Only use local networking for cloudsql.

3 years ago · b8216c71be
parent 07b38295c3
commit b8216c71be
3 changed files with 47 additions and 3 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@ -252,7 +252,12 @@ output "gke_connect_command" {
 #################### SQL ##################################

 module "cloudsql" {
-  source  = "../modules/cloudsql"
-  project = var.project
-  region  = var.region
+  source             = "../modules/cloudsql"
+  project            = var.project
+  region             = var.region
+  private_network_id = module.networking.private_network_id
+
+  depends_on = [
+    module.networking
+  ]
 }
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@ -20,6 +20,11 @@ variable "db_version" {
  default     = "POSTGRES_13"
 }

+variable "private_network_id" {
+  description = "Private network id."
+  type        = string
+}
+
 resource "google_sql_database_instance" "instance" {
  project = var.project
  region  = var.region
@ -29,6 +34,11 @@ resource "google_sql_database_instance" "instance" {

  settings {
    tier = var.tier
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = var.private_network_id
+    }
  }

  deletion_protection = "true"
--- a/terraform/modules/networking/networking.tf
+++ b/terraform/modules/networking/networking.tf
@ -3,8 +3,37 @@ variable "project" {
  type        = string
 }

+output "private_network_id" {
+  description = "Private network id."
+  value       = google_compute_network.private_network.id
+}
+
+resource "google_project_service" "servicenetworking" {
+  project                    = var.project
+  service                    = "servicenetworking.googleapis.com"
+  disable_dependent_services = true
+}
+
 resource "google_compute_network" "private_network" {
  project                 = var.project
  name                    = "private-network"
  auto_create_subnetworks = false
+  depends_on = [
+    google_project_service.servicenetworking
+  ]
+}
+
+resource "google_compute_global_address" "private_ip_address" {
+  project       = google_compute_network.private_network.project
+  name          = "private-ip-address"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.private_network.id
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = google_compute_network.private_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
 }