-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(backup): add GKE backup configuration variables
Introduce new variables for GKE backup configuration, including `backup_cron_schedule`, `backup_rpo_target_in_minutes`, `backup_config`, and `backup_retain_days`. These new settings enable backup schedule definition, RPO configuration, volume data and secrets backup options, and backup retention period definition.
- Loading branch information
1 parent
98bb7c5
commit acb8692
Showing
29 changed files
with
785 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -144,6 +144,10 @@ Then perform the following commands on the root folder: | |
| | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | | ||
| | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | ||
| | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no | | ||
| | backup\_config | Defines the backup configuration settings, including volume data and secrets backup options. | <pre>object({<br> include_volume_data = optional(bool)<br> include_secrets = optional(bool)<br> })</pre> | <pre>{<br> "include_secrets": true,<br> "include_volume_data": true<br>}</pre> | no | | ||
| | backup\_cron\_schedule | Defines the GKE backup schedule. Mutually exclusive with backup\_rpo\_target\_in\_minutes; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `string` | `null` | no | | ||
| | backup\_retain\_days | The number of days to retain backups. Must be between 1 and 35. Defaults to 7. | `number` | `7` | no | | ||
| | backup\_rpo\_target\_in\_minutes | Configuration for Recovery Point Objective (RPO), specifying the target RPO in minutes. Must be between 60 and 86400. Mutually exclusive with backup\_cron\_schedule; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `number` | `null` | no | | ||
| | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | | ||
| | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | <pre>object({<br> enabled = bool<br> autoscaling_profile = string<br> min_cpu_cores = number<br> max_cpu_cores = number<br> min_memory_gb = number<br> max_memory_gb = number<br> gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))<br> auto_repair = bool<br> auto_upgrade = bool<br> disk_size = optional(number)<br> disk_type = optional(string)<br> image_type = optional(string)<br> strategy = optional(string)<br> max_surge = optional(number)<br> max_unavailable = optional(number)<br> node_pool_soak_duration = optional(string)<br> batch_soak_duration = optional(string)<br> batch_percentage = optional(number)<br> batch_node_count = optional(number)<br> enable_secure_boot = optional(bool, false)<br> enable_integrity_monitoring = optional(bool, true)<br> })</pre> | <pre>{<br> "auto_repair": true,<br> "auto_upgrade": true,<br> "autoscaling_profile": "BALANCED",<br> "disk_size": 100,<br> "disk_type": "pd-standard",<br> "enable_integrity_monitoring": true,<br> "enable_secure_boot": false,<br> "enabled": false,<br> "gpu_resources": [],<br> "image_type": "COS_CONTAINERD",<br> "max_cpu_cores": 0,<br> "max_memory_gb": 0,<br> "min_cpu_cores": 0,<br> "min_memory_gb": 0<br>}</pre> | no | | ||
| | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| resource "google_gke_backup_backup_plan" "backup" { | ||
| count = (var.backup_cron_schedule != null || var.backup_rpo_target_in_minutes != null) && var.gke_backup_agent_config ? 1 : 0 | ||
|
|
||
| name = "${google_container_cluster.primary.name}-backup-plan" | ||
| cluster = google_container_cluster.primary.id | ||
|
|
||
| # Location (fallback to region or derived from zones) | ||
| location = try(var.region, substr(var.zones[0], 0, length(var.zones[0]) - 2)) | ||
|
|
||
| backup_config { | ||
| include_volume_data = try(var.backup_config.include_volume_data, true) | ||
| include_secrets = try(var.backup_config.include_secrets, true) | ||
| all_namespaces = true | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| for_each = var.backup_cron_schedule != null ? [var.backup_cron_schedule] : [] | ||
| content { | ||
| cron_schedule = backup_schedule.value | ||
| } | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| # If both backup_schedule and rpo_config are specified, backup_schedule have the precedence | ||
| for_each = var.backup_rpo_target_in_minutes != null && var.backup_cron_schedule ==null ? [var.backup_rpo_target_in_minutes] : [] | ||
| content { | ||
| rpo_config { | ||
| target_rpo_minutes = backup_schedule.value | ||
| } | ||
| } | ||
| } | ||
|
|
||
| retention_policy { | ||
| backup_retain_days = var.backup_retain_days | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| resource "google_gke_backup_backup_plan" "backup" { | ||
| count = (var.backup_cron_schedule != null || var.backup_rpo_target_in_minutes != null) && var.gke_backup_agent_config ? 1 : 0 | ||
|
|
||
| # Plan name and cluster identification | ||
| name = "${google_container_cluster.primary.name}-backup-plan" | ||
| cluster = google_container_cluster.primary.id | ||
|
|
||
| # Location (fallback to region or derived from zones) | ||
| location = try(var.region, substr(var.zones[0], 0, length(var.zones[0]) - 2)) | ||
|
|
||
| backup_config { | ||
| include_volume_data = try(var.backup_config.include_volume_data, true) | ||
| include_secrets = try(var.backup_config.include_secrets, true) | ||
| all_namespaces = true | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| for_each = var.backup_cron_schedule != null ? [var.backup_cron_schedule] : [] | ||
| content { | ||
| cron_schedule = backup_schedule.value | ||
| } | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| # If both backup_schedule and rpo_config are specified, backup_schedule have the precedence | ||
| for_each = var.backup_rpo_target_in_minutes != null && var.backup_cron_schedule == null ? [var.backup_rpo_target_in_minutes] : [] | ||
| content { | ||
| rpo_config { | ||
| target_rpo_minutes = backup_schedule.value | ||
| } | ||
| } | ||
