Fix VPC peering for CloudSQL

johnstcn · johnstcn · commit 499a88da9e46 · 2023-05-11T17:51:13.000+01:00
diff --git a/scaletest/terraform/coder.tf b/scaletest/terraform/coder.tf
@@ -39,13 +39,13 @@ resource "random_password" "coder-postgres-password" {
 }
 
 resource "kubernetes_secret" "coder-db" {
-  type = "kubernetes.io/basic-auth"
+  type = "" # Opaque
   metadata {
     name      = "coder-db-url"
     namespace = kubernetes_namespace.coder_namespace.metadata.0.name
   }
   data = {
-    url = "postgres://coder:${random_password.coder-postgres-password.result}@/${google_sql_database_instance.db.ip_address}?sslmode=disable"
+    url = "postgres://coder:${urlencode(random_password.coder-postgres-password.result)}@${google_sql_database_instance.db.private_ip_address}?sslmode=disable"
   }
 }
 
@@ -121,7 +121,9 @@ coder:
           key: url
     - name: "CODER_VERBOSE"
       value: "true"
-  image: ${var.coder_image_repo}:${var.coder_image_tag}
+  image:
+    repo: ${var.coder_image_repo}
+    tag: ${var.coder_image_tag}
   replicaCount: "${var.coder_replicas}"
   resources:
     requests:
diff --git a/scaletest/terraform/gcp_db.tf b/scaletest/terraform/gcp_db.tf
@@ -7,12 +7,6 @@ data "google_compute_global_address" "sql_peering" {
   name = "sql-ip-address"
 }
 
-resource "google_service_networking_connection" "private_vpc_connection" {
-  network                 = data.google_compute_network.default.id
-  service                 = "servicenetworking.googleapis.com"
-  reserved_peering_ranges = [google_compute_global_address.sql_peering.name]
-}
-
 resource "google_sql_database_instance" "db" {
   name             = "${var.name}-db"
   region           = var.region
@@ -36,7 +30,7 @@ resource "google_sql_database_instance" "db" {
 
     ip_configuration {
       ipv4_enabled    = false
-      private_network = data.google_compute_network.default.id
+      private_network = google_compute_network.vpc.id
     }
 
     insights_config {
diff --git a/scaletest/terraform/gcp_vpc.tf b/scaletest/terraform/gcp_vpc.tf
@@ -16,9 +16,16 @@ resource "google_compute_subnetwork" "subnet" {
 }
 
 resource "google_compute_global_address" "sql_peering" {
+  project       = var.project_id
   name          = "${var.name}-sql-peering"
   purpose       = "VPC_PEERING"
   address_type  = "INTERNAL"
-  # prefix_length = 16
+  prefix_length = 16
   network       = google_compute_network.vpc.id
 }
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network = google_compute_network.vpc.id
+  service = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [ google_compute_global_address.sql_peering.name ]
+}

Original file line number	Diff line number	Diff line change
`@@ -39,13 +39,13 @@ resource "random_password" "coder-postgres-password" {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`resource "kubernetes_secret" "coder-db" {`
`42`		`- type = "kubernetes.io/basic-auth"`
	`42`	`+ type = "" # Opaque`
`43`	`43`	`metadata {`
`44`	`44`	`name = "coder-db-url"`
`45`	`45`	`namespace = kubernetes_namespace.coder_namespace.metadata.0.name`
`46`	`46`	`}`
`47`	`47`	`data = {`
`48`		`- url = "postgres://coder:${random_password.coder-postgres-password.result}@/${google_sql_database_instance.db.ip_address}?sslmode=disable"`
	`48`	`+ url = "postgres://coder:${urlencode(random_password.coder-postgres-password.result)}@${google_sql_database_instance.db.private_ip_address}?sslmode=disable"`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`
`@@ -121,7 +121,9 @@ coder:`
`121`	`121`	`key: url`
`122`	`122`	`- name: "CODER_VERBOSE"`
`123`	`123`	`value: "true"`
`124`		`- image: ${var.coder_image_repo}:${var.coder_image_tag}`
	`124`	`+ image:`
	`125`	`+ repo: ${var.coder_image_repo}`
	`126`	`+ tag: ${var.coder_image_tag}`
`125`	`127`	`replicaCount: "${var.coder_replicas}"`
`126`	`128`	`resources:`
`127`	`129`	`requests:`