googleGkeBackupBackupPlan

Represents a Backup Plan instance.

To get more information about BackupPlan, see:

• API documentation
• How-to Guides
• Official Documentation

Example Usage - Gkebackup Backupplan Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    addons_config: [
      {
        gke_backup_agent_config: [
          {
            enabled: true,
          },
        ],
      },
    ],
    initial_node_count: 1,
    location: "us-central1",
    name: "basic-cluster",
    workload_identity_config: [
      {
        workload_pool: "my-project-name.svc.id.goog",
      },
    ],
  });
new google.gkeBackupBackupPlan.GkeBackupBackupPlan(this, "basic", {
  backup_config: [
    {
      all_namespaces: true,
      include_secrets: true,
      include_volume_data: true,
    },
  ],
  cluster: googleContainerClusterPrimary.id,
  location: "us-central1",
  name: "basic-plan",
});

Example Usage - Gkebackup Backupplan Autopilot

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    addons_config: [
      {
        gke_backup_agent_config: [
          {
            enabled: true,
          },
        ],
      },
    ],
    enable_autopilot: true,
    ip_allocation_policy: [{}],
    location: "us-central1",
    name: "autopilot-cluster",
    release_channel: [
      {
        channel: "RAPID",
      },
    ],
  });
new google.gkeBackupBackupPlan.GkeBackupBackupPlan(this, "autopilot", {
  backup_config: [
    {
      all_namespaces: true,
      include_secrets: true,
      include_volume_data: true,
    },
  ],
  cluster: googleContainerClusterPrimary.id,
  location: "us-central1",
  name: "autopilot-plan",
});

Example Usage - Gkebackup Backupplan Cmek

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    addons_config: [
      {
        gke_backup_agent_config: [
          {
            enabled: true,
          },
        ],
      },
    ],
    initial_node_count: 1,
    location: "us-central1",
    name: "cmek-cluster",
    workload_identity_config: [
      {
        workload_pool: "my-project-name.svc.id.goog",
      },
    ],
  });
const googleKmsKeyRingKeyRing = new google.kmsKeyRing.KmsKeyRing(
  this,
  "key_ring",
  {
    location: "us-central1",
    name: "backup-key",
  }
);
const googleKmsCryptoKeyCryptoKey = new google.kmsCryptoKey.KmsCryptoKey(
  this,
  "crypto_key",
  {
    key_ring: googleKmsKeyRingKeyRing.id,
    name: "backup-key",
  }
);
new google.gkeBackupBackupPlan.GkeBackupBackupPlan(this, "cmek", {
  backup_config: [
    {
      encryption_key: [
        {
          gcp_kms_encryption_key: googleKmsCryptoKeyCryptoKey.id,
        },
      ],
      include_secrets: true,
      include_volume_data: true,
      selected_namespaces: [
        {
          namespaces: ["default", "test"],
        },
      ],
    },
  ],
  cluster: googleContainerClusterPrimary.id,
  location: "us-central1",
  name: "cmek-plan",
});

Example Usage - Gkebackup Backupplan Full

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleContainerClusterPrimary =
  new google.containerCluster.ContainerCluster(this, "primary", {
    addons_config: [
      {
        gke_backup_agent_config: [
          {
            enabled: true,
          },
        ],
      },
    ],
    initial_node_count: 1,
    location: "us-central1",
    name: "full-cluster",
    workload_identity_config: [
      {
        workload_pool: "my-project-name.svc.id.goog",
      },
    ],
  });
new google.gkeBackupBackupPlan.GkeBackupBackupPlan(this, "full", {
  backup_config: [
    {
      include_secrets: true,
      include_volume_data: true,
      selected_applications: [
        {
          namespaced_names: [
            {
              name: "app1",
              namespace: "ns1",
            },
            {
              name: "app2",
              namespace: "ns2",
            },
          ],
        },
      ],
    },
  ],
  backup_schedule: [
    {
      cron_schedule: "0 9 * * 1",
    },
  ],
  cluster: googleContainerClusterPrimary.id,
  location: "us-central1",
  name: "full-plan",
  retention_policy: [
    {
      backup_delete_lock_days: 30,
      backup_retain_days: 180,
    },
  ],
});

Argument Reference

The following arguments are supported:

• name - (Required) The full name of the BackupPlan Resource.

