diff options
author | Pavlo Strokov <pstrokov@gitlab.com> | 2020-07-30 00:31:03 +0300 |
---|---|---|
committer | Pavlo Strokov <pstrokov@gitlab.com> | 2020-07-30 00:31:03 +0300 |
commit | 306495822d6c120b2137f66345a3010bdf6eb286 (patch) | |
tree | 44a9ef72a4e6d8ddfe42fa6e6e9ae32bd36825ea | |
parent | 36437f18b1808909de55268baf894390af6c1701 (diff) |
PgBouncer deployment with terraform
Assignment of the dedicated IP address to PgBouncer instance
in order to narrow the set of public IP addresses allowed to
connect to PostgreSQL instance.
Closes: https://gitlab.com/gitlab-org/gitaly/-/issues/2975
-rw-r--r-- | _support/terraform/main.tf | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/_support/terraform/main.tf b/_support/terraform/main.tf index 0574aeb25..ebb274d39 100644 --- a/_support/terraform/main.tf +++ b/_support/terraform/main.tf @@ -33,6 +33,10 @@ resource "random_id" "db_name_suffix" { byte_length = 4 } +resource "google_compute_address" "pgbouncer" { + name = "${var.praefect_demo_cluster_name}-praefect-pgbouncer" +} + resource "google_sql_database_instance" "praefect_sql" { # It appears CloudSQL does not like Terraform re-using database names. # Adding a random ID prevents name reuse. @@ -48,7 +52,7 @@ resource "google_sql_database_instance" "praefect_sql" { authorized_networks { name = "allow-all-inbound" - value = "0.0.0.0/0" + value = google_compute_address.pgbouncer.address } } } @@ -77,6 +81,7 @@ module "pgbouncer" { name = "${var.praefect_demo_cluster_name}-pgbouncer" zone = var.demo_zone subnetwork = "default" + public_ip_address = google_compute_address.pgbouncer.address port = 5432 database_host = google_sql_database_instance.praefect_sql.public_ip_address |