PgBouncer deployment with terraform

Assignment of the dedicated IP address to PgBouncer instance in order to narrow the set of public IP addresses allowed to connect to PostgreSQL instance. Closes: https://gitlab.com/gitlab-org/gitaly/-/issues/2975
author: Pavlo Strokov <pstrokov@gitlab.com> 2020-07-30 00:31:03 +0300
committer: Pavlo Strokov <pstrokov@gitlab.com> 2020-07-30 00:31:03 +0300
commit: 306495822d6c120b2137f66345a3010bdf6eb286 (patch)
tree: 44a9ef72a4e6d8ddfe42fa6e6e9ae32bd36825ea
parent: 36437f18b1808909de55268baf894390af6c1701 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/_support/terraform/main.tf b/_support/terraform/main.tf
index 0574aeb25..ebb274d39 100644
--- a/_support/terraform/main.tf
+++ b/_support/terraform/main.tf
@@ -33,6 +33,10 @@ resource "random_id" "db_name_suffix" {
   byte_length = 4
 }
 
+resource "google_compute_address" "pgbouncer" {
+  name = "${var.praefect_demo_cluster_name}-praefect-pgbouncer"
+}
+
 resource "google_sql_database_instance" "praefect_sql" {
   # It appears CloudSQL does not like Terraform re-using database names.
   # Adding a random ID prevents name reuse.
@@ -48,7 +52,7 @@ resource "google_sql_database_instance" "praefect_sql" {
 
       authorized_networks {
         name  = "allow-all-inbound"
-        value = "0.0.0.0/0"
+        value = google_compute_address.pgbouncer.address
       }
     }
   }
@@ -77,6 +81,7 @@ module "pgbouncer" {
   name       = "${var.praefect_demo_cluster_name}-pgbouncer"
   zone       = var.demo_zone
   subnetwork = "default"
+  public_ip_address = google_compute_address.pgbouncer.address
 
   port          = 5432
   database_host = google_sql_database_instance.praefect_sql.public_ip_address
author	Pavlo Strokov <pstrokov@gitlab.com>	2020-07-30 00:31:03 +0300
committer	Pavlo Strokov <pstrokov@gitlab.com>	2020-07-30 00:31:03 +0300
commit	306495822d6c120b2137f66345a3010bdf6eb286 (patch)
tree	44a9ef72a4e6d8ddfe42fa6e6e9ae32bd36825ea
parent	36437f18b1808909de55268baf894390af6c1701 (diff)