![]() The corresponding KMS scope is added by this module to the instance scopes if a valid KMS configuration is present. KMS decryption on the instance leverages the instance service account, which needs the roles/cloudkms.cryptoKeyDecrypter role on the provided key. decrypting the provided password on the instance using Cloud KMS, if the kms_data variable contains values for the project_id, keyring, location, and key keys.using the provided password as is, if the kms_data variable is empty.through the auto-generated secret, if no password is provided.The password and kms_data in particular allow different ways of passing the MySQL root password to the container: Variables allow controlling several aspects of the created resurces, like number of instances ( instance_count), container image used for MySQL ( container_image), client IP ranges allowed to connect to the service ( client_cidrs), MySQL configuration file ( my_cnf). google_compute_firewall, one firewall rule to allow traffic from specific IP ranges to the MySQL port.google_compute_instance, one or more COS instances.google_compute_disk, one data disk per instance.google_compute_address, one reserved IP address per instance.The following resources are created and managed by this module: This module implements a MySQL service running as a container on one or more Container Optimized OS instances. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |