diff options
author | Pavlo Strokov <pstrokov@gitlab.com> | 2020-07-24 10:46:01 +0300 |
---|---|---|
committer | Pavlo Strokov <pstrokov@gitlab.com> | 2020-07-24 10:46:01 +0300 |
commit | 1a1445409ddb85cf0754caa32a284128642d2576 (patch) | |
tree | 7fe4000b4671710d939122534ceb1647c1f84bdc /_support | |
parent | 43e8389d447f471e889dd4521a13037f36d8a230 (diff) |
PgBouncer deployment with terraform
In order to verify usage of PgBouncer in front of Postgres
database PgBouncer included into terraform deployment.
It uses separate machine with internal IP that is accessible
to Praefect instances.
Cloud SQL authorized networks changed to '0.0.0.0/0' because
it is not possible to use PgBouncer IP for it, as PgBouncer
requires IP of Cloud SQL instance in setup (circular dependency).
The output of 'praefect_postgresql_ip' is a private IP of the
PgBouncer instance that should be used instead of a public Cloud
SQL instance to proxy SQL requests.
Closes: https://gitlab.com/gitlab-org/gitaly/-/issues/2975
Diffstat (limited to '_support')
-rw-r--r-- | _support/terraform/main.tf | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/_support/terraform/main.tf b/_support/terraform/main.tf index 25250c50d..0574aeb25 100644 --- a/_support/terraform/main.tf +++ b/_support/terraform/main.tf @@ -1,3 +1,4 @@ +variable "project" { default = "gitlab-internal-153318" } variable "demo_region" { default = "us-east4" } variable "demo_zone" { default = "us-east4-c" } variable "praefect_demo_cluster_name" { } @@ -23,7 +24,7 @@ variable "praefect_sql_password" { } provider "google" { version = "~> 3.12" - project = "gitlab-internal-153318" + project = var.project region = var.demo_region zone = var.demo_zone } @@ -45,21 +46,16 @@ resource "google_sql_database_instance" "praefect_sql" { ip_configuration{ ipv4_enabled = true - dynamic "authorized_networks" { - for_each = google_compute_instance.praefect - iterator = praefect - - content { - name = "praefect-${praefect.key}" - value = praefect.value.network_interface[0].access_config[0].nat_ip - } + authorized_networks { + name = "allow-all-inbound" + value = "0.0.0.0/0" } } } } output "praefect_postgresql_ip" { - value = google_sql_database_instance.praefect_sql.public_ip_address + value = module.pgbouncer.private_ip_address } resource "google_sql_user" "users" { @@ -73,6 +69,24 @@ resource "google_sql_database" "praefect-database" { instance = google_sql_database_instance.praefect_sql.name } +module "pgbouncer" { + source = "christippett/cloud-sql-pgbouncer/google" + version = "~>1.1" + + project = var.project + name = "${var.praefect_demo_cluster_name}-pgbouncer" + zone = var.demo_zone + subnetwork = "default" + + port = 5432 + database_host = google_sql_database_instance.praefect_sql.public_ip_address + + users = [ + { name = google_sql_user.users.name, password = google_sql_user.users.password, admin = true }, + ] + auth_query = "SELECT usename, passwd FROM pg_shadow WHERE usename=$1" +} + resource "google_compute_instance" "gitlab" { name = format("%s-gitlab", var.praefect_demo_cluster_name) machine_type = "n1-standard-2" |