From 306495822d6c120b2137f66345a3010bdf6eb286 Mon Sep 17 00:00:00 2001
From: Pavlo Strokov <pstrokov@gitlab.com>
Date: Thu, 30 Jul 2020 00:31:03 +0300
Subject: PgBouncer deployment with terraform

Assignment of the dedicated IP address to PgBouncer instance
in order to narrow the set of public IP addresses allowed to
connect to PostgreSQL instance.

Closes: https://gitlab.com/gitlab-org/gitaly/-/issues/2975
---
 _support/terraform/main.tf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to '_support/terraform')

diff --git a/_support/terraform/main.tf b/_support/terraform/main.tf
index 0574aeb25..ebb274d39 100644
--- a/_support/terraform/main.tf
+++ b/_support/terraform/main.tf
@@ -33,6 +33,10 @@ resource "random_id" "db_name_suffix" {
   byte_length = 4
 }
 
+resource "google_compute_address" "pgbouncer" {
+  name = "${var.praefect_demo_cluster_name}-praefect-pgbouncer"
+}
+
 resource "google_sql_database_instance" "praefect_sql" {
   # It appears CloudSQL does not like Terraform re-using database names.
   # Adding a random ID prevents name reuse.
@@ -48,7 +52,7 @@ resource "google_sql_database_instance" "praefect_sql" {
 
       authorized_networks {
         name  = "allow-all-inbound"
-        value = "0.0.0.0/0"
+        value = google_compute_address.pgbouncer.address
       }
     }
   }
@@ -77,6 +81,7 @@ module "pgbouncer" {
   name       = "${var.praefect_demo_cluster_name}-pgbouncer"
   zone       = var.demo_zone
   subnetwork = "default"
+  public_ip_address = google_compute_address.pgbouncer.address
 
   port          = 5432
   database_host = google_sql_database_instance.praefect_sql.public_ip_address
-- 
cgit v1.2.3