diff --git a/.changelog/6845.txt b/.changelog/6845.txt new file mode 100644 index 00000000000..8b7f2318557 --- /dev/null +++ b/.changelog/6845.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +`google_gke_backup_backup_plan` (beta) +``` diff --git a/google/resource_gke_backup_backup_plan_test.go b/google/resource_gke_backup_backup_plan_test.go new file mode 100644 index 00000000000..71664db3c87 --- /dev/null +++ b/google/resource_gke_backup_backup_plan_test.go @@ -0,0 +1 @@ +package google diff --git a/website/docs/r/gke_backup_backup_plan.html.markdown b/website/docs/r/gke_backup_backup_plan.html.markdown new file mode 100644 index 00000000000..1b9c1250ba7 --- /dev/null +++ b/website/docs/r/gke_backup_backup_plan.html.markdown @@ -0,0 +1,404 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Backup for GKE" +page_title: "Google: google_gke_backup_backup_plan" +description: |- + Represents a Backup Plan instance. +--- + +# google\_gke\_backup\_backup\_plan + +Represents a Backup Plan instance. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about BackupPlan, see: + +* [API documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.backupPlans) +* How-to Guides + * [Official Documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke) + +## Example Usage - Gkebackup Backupplan Basic + + +```hcl +resource "google_container_cluster" "primary" { + provider = google-beta + name = "basic-cluster" + location = "us-central1" + initial_node_count = 1 + workload_identity_config { + workload_pool = "my-project-name.svc.id.goog" + } + addons_config { + gke_backup_agent_config { + enabled = true + } + } +} + +resource "google_gke_backup_backup_plan" "basic" { + provider = google-beta + name = "basic-plan" + cluster = google_container_cluster.primary.id + location = "us-central1" + backup_config { + include_volume_data = true + include_secrets = true + all_namespaces = true + } +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Gkebackup Backupplan Autopilot + + +```hcl +resource "google_container_cluster" "primary" { + provider = google-beta + name = "autopilot-cluster" + location = "us-central1" + enable_autopilot = true + ip_allocation_policy { + } + release_channel { + channel = "RAPID" + } + addons_config { + gke_backup_agent_config { + enabled = true + } + } +} + +resource "google_gke_backup_backup_plan" "autopilot" { + provider = google-beta + name = "autopilot-plan" + cluster = google_container_cluster.primary.id + location = "us-central1" + backup_config { + include_volume_data = true + include_secrets = true + all_namespaces = true + } +} +``` +## Example Usage - Gkebackup Backupplan Cmek + + +```hcl +resource "google_container_cluster" "primary" { + provider = google-beta + name = "cmek-cluster" + location = "us-central1" + initial_node_count = 1 + workload_identity_config { + workload_pool = "my-project-name.svc.id.goog" + } + addons_config { + gke_backup_agent_config { + enabled = true + } + } +} + +resource "google_gke_backup_backup_plan" "cmek" { + provider = google-beta + name = "cmek-plan" + cluster = google_container_cluster.primary.id + location = "us-central1" + backup_config { + include_volume_data = true + include_secrets = true + selected_namespaces { + namespaces = ["default", "test"] + } + encryption_key { + gcp_kms_encryption_key = google_kms_crypto_key.crypto_key.id + } + } +} + +resource "google_kms_crypto_key" "crypto_key" { + provider = google-beta + name = "backup-key" + key_ring = google_kms_key_ring.key_ring.id +} + +resource "google_kms_key_ring" "key_ring" { + provider = google-beta + name = "backup-key" + location = "us-central1" +} +``` +## Example Usage - Gkebackup Backupplan Full + + +```hcl +resource "google_container_cluster" "primary" { + provider = google-beta + name = "full-cluster" + location = "us-central1" + initial_node_count = 1 + workload_identity_config { + workload_pool = "my-project-name.svc.id.goog" + } + addons_config { + gke_backup_agent_config { + enabled = true + } + } +} + +resource "google_gke_backup_backup_plan" "full" { + provider = google-beta + name = "full-plan" + cluster = google_container_cluster.primary.id + location = "us-central1" + retention_policy { + backup_delete_lock_days = 30 + backup_retain_days = 180 + } + backup_schedule { + cron_schedule = "0 9 * * 1" + } + backup_config { + include_volume_data = true + include_secrets = true + selected_applications { + namespaced_names { + name = "app1" + namespace = "ns1" + } + namespaced_names { + name = "app2" + namespace = "ns2" + } + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + The full name of the BackupPlan Resource. + +* `cluster` - + (Required) + The source cluster from which Backups will be created via this BackupPlan. + +* `location` - + (Required) + The region of the Backup Plan. + + +- - - + + +* `description` - + (Optional) + User specified descriptive string for this BackupPlan. + +* `retention_policy` - + (Optional) + RetentionPolicy governs lifecycle of Backups created under this plan. + Structure is [documented below](#nested_retention_policy). + +* `labels` - + (Optional) + Description: A set of custom labels supplied by the user. + A list of key->value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + +* `backup_schedule` - + (Optional) + Defines a schedule for automatic Backup creation via this BackupPlan. + Structure is [documented below](#nested_backup_schedule). + +* `deactivated` - + (Optional) + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + +* `backup_config` - + (Optional) + Defines the configuration of Backups created via this BackupPlan. + Structure is [documented below](#nested_backup_config). + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `retention_policy` block supports: + +* `backup_delete_lock_days` - + (Optional) + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + +* `backup_retain_days` - + (Optional) + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.] + +* `locked` - + (Optional) + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + +The `backup_schedule` block supports: + +* `cron_schedule` - + (Optional) + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + +* `paused` - + (Optional) + This flag denotes whether automatic Backup creation is paused for this BackupPlan. + +The `backup_config` block supports: + +* `include_volume_data` - + (Optional) + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + +* `include_secrets` - + (Optional) + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + +* `encryption_key` - + (Optional) + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + Structure is [documented below](#nested_encryption_key). + +* `all_namespaces` - + (Optional) + If True, include all namespaced resources. + +* `selected_namespaces` - + (Optional) + If set, include just the resources in the listed namespaces. + Structure is [documented below](#nested_selected_namespaces). + +* `selected_applications` - + (Optional) + A list of namespaced Kubernetes Resources. + Structure is [documented below](#nested_selected_applications). + + +The `encryption_key` block supports: + +* `gcp_kms_encryption_key` - + (Required) + Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/* + +The `selected_namespaces` block supports: + +* `namespaces` - + (Required) + A list of Kubernetes Namespaces. + +The `selected_applications` block supports: + +* `namespaced_names` - + (Required) + A list of namespaced Kubernetes resources. + Structure is [documented below](#nested_namespaced_names). + + +The `namespaced_names` block supports: + +* `namespace` - + (Required) + The namespace of a Kubernetes Resource. + +* `name` - + (Required) + The name of a Kubernetes Resource. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/backupPlans/{{name}}` + +* `uid` - + Server generated, unique identifier of UUID format. + +* `etag` - + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + +* `protected_pod_count` - + The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `update` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +BackupPlan can be imported using any of these accepted formats: + +``` +$ terraform import google_gke_backup_backup_plan.default projects/{{project}}/locations/{{location}}/backupPlans/{{name}} +$ terraform import google_gke_backup_backup_plan.default {{project}}/{{location}}/{{name}} +$ terraform import google_gke_backup_backup_plan.default {{location}}/{{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).