diff --git a/examples/gcp/postgresql/main.tf b/examples/gcp/postgresql/main.tf index 82b4d77f..982b981f 100644 --- a/examples/gcp/postgresql/main.tf +++ b/examples/gcp/postgresql/main.tf @@ -8,11 +8,12 @@ module "postgresql" { source = "git::https://github.com/GaloyMoney/galoy-infra.git//modules/postgresql/gcp?ref=caa0cd8" # source = "../../../modules/postgresql/gcp" - instance_name = "${var.name_prefix}-pg" - vpc_name = "${var.name_prefix}-vpc" - gcp_project = var.gcp_project - destroyable = var.destroyable_postgres - user_can_create_db = true - databases = ["stablesats"] - replication = true + instance_name = "${var.name_prefix}-pg" + vpc_name = "${var.name_prefix}-vpc" + gcp_project = var.gcp_project + destroyable = var.destroyable_postgres + user_can_create_db = true + databases = [] + replication = true + provision_read_replica = true } diff --git a/modules/postgresql/gcp/main.tf b/modules/postgresql/gcp/main.tf index 9127436b..a0b1297c 100644 --- a/modules/postgresql/gcp/main.tf +++ b/modules/postgresql/gcp/main.tf @@ -52,10 +52,11 @@ resource "google_sql_database_instance" "instance" { backup_configuration { enabled = true point_in_time_recovery_enabled = true + binary_log_enabled = true } ip_configuration { - ipv4_enabled = true + ipv4_enabled = false private_network = data.google_compute_network.vpc.id } } diff --git a/modules/postgresql/gcp/outputs.tf b/modules/postgresql/gcp/outputs.tf index 042e8083..ea3a5dbd 100644 --- a/modules/postgresql/gcp/outputs.tf +++ b/modules/postgresql/gcp/outputs.tf @@ -9,11 +9,13 @@ output "private_ip" { output "creds" { value = { for db in local.databases : db => { - db_name = db - user = module.database[db].user - password = module.database[db].password - conn = "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.instance.private_ip_address}:5432/${db}" - host = google_sql_database_instance.instance.private_ip_address + db_name = db + user = module.database[db].user + password = module.database[db].password + conn = "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.instance.private_ip_address}:5432/${db}" + read_conn = local.provision_read_replica ? "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.replica[0].private_ip_address}:5432/${db}" : "" + host = google_sql_database_instance.instance.private_ip_address + read_host = local.provision_read_replica ? google_sql_database_instance.instance.private_ip_address : "" } } sensitive = true diff --git a/modules/postgresql/gcp/read-replica.tf b/modules/postgresql/gcp/read-replica.tf new file mode 100644 index 00000000..042e96c4 --- /dev/null +++ b/modules/postgresql/gcp/read-replica.tf @@ -0,0 +1,60 @@ +resource "google_sql_database_instance" "replica" { + count = local.provision_read_replica ? 1 : 0 + name = "${local.instance_name}-${random_id.db_name_suffix.hex}-replica" + master_instance_name = "${local.instance_name}-${random_id.db_name_suffix.hex}" + + project = local.gcp_project + database_version = "POSTGRES_14" + region = local.region + deletion_protection = !local.destroyable + + settings { + tier = local.tier + availability_type = local.highly_available ? "REGIONAL" : "ZONAL" + + dynamic "database_flags" { + for_each = local.max_connections > 0 ? [local.max_connections] : [] + content { + name = "max_connections" + value = local.max_connections + } + } + + dynamic "database_flags" { + for_each = var.enable_detailed_logging ? [{ + name = "log_statement" + value = "all" + }, { + name = "log_lock_waits" + value = "on" + }] : [] + content { + name = database_flags.value.name + value = database_flags.value.value + } + } + + dynamic "database_flags" { + for_each = local.replication ? ["on"] : [] + content { + name = "cloudsql.logical_decoding" + value = "on" + } + } + + backup_configuration { + enabled = false + } + + ip_configuration { + ipv4_enabled = false + private_network = data.google_compute_network.vpc.id + } + } + + timeouts { + create = "45m" + update = "45m" + delete = "45m" + } +} diff --git a/modules/postgresql/gcp/variables.tf b/modules/postgresql/gcp/variables.tf index f6eeb6b8..65dfba88 100644 --- a/modules/postgresql/gcp/variables.tf +++ b/modules/postgresql/gcp/variables.tf @@ -34,17 +34,23 @@ variable "replication" { type = bool default = false } +variable "provision_read_replica" { + description = "Provision read replica" + type = bool + default = false +} locals { - gcp_project = var.gcp_project - vpc_name = var.vpc_name - region = var.region - instance_name = var.instance_name - destroyable = var.destroyable - highly_available = var.highly_available - tier = var.tier - max_connections = var.max_connections - databases = var.databases - big_query_viewers = var.big_query_viewers - replication = var.replication + gcp_project = var.gcp_project + vpc_name = var.vpc_name + region = var.region + instance_name = var.instance_name + destroyable = var.destroyable + highly_available = var.highly_available + tier = var.tier + max_connections = var.max_connections + databases = var.databases + big_query_viewers = var.big_query_viewers + replication = var.replication + provision_read_replica = var.provision_read_replica }