+
+resource "google_project_service" "servicenetworking" {
+  project                    = var.project
+  service                    = "servicenetworking.googleapis.com"
+  disable_dependent_services = true
+}
+
 resource "google_compute_network" "private_network" {
   project                 = var.project
   name                    = "private-network"
   auto_create_subnetworks = false
+  depends_on = [
+    google_project_service.servicenetworking
+  ]
+}
+
+resource "google_compute_global_address" "private_ip_address" {
+  project       = google_compute_network.private_network.project
+  name          = "private-ip-address"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.private_network.id
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = google_compute_network.private_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
 }