Last active
March 9, 2025 07:41
-
-
Save yuwtennis/1abf229918161ec2a54f54092af78c58 to your computer and use it in GitHub Desktop.
Using A record as DNS for Cloud SQL Auth Proxy connection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "google_compute_network" "vpc" { | |
| name = "dsongcp" | |
| auto_create_subnetworks = false | |
| } | |
| resource "google_compute_subnetwork" "private_subnet" { | |
| name = "prv-subnet" | |
| ip_cidr_range = "192.168.0.0/28" | |
| network = google_compute_network.vpc.id | |
| region = local.region | |
| private_ip_google_access = true | |
| } | |
| resource "google_sql_database_instance" "flights" { | |
| name = "flights" | |
| database_version = "POSTGRES_17" | |
| region = "asia-northeast1" | |
| settings { | |
| tier = "db-f1-micro" # Shared, 1 CPU, 3840 MB | |
| edition = "ENTERPRISE" | |
| availability_type = "ZONAL" | |
| backup_configuration { | |
| enabled = true | |
| binary_log_enabled = false | |
| } | |
| ip_configuration { | |
| psc_config { | |
| psc_enabled = true | |
| allowed_consumer_projects = ["the project id"] | |
| } | |
| ipv4_enabled = false | |
| } | |
| } | |
| deletion_protection = false | |
| } | |
| resource "google_compute_address" "cloud_sql_ep" { | |
| name = "cloud-sql-ep" | |
| address_type = "INTERNAL" | |
| subnetwork = google_compute_subnetwork.private_subnet.id | |
| address = "192.168.0.4" | |
| } | |
| resource "google_compute_forwarding_rule" "psc_cloud_sql" { | |
| name = "psc-cloud-sql" | |
| region = local.region | |
| network = google_compute_network.vpc.id | |
| ip_address = google_compute_address.cloud_sql_ep.self_link | |
| load_balancing_scheme = "" | |
| target = google_sql_database_instance.flights.psc_service_attachment_link | |
| } | |
| resource "google_dns_managed_zone" "dsongcp" { | |
| name = "dsongcp" | |
| dns_name = "asia- northeast1.sql.goog." | |
| description = "Private zone exclusive to dsongcp" | |
| visibility = "private" | |
| private_visibility_config { | |
| networks { | |
| network_url = google_compute_network.vpc.id | |
| } | |
| } | |
| } | |
| resource "google_dns_record_set" "cloudsql" { | |
| managed_zone = google_dns_managed_zone.dsongcp.name | |
| name = google_sql_database_instance.flights.dns_name | |
| type = "A" | |
| rrdatas = [google_compute_forwarding_rule.psc_cloud_sql.ip_address] | |
| ttl = 300 | |
| } | |
| resource "google_dns_record_set" "cloudsql_domain_ownership" { | |
| managed_zone = google_dns_managed_zone.dsongcp.name | |
| name = google_sql_database_instance.flights.dns_name | |
| type = "TXT" | |
| rrdatas = [google_sql_database_instance.flights.connection_name] | |
| ttl = 3600 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment