mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-18 21:12:09 +03:00
55 lines
1.4 KiB
Terraform
55 lines
1.4 KiB
Terraform
|
# The bastion instance, which runs the AlloyDB auth proxy.
|
||
|
|
||
|
# This grabs the name of the latest Debian image.
|
||
|
data "google_compute_image" "bastion_image" {
|
||
|
family = "debian-11"
|
||
|
project = "debian-cloud"
|
||
|
}
|
||
|
|
||
|
resource "google_compute_instance" "bastion" {
|
||
|
name = "${var.name}-testing-alloydb-bastion"
|
||
|
machine_type = "e2-small"
|
||
|
zone = "us-central1-a"
|
||
|
tags = [
|
||
|
# "ssh", # uncomment and re-apply to SSH in
|
||
|
"postgres",
|
||
|
]
|
||
|
|
||
|
network_interface {
|
||
|
network = google_compute_network.default.id
|
||
|
|
||
|
# Runs on an ephemeral public IP address.
|
||
|
access_config {}
|
||
|
}
|
||
|
|
||
|
boot_disk {
|
||
|
initialize_params {
|
||
|
image = data.google_compute_image.bastion_image.self_link
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# This service account has client access to AlloyDB.
|
||
|
service_account {
|
||
|
email = google_service_account.service_account.email
|
||
|
scopes = ["cloud-platform"]
|
||
|
}
|
||
|
|
||
|
# On startup, download the AlloyDB auth proxy and run it.
|
||
|
# Logs are written to /alloydb-auth-proxy.log. You can SSH in and view them if necessary.
|
||
|
metadata_startup_script = <<-EOT
|
||
|
#!/usr/bin/env bash
|
||
|
|
||
|
set -e
|
||
|
set -u
|
||
|
set -o pipefail
|
||
|
|
||
|
curl -fsSL https://storage.googleapis.com/alloydb-auth-proxy/v0.6.1/alloydb-auth-proxy.linux.amd64 -o alloydb-auth-proxy
|
||
|
chmod +x alloydb-auth-proxy
|
||
|
|
||
|
nohup ./alloydb-auth-proxy \
|
||
|
'${google_alloydb_instance.primary.id}' \
|
||
|
--address "0.0.0.0" \
|
||
|
>& alloydb-auth-proxy.log &
|
||
|
EOT
|
||
|
}
|