diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index be9a4021..3c0d64f5 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -96,23 +96,23 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L106) | Autopilot cluster are always regional. | string
| ✓ | |
-| [name](variables.tf#L141) | Cluster name. | string
| ✓ | |
-| [project_id](variables.tf#L167) | Cluster project id. | string
| ✓ | |
-| [vpc_config](variables.tf#L190) | VPC-level configuration. | object({…})
| ✓ | |
-| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…})
| | {}
|
-| [description](variables.tf#L33) | Cluster description. | string
| | null
|
-| [enable_addons](variables.tf#L39) | Addons enabled in the cluster (true means enabled). | object({…})
| | {…}
|
-| [enable_features](variables.tf#L60) | Enable cluster-level features. Certain features allow configuration. | object({…})
| | {…}
|
-| [issue_client_certificate](variables.tf#L94) | Enable issuing client certificate. | bool
| | false
|
-| [labels](variables.tf#L100) | Cluster resource labels. | map(string)
| | null
|
-| [maintenance_config](variables.tf#L112) | Maintenance window configuration. | object({…})
| | {…}
|
-| [min_master_version](variables.tf#L135) | Minimum version of the master, defaults to the version of the most recent official release. | string
| | null
|
-| [node_locations](variables.tf#L146) | Zones in which the cluster's nodes are located. | list(string)
| | []
|
-| [private_cluster_config](variables.tf#L153) | Private cluster configuration. | object({…})
| | null
|
-| [release_channel](variables.tf#L172) | Release channel for GKE upgrades. | string
| | null
|
-| [service_account](variables.tf#L178) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string
| | null
|
-| [tags](variables.tf#L184) | Network tags applied to nodes. | list(string)
| | null
|
+| [location](variables.tf#L110) | Autopilot cluster are always regional. | string
| ✓ | |
+| [name](variables.tf#L145) | Cluster name. | string
| ✓ | |
+| [project_id](variables.tf#L171) | Cluster project id. | string
| ✓ | |
+| [vpc_config](variables.tf#L194) | VPC-level configuration. | object({…})
| ✓ | |
+| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…})
| | {}
|
+| [description](variables.tf#L37) | Cluster description. | string
| | null
|
+| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | object({…})
| | {…}
|
+| [enable_features](variables.tf#L64) | Enable cluster-level features. Certain features allow configuration. | object({…})
| | {…}
|
+| [issue_client_certificate](variables.tf#L98) | Enable issuing client certificate. | bool
| | false
|
+| [labels](variables.tf#L104) | Cluster resource labels. | map(string)
| | null
|
+| [maintenance_config](variables.tf#L116) | Maintenance window configuration. | object({…})
| | {…}
|
+| [min_master_version](variables.tf#L139) | Minimum version of the master, defaults to the version of the most recent official release. | string
| | null
|
+| [node_locations](variables.tf#L150) | Zones in which the cluster's nodes are located. | list(string)
| | []
|
+| [private_cluster_config](variables.tf#L157) | Private cluster configuration. | object({…})
| | null
|
+| [release_channel](variables.tf#L176) | Release channel for GKE upgrades. | string
| | null
|
+| [service_account](variables.tf#L182) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string
| | null
|
+| [tags](variables.tf#L188) | Network tags applied to nodes. | list(string)
| | null
|
## Outputs
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index bd071a17..693370c8 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -266,11 +266,25 @@ resource "google_gke_backup_backup_plan" "backup_plan" {
backup_schedule {
cron_schedule = each.value.schedule
}
- #TODO add support for configs
+
backup_config {
- include_volume_data = true
- include_secrets = true
- all_namespaces = true
+ include_volume_data = each.value.include_volume_data
+ include_secrets = each.value.include_secrets
+
+ dynamic "encryption_key" {
+ for_each = each.value.encryption_key != null ? [""] : []
+ content {
+ gcp_kms_encryption_key = each.value.encryption_key
+ }
+ }
+
+ all_namespaces = lookup(each.value, "namespaces", null) != null ? null : true
+ dynamic "selected_namespaces" {
+ for_each = each.value.namespaces != null ? [""] : []
+ content {
+ namespaces = each.value.namespaces
+ }
+ }
}
}
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index 40877ff6..75755963 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -19,6 +19,10 @@ variable "backup_configs" {
type = object({
enable_backup_agent = optional(bool, false)
backup_plans = optional(map(object({
+ encryption_key = optional(string)
+ include_secrets = optional(bool, true)
+ include_volume_data = optional(bool, true)
+ namespaces = optional(list(string))
region = string
schedule = string
retention_policy_days = optional(string)
diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md
index 6430333a..bcee3320 100644
--- a/modules/gke-cluster-standard/README.md
+++ b/modules/gke-cluster-standard/README.md
@@ -131,26 +131,26 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L133) | Cluster zone or region. | string
| ✓ | |
-| [name](variables.tf#L190) | Cluster name. | string
