From 5763eb53d427a79450d4302863cfa4eaca593154 Mon Sep 17 00:00:00 2001 From: Brent Walker Date: Tue, 2 May 2023 10:59:12 -0400 Subject: [PATCH] Enhance GKE Backup Configuration Support (#1349) * Add more support for backup configuration * Update docs * Remove redundant lookups --- modules/gke-cluster-autopilot/README.md | 34 +++++++++--------- modules/gke-cluster-autopilot/main.tf | 22 +++++++++--- modules/gke-cluster-autopilot/variables.tf | 4 +++ modules/gke-cluster-standard/README.md | 40 +++++++++++----------- modules/gke-cluster-standard/main.tf | 22 +++++++++--- modules/gke-cluster-standard/variables.tf | 4 +++ 6 files changed, 81 insertions(+), 45 deletions(-) diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md index be9a4021..3c0d64f5 100644 --- a/modules/gke-cluster-autopilot/README.md +++ b/modules/gke-cluster-autopilot/README.md @@ -96,23 +96,23 @@ module "cluster-1" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [location](variables.tf#L106) | Autopilot cluster are always regional. | string | ✓ | | -| [name](variables.tf#L141) | Cluster name. | string | ✓ | | -| [project_id](variables.tf#L167) | Cluster project id. | string | ✓ | | -| [vpc_config](variables.tf#L190) | VPC-level configuration. | object({…}) | ✓ | | -| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} | -| [description](variables.tf#L33) | Cluster description. | string | | null | -| [enable_addons](variables.tf#L39) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | -| [enable_features](variables.tf#L60) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} | -| [issue_client_certificate](variables.tf#L94) | Enable issuing client certificate. | bool | | false | -| [labels](variables.tf#L100) | Cluster resource labels. | map(string) | | null | -| [maintenance_config](variables.tf#L112) | Maintenance window configuration. | object({…}) | | {…} | -| [min_master_version](variables.tf#L135) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | -| [node_locations](variables.tf#L146) | Zones in which the cluster's nodes are located. | list(string) | | [] | -| [private_cluster_config](variables.tf#L153) | Private cluster configuration. | object({…}) | | null | -| [release_channel](variables.tf#L172) | Release channel for GKE upgrades. | string | | null | -| [service_account](variables.tf#L178) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null | -| [tags](variables.tf#L184) | Network tags applied to nodes. | list(string) | | null | +| [location](variables.tf#L110) | Autopilot cluster are always regional. | string | ✓ | | +| [name](variables.tf#L145) | Cluster name. | string | ✓ | | +| [project_id](variables.tf#L171) | Cluster project id. | string | ✓ | | +| [vpc_config](variables.tf#L194) | VPC-level configuration. | object({…}) | ✓ | | +| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} | +| [description](variables.tf#L37) | Cluster description. | string | | null | +| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | +| [enable_features](variables.tf#L64) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} | +| [issue_client_certificate](variables.tf#L98) | Enable issuing client certificate. | bool | | false | +| [labels](variables.tf#L104) | Cluster resource labels. | map(string) | | null | +| [maintenance_config](variables.tf#L116) | Maintenance window configuration. | object({…}) | | {…} | +| [min_master_version](variables.tf#L139) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | +| [node_locations](variables.tf#L150) | Zones in which the cluster's nodes are located. | list(string) | | [] | +| [private_cluster_config](variables.tf#L157) | Private cluster configuration. | object({…}) | | null | +| [release_channel](variables.tf#L176) | Release channel for GKE upgrades. | string | | null | +| [service_account](variables.tf#L182) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null | +| [tags](variables.tf#L188) | Network tags applied to nodes. | list(string) | | null | ## Outputs diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf index bd071a17..693370c8 100644 --- a/modules/gke-cluster-autopilot/main.tf +++ b/modules/gke-cluster-autopilot/main.tf @@ -266,11 +266,25 @@ resource "google_gke_backup_backup_plan" "backup_plan" { backup_schedule { cron_schedule = each.value.schedule } - #TODO add support for configs + backup_config { - include_volume_data = true - include_secrets = true - all_namespaces = true + include_volume_data = each.value.include_volume_data + include_secrets = each.value.include_secrets + + dynamic "encryption_key" { + for_each = each.value.encryption_key != null ? [""] : [] + content { + gcp_kms_encryption_key = each.value.encryption_key + } + } + + all_namespaces = lookup(each.value, "namespaces", null) != null ? null : true + dynamic "selected_namespaces" { + for_each = each.value.namespaces != null ? [""] : [] + content { + namespaces = each.value.namespaces + } + } } } diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf index 40877ff6..75755963 100644 --- a/modules/gke-cluster-autopilot/variables.tf +++ b/modules/gke-cluster-autopilot/variables.tf @@ -19,6 +19,10 @@ variable "backup_configs" { type = object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ + encryption_key = optional(string) + include_secrets = optional(bool, true) + include_volume_data = optional(bool, true) + namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md index 6430333a..bcee3320 100644 --- a/modules/gke-cluster-standard/README.md +++ b/modules/gke-cluster-standard/README.md @@ -131,26 +131,26 @@ module "cluster-1" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [location](variables.tf#L133) | Cluster zone or region. | string | ✓ | | -| [name](variables.tf#L190) | Cluster name. | string | ✓ | | -| [project_id](variables.tf#L216) | Cluster project id. | string | ✓ | | -| [vpc_config](variables.tf#L233) | VPC-level configuration. | object({…}) | ✓ | | -| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} | -| [cluster_autoscaling](variables.tf#L33) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null | -| [description](variables.tf#L54) | Cluster description. | string | | null | -| [enable_addons](variables.tf#L60) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | -| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} | -| [issue_client_certificate](variables.tf#L121) | Enable issuing client certificate. | bool | | false | -| [labels](variables.tf#L127) | Cluster resource labels. | map(string) | | null | -| [logging_config](variables.tf#L138) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] | -| [maintenance_config](variables.tf#L144) | Maintenance window configuration. | object({…}) | | {…} | -| [max_pods_per_node](variables.tf#L167) | Maximum number of pods per node in this cluster. | number | | 110 | -| [min_master_version](variables.tf#L173) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | -| [monitoring_config](variables.tf#L179) | Monitoring components. | object({…}) | | {…} | -| [node_locations](variables.tf#L195) | Zones in which the cluster's nodes are located. | list(string) | | [] | -| [private_cluster_config](variables.tf#L202) | Private cluster configuration. | object({…}) | | null | -| [release_channel](variables.tf#L221) | Release channel for GKE upgrades. | string | | null | -| [tags](variables.tf#L227) | Network tags applied to nodes. | list(string) | | null | +| [location](variables.tf#L137) | Cluster zone or region. | string | ✓ | | +| [name](variables.tf#L194) | Cluster name. | string | ✓ | | +| [project_id](variables.tf#L220) | Cluster project id. | string | ✓ | | +| [vpc_config](variables.tf#L237) | VPC-level configuration. | object({…}) | ✓ | | +| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} | +| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null | +| [description](variables.tf#L58) | Cluster description. | string | | null | +| [enable_addons](variables.tf#L64) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} | +| [enable_features](variables.tf#L87) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} | +| [issue_client_certificate](variables.tf#L125) | Enable issuing client certificate. | bool | | false | +| [labels](variables.tf#L131) | Cluster resource labels. | map(string) | | null | +| [logging_config](variables.tf#L142) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] | +| [maintenance_config](variables.tf#L148) | Maintenance window configuration. | object({…}) | | {…} | +| [max_pods_per_node](variables.tf#L171) | Maximum number of pods per node in this cluster. | number | | 110 | +| [min_master_version](variables.tf#L177) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null | +| [monitoring_config](variables.tf#L183) | Monitoring components. | object({…}) | | {…} | +| [node_locations](variables.tf#L199) | Zones in which the cluster's nodes are located. | list(string) | | [] | +| [private_cluster_config](variables.tf#L206) | Private cluster configuration. | object({…}) | | null | +| [release_channel](variables.tf#L225) | Release channel for GKE upgrades. | string | | null | +| [tags](variables.tf#L231) | Network tags applied to nodes. | list(string) | | null | ## Outputs diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf index b73f2472..70aed87b 100644 --- a/modules/gke-cluster-standard/main.tf +++ b/modules/gke-cluster-standard/main.tf @@ -372,11 +372,25 @@ resource "google_gke_backup_backup_plan" "backup_plan" { backup_schedule { cron_schedule = each.value.schedule } - #TODO add support for configs + backup_config { - include_volume_data = true - include_secrets = true - all_namespaces = true + include_volume_data = each.value.include_volume_data + include_secrets = each.value.include_secrets + + dynamic "encryption_key" { + for_each = each.value.encryption_key != null ? [""] : [] + content { + gcp_kms_encryption_key = each.value.encryption_key + } + } + + all_namespaces = lookup(each.value, "namespaces", null) != null ? null : true + dynamic "selected_namespaces" { + for_each = each.value.namespaces != null ? [""] : [] + content { + namespaces = each.value.namespaces + } + } } } diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf index 260afc75..814d89a1 100644 --- a/modules/gke-cluster-standard/variables.tf +++ b/modules/gke-cluster-standard/variables.tf @@ -19,6 +19,10 @@ variable "backup_configs" { type = object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ + encryption_key = optional(string) + include_secrets = optional(bool, true) + include_volume_data = optional(bool, true) + namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string)