Skip to content

Latest commit

 

History

History

example_with_private_service_connect

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
cross_region_replica.tf
cross_region_replica.tf
 
 
kms.tf
kms.tf
 
 
main.tf
main.tf
 
 
network.tf
network.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

README.md

Example AlloyDB with private service connect (PSC) enabled

This example illustrates how to use the alloy-db module to deploy a cluster with private service connect (PSC) enabled. This example creates:

  • VPC and subnet in project passed in attachment_project_id.
  • Creates a network attachment in attachment_project_id to which the AlloyDB PSC interface will be linked. Needed only if AlloyDB needs to connect outbound
  • alloyDB cluster/instances in region us-central1 in project passed in project_id.
  • alloyDB cross region replica cluster/instances in region us-east1 in project passed in project_id.
  • Creates consumer psc endpoint using alloyDB psc attachment in project passed in attachment_project_id.

Usage

To run this example you need to execute:

export TF_VAR_project_id="your_project_id"
export TF_VAR_attachment_project_id="project_id_for_psc_endpoint"
export TF_VAR_attachment_project_number="project_number_for_psc_endpoint"
terraform init
terraform plan
terraform apply
terraform destroy

Additional resources deployed outside of the module

In order to connect to Alloydb with language connectors, additional networking resources are required.

In addition to setting the flag psc_enabled = true in this module, you must must create the following network resources outside of the module:

  • google_compute_address
  • google_compute_forwarding_rule
  • google_dns_managed_zone
  • google_dns_record_set

For details, see main.tf in this example folder.

Failover to Instance 2

There are two clusters deployed in this example. cluster east is the primary cluster and cluster central is the failover replica. Steps to promote cluster east as primary and change cluster central as failover replica

  1. remove primary_cluster_name from cluster east and Execute terraform apply
module "alloydb_east" {
  source  = "GoogleCloudPlatform/alloy-db/google"
  version = "~> 4.0"

  ## Comment this out in order to promote cluster as primary cluster
-  primary_cluster_name = module.alloydb_central.cluster_name
}
  1. Remove cluster 1 by removing cluster 1 code and Execute terraform apply
- module "alloydb_central" {
-   source  = "GoogleCloudPlatform/alloy-db/google"
-   version = "~> 2.0"
-   cluster_id       = "cluster-${var.region_central}-psc"
-   cluster_location = var.region_central
-   project_id       = var.project_id
- ...
- }
- output "cluster_id" {
-   description = "ID of the Alloy DB Cluster created"
-   value       = module.alloydb_central.cluster_id
- }
- output "primary_instance_id" {
-   description = "ID of the primary instance created"
-   value       = module.alloydb_central.primary_instance_id
- }
- output "cluster_name" {
-   description = "The name of the cluster resource"
-   value       = module.alloydb_central.cluster_name
- }
  1. Create cluster 1 as failover replica by adding cluster 1 code with following additional line and Execute terraform apply
module "alloydb_central" {
  source  = "GoogleCloudPlatform/alloy-db/google"
  version = "~> 2.0"

+  primary_cluster_name = module.alloydb_east.cluster_name

  cluster_id       = "cluster-1"
  cluster_location = var.region1
  project_id       = var.project_id

  network_self_link           = "projects/${var.project_id}/global/networks/${var.network_name}"
  cluster_encryption_key_name = google_kms_crypto_key.key_region1.id
...
  depends_on = [
-    module.alloydb_central,
    google_service_networking_connection.vpc_connection,
    google_kms_crypto_key_iam_member.alloydb_sa_iam_secondary,
  ]
}

Inputs

Name Description Type Default Required
attachment_project_id The ID of the project in which attachment will be provisioned string n/a yes
attachment_project_number The project number in which attachment will be provisioned string n/a yes
project_id The ID of the project in which to provision resources. string n/a yes
region_central The region for cluster in central us string "us-central1" no
region_east The region for cluster in east us string "us-east1" no

Outputs

Name Description
cluster_central cluster
cluster_east cluster created
cluster_id_central ID of the Alloy DB Cluster created
cluster_id_east ID of the Alloy DB Cluster created
cluster_name_central The name of the cluster resource
kms_key_name_central he fully-qualified resource name of the KMS key
kms_key_name_east he fully-qualified resource name of the Secondary clusterKMS key
primary_instance_central primary instance created
primary_instance_east primary instance created
primary_instance_id_central ID of the primary instance created
primary_psc_attachment_link_central The private service connect (psc) attachment created for primary instance
project_id Project ID of the Alloy DB Cluster created
psc_attachment The network attachment resource created in the consumer project to which the PSC interface will be linked
psc_consumer_fwd_rule_ip Consumer psc endpoint created
psc_dns_name_central he DNS name of the instance for PSC connectivity. Name convention: ...alloydb-psc.goog
read_instance_ids_central IDs of the read instances created
read_psc_attachment_links_central n/a
region_central The region for primary cluster
region_east The region for cross region replica secondary cluster