From 0e97130afa32e63f0707e49f0f36b439e9d81895 Mon Sep 17 00:00:00 2001 From: mariadb-chucknewport Date: Fri, 26 Jul 2024 15:54:35 -0500 Subject: [PATCH] add example for azure private link --- examples/azure-private-link/locals.tf | 4 ++ examples/azure-private-link/main.tf | 77 ++++++++++++++++++++++++ examples/azure-private-link/providers.tf | 17 ++++++ examples/azure-private-link/variables.tf | 50 +++++++++++++++ 4 files changed, 148 insertions(+) create mode 100644 examples/azure-private-link/locals.tf create mode 100644 examples/azure-private-link/main.tf create mode 100644 examples/azure-private-link/providers.tf create mode 100644 examples/azure-private-link/variables.tf diff --git a/examples/azure-private-link/locals.tf b/examples/azure-private-link/locals.tf new file mode 100644 index 0000000..502b96b --- /dev/null +++ b/examples/azure-private-link/locals.tf @@ -0,0 +1,4 @@ +locals { + dns_domain = join(".", [var.skysql_organization_id, var.skysql_base_domain]) + dns_link_name = join(".", [var.skysql_organization_id, replace(var.skysql_base_domain, ".", "-")]) +} diff --git a/examples/azure-private-link/main.tf b/examples/azure-private-link/main.tf new file mode 100644 index 0000000..4ce34d0 --- /dev/null +++ b/examples/azure-private-link/main.tf @@ -0,0 +1,77 @@ +data "azurerm_subscription" "current" {} + +data "azurerm_resource_group" "this" { + name = var.resource_group_name + depends_on = [azurerm_resource_group.this] +} + +data "skysql_versions" "this" { + topology = var.topology +} + +data "skysql_service" "this" { + service_id = skysql_service.this.id +} + +### +# Create the SkySQL service +### +resource "skysql_service" "this" { + service_type = "transactional" + topology = var.topology + cloud_provider = "azure" + region = var.location + name = var.skysql_service_name + architecture = "amd64" + nodes = 1 + size = "sky-2x8" + storage = 100 + ssl_enabled = true + version = data.skysql_versions.this.versions[0].name + endpoint_mechanism = "privateconnect" + endpoint_allowed_accounts = [data.azurerm_subscription.current.subscription_id] + wait_for_creation = true + # The following line will be required when tearing down the skysql service + # deletion_protection = false +} + +resource "azurerm_resource_group" "this" { + count = var.create_resource_group ? 1 : 0 + name = var.resource_group_name + location = var.location +} + +resource "azurerm_private_dns_zone" "this" { + name = local.dns_domain + resource_group_name = data.azurerm_resource_group.this.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "this" { + name = local.dns_link_name + resource_group_name = data.azurerm_resource_group.this.name + private_dns_zone_name = azurerm_private_dns_zone.this.name + virtual_network_id = var.virtual_network_id +} + +resource "azurerm_private_endpoint" "this" { + name = var.skysql_service_name + location = data.azurerm_resource_group.this.location + resource_group_name = data.azurerm_resource_group.this.name + subnet_id = var.subnet_id + + private_service_connection { + name = var.database_name + private_connection_resource_alias = data.skysql_service.this.endpoints[0].endpoint_service + is_manual_connection = true + request_message = "PL" + + } +} + +resource "azurerm_private_dns_a_record" "this" { + name = skysql_service.this.id + zone_name = azurerm_private_dns_zone.this.name + resource_group_name = data.azurerm_resource_group.this.name + ttl = 300 + records = [azurerm_private_endpoint.this.private_service_connection[0].private_ip_address] +} diff --git a/examples/azure-private-link/providers.tf b/examples/azure-private-link/providers.tf new file mode 100644 index 0000000..62ebdff --- /dev/null +++ b/examples/azure-private-link/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + skysql = { + source = "registry.terraform.io/skysqlinc/skysql" + version = "1.0.0" + } + azurerm = { + source = "hashicorp/azurerm" + version = "3.96.0" + } + } +} + +provider "skysql" {} +provider "azurerm" { + features {} +} diff --git a/examples/azure-private-link/variables.tf b/examples/azure-private-link/variables.tf new file mode 100644 index 0000000..78e6b34 --- /dev/null +++ b/examples/azure-private-link/variables.tf @@ -0,0 +1,50 @@ +variable "location" { + description = "The Azure Region in which all resources will be created." + type = string + default = "eastus" +} + +variable "resource_group_name" { + description = "The name of the resource group in which all resources will be created." + type = string + default = "skysql-private-link" +} + +variable "create_resource_group" { + description = "Create a new resource group or use an existing one." + type = bool + default = true +} + +variable "skysql_organization_id" { + description = "The SkySQL Organization ID." + type = string +} + +variable "skysql_base_domain" { + description = "The base domain for SkySQL database endpoints." + default = "db3.skysql.com" + type = string +} + +variable "virtual_network_id" { + description = "The ID of the virtual network where the private endpoint will be created." + type = string +} + +variable "subnet_id" { + description = "The ID of the subnet where the private endpoint will be created." + type = string +} + +variable "skysql_service_name" { + description = "The name of the database to create." + type = string + default = "skysql-private-link" +} + +variable "topology" { + description = "The SkySQL topology to deploy." + type = string + default = "es-single" +}