Skip to content

fix(infra): remove VPC peering complexity for Cloud SQL access #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fg-nava wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

fix(infra): remove VPC peering complexity for Cloud SQL access #127

fg-nava wants to merge 4 commits into from
+336 −13

Conversation

@fg-nava
Copy link
Collaborator

@fg-nava fg-nava commented Dec 9, 2025

Summary

This PR simplifies Cloud SQL networking for preview environments by removing the complex bidirectional VPC peering approach from #126.

The Problem:
The original PR required manually maintaining preview_vpc_names variable and redeploying dev whenever a preview environment was created. VPC peering requires both sides to create peering resources, which created an operational burden.

The Solution:
Each VPC (dev, preview, prod) already creates a google_service_networking_connection to Google's servicenetworking VPC. Since Cloud SQL sits in the servicenetworking VPC, any environment with this connection can already reach Cloud SQL directly - no VPC-to-VPC peering needed.

Changes

  • Remove preview_vpc_names variable and all VPC peering resources from vpc.tf
  • Add database outputs (database_private_ip, database_connection_name, etc.) to outputs.tf
  • Add dev_database_private_ip and dev_database_connection_name variables for preview environments
  • Update deploy.yml to fetch dev database info before planning preview environments

How it works

  1. Dev deploys → creates Cloud SQL → outputs connection info
  2. Preview deploys → workflow fetches dev's terraform outputs → passes DB info to preview terraform
  3. Preview services connect to dev Cloud SQL via servicenetworking (already peered)

msantoroks and others added 4 commits December 8, 2025 09:14
@msantoroks
Merge pull request #125 from navapbc/develop
f4616c6 
Develop
@msantoroks
feat(infra): add Cloud SQL with VPC peering for preview environments
18c6178 
- Manage Cloud SQL instances for dev and prod (preview uses dev via peering)
- Auto-generate passwords and store in Secret Manager
- Configure minimal resources for testing
- Implement bidirectional VPC peering between preview and dev
- Organize VPC peering configuration in vpc.tf
@msantoroks
feat(infra): configure production-grade Cloud SQL tiers
ef73aad 
- Dev: db-custom-2-3840 (2 vCPUs, 3.75GB RAM, 50GB storage)
- Prod: db-custom-4-7680 (4 vCPUs, 7.5GB RAM, 100GB storage)
- Enable backups, PITR, and deletion protection for prod
@fg-nava
fix(infra): remove VPC peering complexity for Cloud SQL access
0af6f51 
Preview environments can access the dev Cloud SQL instance directly
via servicenetworking peering (already configured per-VPC) without
needing bidirectional VPC peering between dev and preview VPCs.

Changes:
- Remove manual preview_vpc_names variable and VPC peering resources
- Add database outputs (connection name, private IP) for services
- Update deploy.yml to fetch dev DB info for preview environments
- Pass dev database connection info to preview terraform runs
@github-actions
Copy link

github-actions bot commented Dec 9, 2025

Preview Deployment Complete

Infrastructure deployed to preview-pr-127 environment.

Access URLs

Note: Custom domain not configured for preview environments. Use Cloud Run URL to access the application.

@fg-nava fg-nava requested a review from msantoroks December 9, 2025 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msantoroks msantoroks Awaiting requested review from msantoroks

Assignees

No one assigned

Labels

Do Not Merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fg-nava @msantoroks