| } | ||
|
|
||
| retention_policy { | ||
| backup_retain_days = var.backup_retain_days | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -77,6 +77,10 @@ Then perform the following commands on the root folder: | |
| | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | | ||
| | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | ||
| | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no | | ||
| | backup\_config | Defines the backup configuration settings, including volume data and secrets backup options. | <pre>object({<br> include_volume_data = optional(bool)<br> include_secrets = optional(bool)<br> })</pre> | <pre>{<br> "include_secrets": true,<br> "include_volume_data": true<br>}</pre> | no | | ||
| | backup\_cron\_schedule | Defines the GKE backup schedule. Mutually exclusive with backup\_rpo\_target\_in\_minutes; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `string` | `null` | no | | ||
| | backup\_retain\_days | The number of days to retain backups. Must be between 1 and 35. Defaults to 7. | `number` | `7` | no | | ||
| | backup\_rpo\_target\_in\_minutes | Configuration for Recovery Point Objective (RPO), specifying the target RPO in minutes. Must be between 60 and 86400. Mutually exclusive with backup\_cron\_schedule; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `number` | `null` | no | | ||
| | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | | ||
| | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | ||
| | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| resource "google_gke_backup_backup_plan" "backup" { | ||
| count = (var.backup_cron_schedule != null || var.backup_rpo_target_in_minutes != null) && var.gke_backup_agent_config ? 1 : 0 | ||
|
|
||
| # Plan name and cluster identification | ||
| name = "${google_container_cluster.primary.name}-backup-plan" | ||
| cluster = google_container_cluster.primary.id | ||
|
|
||
| # Location (fallback to region or derived from zones) | ||
| location = try(var.region, substr(var.zones[0], 0, length(var.zones[0]) - 2)) | ||
|
|
||
| backup_config { | ||
| include_volume_data = try(var.backup_config.include_volume_data, true) | ||
| include_secrets = try(var.backup_config.include_secrets, true) | ||
| all_namespaces = true | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| for_each = var.backup_cron_schedule != null ? [var.backup_cron_schedule] : [] | ||
| content { | ||
| cron_schedule = backup_schedule.value | ||
| } | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| # If both backup_schedule and rpo_config are specified, backup_schedule have the precedence | ||
| for_each = var.backup_rpo_target_in_minutes != null && var.backup_cron_schedule == null ? [var.backup_rpo_target_in_minutes] : [] | ||
| content { | ||
| rpo_config { | ||
| target_rpo_minutes = backup_schedule.value | ||
| } | ||
| } | ||
| } | ||
|
|
||
| retention_policy { | ||
| backup_retain_days = var.backup_retain_days | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -72,6 +72,10 @@ Then perform the following commands on the root folder: | |
| | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | | ||
| | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | ||
| | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no | | ||
| | backup\_config | Defines the backup configuration settings, including volume data and secrets backup options. | <pre>object({<br> include_volume_data = optional(bool)<br> include_secrets = optional(bool)<br> })</pre> | <pre>{<br> "include_secrets": true,<br> "include_volume_data": true<br>}</pre> | no | | ||
| | backup\_cron\_schedule | Defines the GKE backup schedule. Mutually exclusive with backup\_rpo\_target\_in\_minutes; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `string` | `null` | no | | ||
| | backup\_retain\_days | The number of days to retain backups. Must be between 1 and 35. Defaults to 7. | `number` | `7` | no | | ||
| | backup\_rpo\_target\_in\_minutes | Configuration for Recovery Point Objective (RPO), specifying the target RPO in minutes. Must be between 60 and 86400. Mutually exclusive with backup\_cron\_schedule; backup\_cron\_schedule takes precedence if both are set. Configure at least one to enable backup. | `number` | `null` | no | | ||
| | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | | ||
| | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | ||
| | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| resource "google_gke_backup_backup_plan" "backup" { | ||
| count = (var.backup_cron_schedule != null || var.backup_rpo_target_in_minutes != null) && var.gke_backup_agent_config ? 1 : 0 | ||
|
|
||
| # Plan name and cluster identification | ||
| name = "${google_container_cluster.primary.name}-backup-plan" | ||
| cluster = google_container_cluster.primary.id | ||
|
|
||
| # Location (fallback to region or derived from zones) | ||
| location = try(var.region, substr(var.zones[0], 0, length(var.zones[0]) - 2)) | ||
|
|
||
| backup_config { | ||
| include_volume_data = try(var.backup_config.include_volume_data, true) | ||
| include_secrets = try(var.backup_config.include_secrets, true) | ||
| all_namespaces = true | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| for_each = var.backup_cron_schedule != null ? [var.backup_cron_schedule] : [] | ||
| content { | ||
| cron_schedule = backup_schedule.value | ||
| } | ||
| } | ||
|
|
||
| dynamic "backup_schedule" { | ||
| # If both backup_schedule and rpo_config are specified, backup_schedule have the precedence | ||
| for_each = var.backup_rpo_target_in_minutes != null && var.backup_cron_schedule == null ? [var.backup_rpo_target_in_minutes] : [] | ||
| content { | ||
| rpo_config { | ||
| target_rpo_minutes = backup_schedule.value | ||
| } | ||
| } | ||
| } | ||
|
|
||
| retention_policy { | ||
| backup_retain_days = var.backup_retain_days | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.