-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcloudsql.tf
65 lines (55 loc) · 1.76 KB
/
cloudsql.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Cloud SQL instances cannot reuse names within one week of each other, so this
# allows the name to have a randomized suffix.
resource "random_id" "db_name_suffix" {
byte_length = 4
}
# A Cloud SQL instance to used for the metadata of pipelines.
resource "google_sql_database_instance" "metadata_db_instance" {
project = var.project
name = format("%s-%s", var.cluster_name, random_id.db_name_suffix.hex)
database_version = "MYSQL_5_7"
region = var.cluster_region
deletion_protection = false
settings {
backup_configuration {
enabled = true
binary_log_enabled = true
start_time = "08:00"
}
replication_type = "SYNCHRONOUS"
user_labels = {
"application" = "kubeflow"
"env" = var.env_label
"cloudsql-instance-suffix" = random_id.db_name_suffix.hex
}
tier = "db-n1-standard-4"
location_preference {
zone = var.cluster_zone
}
}
timeouts {
create = var.timeout
update = var.timeout
delete = var.timeout
}
}
# Terraform deletes the default root user with no password that Cloud SQL
# creates (as a best practice?), so recreate it here
resource "google_sql_user" "root_user" {
name = "root"
instance = google_sql_database_instance.metadata_db_instance.name
password = ""
host = "%"
}
resource "google_sql_user" "read_only_user" {
name = "read_only"
instance = google_sql_database_instance.metadata_db_instance.name
password = var.mysql_read_only_user_password
host = "%"
}
resource "google_sql_user" "developer" {
name = "developer"
instance = google_sql_database_instance.metadata_db_instance.name
password = var.mysql_developer_password
host = "%"
}