GithubHelp home page GithubHelp logo

terraform-gcp-cloud-sql-postgres's Introduction

About

This creates an example GCP Cloud SQL PostgreSQL instance using terraform.

This will:

  • Create a public PostgreSQL instance.
  • Configure the PostgresSQL instance to require mTLS.
  • Enable automated backups.
  • Set a random postgres account password.
  • Show how to connect to the created PostgreSQL instance using psql.

For further managing the PostgreSQL instance, you could use:

Usage

Install terraform, gcloud, and docker.

Login into your GCP account:

# see https://cloud.google.com/sdk/docs/authorizing
gcloud auth login --no-launch-browser
gcloud config set project PROJECT_ID # gcloud projects list
gcloud config set compute/region REGION_ID # gcloud compute regions list
gcloud auth application-default login --no-launch-browser

Verify your GCP account settings:

gcloud config get account
gcloud config get project
gcloud config get compute/region

Create the example:

export CHECKPOINT_DISABLE=1
export TF_LOG=TRACE
export TF_LOG_PATH=terraform.log
export TF_VAR_project="$(gcloud config get project)"
export TF_VAR_region="$(gcloud config get compute/region)"
terraform init
terraform plan -out=tfplan
# NB it takes about 20m to create a simple google_sql_database_instance. YMMV.
terraform apply tfplan

Connect to it:

# see https://www.postgresql.org/docs/14/libpq-envars.html
# see https://cloud.google.com/sql/docs/postgres/connect-admin-ip?authuser=2#connect-ssl
terraform output -raw ca >pgcacerts.pem
terraform output -raw crt >postgres-crt.pem
install -m 600 /dev/null postgres-key.pem
terraform output -raw key >postgres-key.pem
install -m 600 /dev/null pgpass.conf
echo "$(terraform output -raw ip_address):5432:postgres:postgres:$(terraform output -raw password)" >pgpass.conf
docker run \
    --rm \
    -it \
    -v "$PWD:/host:ro" \
    -e "PGSSLROOTCERT=/host/pgcacerts.pem" \
    -e "PGSSLCERT=/host/postgres-crt.pem" \
    -e "PGSSLKEY=/host/postgres-key.pem" \
    -e "PGPASSFILE=/host/pgpass.conf" \
    -e "PGHOSTADDR=$(terraform output -raw ip_address)" \
    -e "PGSSLMODE=verify-ca" \
    -e "PGDATABASE=postgres" \
    -e "PGUSER=postgres" \
    postgres:14 \
    psql

Execute example queries:

select version();
select current_user;
select case when ssl then concat('YES (', version, ')') else 'NO' end as ssl from pg_stat_ssl where pid=pg_backend_pid();

Exit the psql session:

exit

Destroy everything:

# disable the delete protection.
sed -i -E 's,(deletion_protection).*?=.*,\1 = false,g' main.tf
terraform plan -out=tfplan
terraform apply tfplan
# destroy everything, including all the data.
terraform destroy
# enable the delete protection (only in the source code, as the instance is already gone).
sed -i -E 's,(deletion_protection).*?=.*,\1 = true,g' main.tf

terraform-gcp-cloud-sql-postgres's People

Contributors

rgl avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.