GCP SQL Instance

Creates a Cloud SQL MySQL instance with databases, users, and secrets.

Use this module when a Rabbit service needs a managed MySQL database with automatic password generation and Secret Manager integration.

Supported Features

• Cloud SQL MySQL instance creation.
• Multiple database creation on a single instance.
• Automatic random password generation with version-controlled rotation.
• Database credentials stored in GCP Secret Manager.
• Private IP networking via shared VPC.
• Query Insights configuration.
• Automated backups with binary logging.
• Maintenance window scheduling.
• Configurable database flags.
• Disk autoresize.
• SSL mode configuration.
• Deletion protection.

Prerequisites

• GCP credentials with permission to manage Cloud SQL instances and Secret Manager.
• The sqladmin.googleapis.com API enabled on the project.
• A shared VPC association when using private IP (see gcp-networking module).

Important Notes

• instance_name must be unique within the GCP project. Deleted instance names cannot be reused for one week.
• database_names creates multiple databases on the same instance. All environments typically share one instance with different databases via DB_NAME in each configmap.
• db_user_password_version in user_labels controls password rotation. Increment to generate a new password.
• network references the shared VPC when ipv4_enabled is false.
• binary_log_enabled must be true for point-in-time recovery on MySQL.

Minimal Example

services:
  - name: "GCP SQL Instance"
    module: "gcp-sql-instance"
    id: "sql-instance"
    deployment_order: 20
    configurations:
      instance_name: "my-sql-instance"
      database_version: "MYSQL_8_0"
      database_instance_type: "db-f1-micro"
      region: "us-central1"
      database_names:
        - "production"
      user_labels:
        db_user_password_version: "1"

Outputs

Output	Description
db_instance_name	The name of the Cloud SQL instance.
db_instance_connection_name	The connection name of the Cloud SQL instance.
db_instance_ip_address	The IP address of the Cloud SQL instance.
db_instance_project_id	The project ID of the Cloud SQL instance.
db_instance_region	The region of the Cloud SQL instance.
database_instance_type	The type of the Cloud SQL instance.
private_ip_address	The private IP address of the Cloud SQL instance.
public_ip_address	The public IP address of the Cloud SQL instance.

Full Configuration Schema

The fields below are public module inputs under configurations.

configurations:
  google_api_name: "sql-component.googleapis.com"
  instance_name: "rabbit-tf-cloud-sql"
  database_version: "MYSQL_8_0"
  database_instance_type: "db-f1-micro"
  edition: "ENTERPRISE"
  region: "us-central1"
  availability_type: "ZONAL"
  zone: "us-central1-a"
  deletion_protection: true
  deletion_protection_enabled: true
  ipv4_enabled: false
  private_path_for_google_cloud_services: true
  query_insights_enabled: true
  query_string_length: 1024
  record_application_tags: true
  record_client_address: true
  query_plans_per_minute: 5
  db_user: "core"
  database_names:
    - "production"
    - "staging"
  secret_labels:
    creator: "automation"
  user_labels:
    state: "ready"
    creator: "automation"
    db_user_password_version: "1"
  disk_size: 20
  disk_type: "PD_SSD"
  ssl_mode: "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
  binary_log_enabled: true
  backup_enabled: true
  backup_start_time: "06:00"
  disk_autoresize: true
  maintenance_window_day: 3
  maintenance_window_hour: 6
  maintenance_window_update_track: "stable"
  database_flags:
    binlog_row_image: "full"
    character_set_server: "utf8"
    event_scheduler: "on"
    max_allowed_packet: "1073741824"
    sql_mode: "NO_ENGINE_SUBSTITUTION"
    wait_timeout: "28800"

Field	Type	Required	Description
instance_name	string	Yes	Cloud SQL instance name.
database_version	string	No	MySQL version. Defaults to MYSQL_8_0.
database_instance_type	string	No	Machine type. Defaults to db-f1-micro.
edition	string	No	Cloud SQL edition. Defaults to ENTERPRISE.
region	string	No	GCP region. Defaults to us-central1.
availability_type	string	No	Availability type: ZONAL or REGIONAL. Defaults to ZONAL.
zone	string	No	Preferred zone. Defaults to us-central1-a.
deletion_protection	boolean	No	Terraform-level deletion protection. Defaults to true.
deletion_protection_enabled	boolean	No	API-level deletion protection. Defaults to true.
ipv4_enabled	boolean	No	Enables public IPv4. Defaults to false.
private_path_for_google_cloud_services	boolean	No	Enables private path for Google Cloud services. Defaults to true.
query_insights_enabled	boolean	No	Enables Query Insights. Defaults to true.
query_string_length	number	No	Maximum query string length for insights. Defaults to 1024.
record_application_tags	boolean	No	Records application tags in insights. Defaults to true.
record_client_address	boolean	No	Records client address in insights. Defaults to true.
query_plans_per_minute	number	No	Query plans sampled per minute. Defaults to 5.
db_user	string	No	Database user name. Defaults to core.
database_names	array[string]	Yes	List of databases to create.
secret_labels	map[string]	No	Labels for Secret Manager secrets.
user_labels	map[string]	No	Labels for the Cloud SQL instance. Must include db_user_password_version.
disk_size	number	No	Disk size in GB. Defaults to 20.
disk_type	string	No	Disk type. Defaults to PD_SSD.
ssl_mode	string	No	SSL mode. Defaults to TRUSTED_CLIENT_CERTIFICATE_REQUIRED.
binary_log_enabled	boolean	No	Enables binary logging for point-in-time recovery. Defaults to true.
backup_enabled	boolean	No	Enables automated backups. Defaults to true.
backup_start_time	string	No	Backup start time in HH:MM format. Defaults to 06:00.
disk_autoresize	boolean	No	Enables automatic disk resize. Defaults to true.
maintenance_window_day	number	No	Maintenance window day (1=Monday). Defaults to 3.
maintenance_window_hour	number	No	Maintenance window hour (UTC). Defaults to 6.
maintenance_window_update_track	string	No	Update track: stable or canary. Defaults to stable.
database_flags	map[string]	No	MySQL database flags.