add example for azure private link

skysqlinc · Jul 26, 2024 · 0a52921 · 0a52921
1 parent f09a180
commit 0a52921
Show file tree

Hide file tree

Showing 4 changed files with 143 additions and 0 deletions.
diff --git a/examples/azure-private-link/locals.tf b/examples/azure-private-link/locals.tf
@@ -0,0 +1,4 @@
+locals {
+  dns_domain = join(".", [var.skysql_organization_id, var.skysql_base_domain])
+  dns_link_name = join(".", [var.skysql_organization_id, replace(var.skysql_base_domain, ".", "-")])
+}
diff --git a/examples/azure-private-link/main.tf b/examples/azure-private-link/main.tf
@@ -0,0 +1,77 @@
+data "azurerm_subscription" "current" {}
+
+data "azurerm_resource_group" "this" {
+  name  = var.resource_group_name
+  depends_on = [azurerm_resource_group.this]
+}
+
+data "skysql_versions" "this" {
+  topology = var.topology
+}
+
+data "skysql_service" "this" {
+  service_id = skysql_service.this.id
+}
+
+###
+# Create the SkySQL service
+###
+resource "skysql_service" "this" {
+  service_type              = "transactional"
+  topology                  = var.topology
+  cloud_provider            = "azure"
+  region                    = var.location
+  name                      = var.skysql_service_name
+  architecture              = "amd64"
+  nodes                     = 1
+  size                      = "sky-2x8"
+  storage                   = 100
+  ssl_enabled               = true
+  version                   = data.skysql_versions.this.versions[0].name
+  endpoint_mechanism        = "privateconnect"
+  endpoint_allowed_accounts = [data.azurerm_subscription.current.subscription_id]
+  wait_for_creation         = true
+  # The following line will be required when tearing down the skysql service
+  # deletion_protection = false
+}
+
+resource "azurerm_resource_group" "this" {
+  count     = var.create_resource_group ? 1 : 0
+  name     = var.resource_group_name
+  location = var.location
+}
+
+resource "azurerm_private_dns_zone" "this" {
+  name                = local.dns_domain
+  resource_group_name = data.azurerm_resource_group.this.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "this" {
+  name                  = local.dns_link_name
+  resource_group_name   = data.azurerm_resource_group.this.name
+  private_dns_zone_name = azurerm_private_dns_zone.this.name
+  virtual_network_id    = var.virtual_network_id
+}
+
+resource "azurerm_private_endpoint" "this" {
+  name                = var.skysql_service_name
+  location            = data.azurerm_resource_group.this.location
+  resource_group_name = data.azurerm_resource_group.this.name
+  subnet_id           = var.subnet_id
+
+  private_service_connection {
+    name                              = var.database_name
+    private_connection_resource_alias = data.skysql_service.this.endpoints[0].endpoint_service
+    is_manual_connection              = true
+    request_message                   = "PL"
+
+  }
+}
+
+resource "azurerm_private_dns_a_record" "this" {
+  name                = skysql_service.this.id
+  zone_name           = azurerm_private_dns_zone.this.name
+  resource_group_name = data.azurerm_resource_group.this.name
+  ttl                 = 300
+  records             = [azurerm_private_endpoint.this.private_service_connection[0].private_ip_address]
+}
diff --git a/examples/azure-private-link/providers.tf b/examples/azure-private-link/providers.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.96.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/examples/azure-private-link/variables.tf b/examples/azure-private-link/variables.tf
@@ -0,0 +1,50 @@
+variable "location" {
+  description = "The Azure Region in which all resources will be created."
+  type = string
+  default     = "eastus"
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group in which all resources will be created."
+  type        = string
+  default     = "skysql-private-link"
+}
+
+variable "create_resource_group" {
+  description = "Create a new resource group or use an existing one."
+  type        = bool
+  default     = true
+}
+
+variable "skysql_organization_id" {
+  description = "The SkySQL Organization ID."
+  type        = string
+}
+
+variable "skysql_base_domain" {
+  description = "The base domain for SkySQL database endpoints."
+  default     = "db3.skysql.com"
+  type        = string
+}
+
+variable "virtual_network_id" {
+  description = "The ID of the virtual network where the private endpoint will be created."
+  type        = string
+}
+
+variable "subnet_id" {
+  description = "The ID of the subnet where the private endpoint will be created."
+  type        = string
+}
+
+variable "skysql_service_name" {
+  description = "The name of the database to create."
+  type        = string
+  default     = "skysql-private-link"
+}
+
+variable "topology" {
+  description = "The SkySQL topology to deploy."
+  type        = string
+  default     = "es-single"
+}