• cluster - (Required) The source cluster from which Backups will be created via this BackupPlan.

• location - (Required) The region of the Backup Plan.

• description - (Optional) User specified descriptive string for this BackupPlan.

• retentionPolicy - (Optional) RetentionPolicy governs lifecycle of Backups created under this plan. Structure is documented below.

• labels - (Optional) Description: A set of custom labels supplied by the user. A list of key->value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

• backupSchedule - (Optional) Defines a schedule for automatic Backup creation via this BackupPlan. Structure is documented below.

• deactivated - (Optional) This flag indicates whether this BackupPlan has been deactivated. Setting this field to True locks the BackupPlan such that no further updates will be allowed (except deletes), including the deactivated field itself. It also prevents any new Backups from being created via this BackupPlan (including scheduled Backups).

• backupConfig - (Optional) Defines the configuration of Backups created via this BackupPlan. Structure is documented below.

• project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The retentionPolicy block supports:

• backupDeleteLockDays - (Optional) Minimum age for a Backup created via this BackupPlan (in days). Must be an integer value between 0-90 (inclusive). A Backup created under this BackupPlan will not be deletable until it reaches Backup's (create time + backup_delete_lock_days). Updating this field of a BackupPlan does not affect existing Backups. Backups created after a successful update will inherit this new value.

• backupRetainDays - (Optional) The default maximum age of a Backup created via this BackupPlan. This field MUST be an integer value >= 0 and <= 365. If specified, a Backup created under this BackupPlan will be automatically deleted after its age reaches (createTime + backupRetainDays). If not specified, Backups created under this BackupPlan will NOT be subject to automatic deletion. Updating this field does NOT affect existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. If cronSchedule is defined, then this must be <= 360 * the creation interval.]

• locked - (Optional) This flag denotes whether the retention policy of this BackupPlan is locked. If set to True, no further update is allowed on this policy, including the locked field itself.

The backupSchedule block supports:

• cronSchedule - (Optional) A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. If this is defined, then backupRetainDays must also be defined.

• paused - (Optional) This flag denotes whether automatic Backup creation is paused for this BackupPlan.

The backupConfig block supports:

• includeVolumeData - (Optional) This flag specifies whether volume data should be backed up when PVCs are included in the scope of a Backup.

• includeSecrets - (Optional) This flag specifies whether Kubernetes Secret resources should be included when they fall into the scope of Backups.

• encryptionKey - (Optional) This defines a customer managed encryption key that will be used to encrypt the "config" portion (the Kubernetes resources) of Backups created via this plan. Structure is documented below.

• allNamespaces - (Optional) If True, include all namespaced resources.

• selectedNamespaces - (Optional) If set, include just the resources in the listed namespaces. Structure is documented below.

• selectedApplications - (Optional) A list of namespaced Kubernetes Resources. Structure is documented below.

The encryptionKey block supports:

• gcpKmsEncryptionKey - (Required) Google Cloud KMS encryption key. Format: projects//locations//keyRings//cryptoKeys/

The selectedNamespaces block supports:

• namespaces - (Required) A list of Kubernetes Namespaces.

The selectedApplications block supports:

• namespacedNames - (Required) A list of namespaced Kubernetes resources. Structure is documented below.

The namespacedNames block supports:

• namespace - (Required) The namespace of a Kubernetes Resource.

• name - (Required) The name of a Kubernetes Resource.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{name}}

• uid - Server generated, unique identifier of UUID format.

• etag - etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a backup plan from overwriting each other. It is strongly suggested that systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates in order to avoid race conditions: An etag is returned in the response to backupPlans.get, and systems are expected to put that etag in the request to backupPlans.patch or backupPlans.delete to ensure that their change will be applied to the same version of the resource.

• protectedPodCount - The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

BackupPlan can be imported using any of these accepted formats:

$ terraform import google_gke_backup_backup_plan.default projects/{{project}}/locations/{{location}}/backupPlans/{{name}}
$ terraform import google_gke_backup_backup_plan.default {{project}}/{{location}}/{{name}}
$ terraform import google_gke_backup_backup_plan.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.