| ✓ | |
-| [project_id](variables.tf#L216) | Cluster project id. | string
| ✓ | |
-| [vpc_config](variables.tf#L233) | VPC-level configuration. | object({…})
| ✓ | |
-| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…})
| | {}
|
-| [cluster_autoscaling](variables.tf#L33) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…})
| | null
|
-| [description](variables.tf#L54) | Cluster description. | string
| | null
|
-| [enable_addons](variables.tf#L60) | Addons enabled in the cluster (true means enabled). | object({…})
| | {…}
|
-| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | object({…})
| | {…}
|
-| [issue_client_certificate](variables.tf#L121) | Enable issuing client certificate. | bool
| | false
|
-| [labels](variables.tf#L127) | Cluster resource labels. | map(string)
| | null
|
-| [logging_config](variables.tf#L138) | Logging configuration. | list(string)
| | ["SYSTEM_COMPONENTS"]
|
-| [maintenance_config](variables.tf#L144) | Maintenance window configuration. | object({…})
| | {…}
|
-| [max_pods_per_node](variables.tf#L167) | Maximum number of pods per node in this cluster. | number
| | 110
|
-| [min_master_version](variables.tf#L173) | Minimum version of the master, defaults to the version of the most recent official release. | string
| | null
|
-| [monitoring_config](variables.tf#L179) | Monitoring components. | object({…})
| | {…}
|
-| [node_locations](variables.tf#L195) | Zones in which the cluster's nodes are located. | list(string)
| | []
|
-| [private_cluster_config](variables.tf#L202) | Private cluster configuration. | object({…})
| | null
|
-| [release_channel](variables.tf#L221) | Release channel for GKE upgrades. | string
| | null
|
-| [tags](variables.tf#L227) | Network tags applied to nodes. | list(string)
| | null
|
+| [location](variables.tf#L137) | Cluster zone or region. | string
| ✓ | |
+| [name](variables.tf#L194) | Cluster name. | string
| ✓ | |
+| [project_id](variables.tf#L220) | Cluster project id. | string
| ✓ | |
+| [vpc_config](variables.tf#L237) | VPC-level configuration. | object({…})
| ✓ | |
+| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…})
| | {}
|
+| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…})
| | null
|
+| [description](variables.tf#L58) | Cluster description. | string
| | null
|
+| [enable_addons](variables.tf#L64) | Addons enabled in the cluster (true means enabled). | object({…})
| | {…}
|
+| [enable_features](variables.tf#L87) | Enable cluster-level features. Certain features allow configuration. | object({…})
| | {…}
|
+| [issue_client_certificate](variables.tf#L125) | Enable issuing client certificate. | bool
| | false
|
+| [labels](variables.tf#L131) | Cluster resource labels. | map(string)
| | null
|
+| [logging_config](variables.tf#L142) | Logging configuration. | list(string)
| | ["SYSTEM_COMPONENTS"]
|
+| [maintenance_config](variables.tf#L148) | Maintenance window configuration. | object({…})
| | {…}
|
+| [max_pods_per_node](variables.tf#L171) | Maximum number of pods per node in this cluster. | number
| | 110
|
+| [min_master_version](variables.tf#L177) | Minimum version of the master, defaults to the version of the most recent official release. | string
| | null
|
+| [monitoring_config](variables.tf#L183) | Monitoring components. | object({…})
| | {…}
|
+| [node_locations](variables.tf#L199) | Zones in which the cluster's nodes are located. | list(string)
| | []
|
+| [private_cluster_config](variables.tf#L206) | Private cluster configuration. | object({…})
| | null
|
+| [release_channel](variables.tf#L225) | Release channel for GKE upgrades. | string
| | null
|
+| [tags](variables.tf#L231) | Network tags applied to nodes. | list(string)
| | null
|
## Outputs
diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf
index b73f2472..70aed87b 100644
--- a/modules/gke-cluster-standard/main.tf
+++ b/modules/gke-cluster-standard/main.tf
@@ -372,11 +372,25 @@ resource "google_gke_backup_backup_plan" "backup_plan" {
backup_schedule {
cron_schedule = each.value.schedule
}
- #TODO add support for configs
+
backup_config {
- include_volume_data = true
- include_secrets = true
- all_namespaces = true
+ include_volume_data = each.value.include_volume_data
+ include_secrets = each.value.include_secrets
+
+ dynamic "encryption_key" {
+ for_each = each.value.encryption_key != null ? [""] : []
+ content {
+ gcp_kms_encryption_key = each.value.encryption_key
+ }
+ }
+
+ all_namespaces = lookup(each.value, "namespaces", null) != null ? null : true
+ dynamic "selected_namespaces" {
+ for_each = each.value.namespaces != null ? [""] : []
+ content {
+ namespaces = each.value.namespaces
+ }
+ }
}
}
diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf
index 260afc75..814d89a1 100644
--- a/modules/gke-cluster-standard/variables.tf
+++ b/modules/gke-cluster-standard/variables.tf
@@ -19,6 +19,10 @@ variable "backup_configs" {
type = object({
enable_backup_agent = optional(bool, false)
backup_plans = optional(map(object({
+ encryption_key = optional(string)
+ include_secrets = optional(bool, true)
+ include_volume_data = optional(bool, true)
+ namespaces = optional(list(string))
region = string
schedule = string
retention_policy_days = optional(string)