diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index 2d60e487..55ead077 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -122,6 +122,35 @@ module "cluster-1" {
}
# tftest modules=1 resources=1 inventory=dns.yaml
```
+
+
+### Backup for GKE
+
+This example shows how to [enable the Backup for GKE agent and configure a Backup Plan](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster"
+ project_id = var.project_id
+ name = "cluster-1"
+ location = "europe-west1"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = { pods = "pods", services = "services" }
+ }
+ backup_configs = {
+ enable_backup_agent = true
+ backup_plans = {
+ "backup-1" = {
+ region = "europe-west-2"
+ schedule = "0 9 * * 1"
+ }
+ }
+ }
+}
+# tftest modules=1 resources=1 inventory=backup.yaml
+```
## Variables
@@ -132,20 +161,21 @@ module "cluster-1" {
| [name](variables.tf#L176) | Cluster name. | string | ✓ | |
| [project_id](variables.tf#L202) | Cluster project id. | string | ✓ | |
| [vpc_config](variables.tf#L219) | VPC-level configuration. | object({…}) | ✓ | |
-| [cluster_autoscaling](variables.tf#L17) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
-| [description](variables.tf#L38) | Cluster description. | string | | null |
-| [enable_addons](variables.tf#L44) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
-| [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
-| [issue_client_certificate](variables.tf#L107) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L113) | Cluster resource labels. | map(string) | | null |
-| [logging_config](variables.tf#L124) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] |
-| [maintenance_config](variables.tf#L130) | Maintenance window configuration. | object({…}) | | {…} |
-| [max_pods_per_node](variables.tf#L153) | Maximum number of pods per node in this cluster. | number | | 110 |
-| [min_master_version](variables.tf#L159) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L165) | Monitoring components. | object({…}) | | {…} |
-| [node_locations](variables.tf#L181) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [private_cluster_config](variables.tf#L188) | Private cluster configuration. | object({…}) | | null |
-| [release_channel](variables.tf#L207) | Release channel for GKE upgrades. | string | | null |
+| [backup_configs](variables.tf#L17) | Backup For GKE configuration. | object({…}) | | null |
+| [cluster_autoscaling](variables.tf#L32) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
+| [description](variables.tf#L53) | Cluster description. | string | | null |
+| [enable_addons](variables.tf#L59) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
+| [enable_features](variables.tf#L82) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
+| [issue_client_certificate](variables.tf#L121) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L127) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L138) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] |
+| [maintenance_config](variables.tf#L144) | Maintenance window configuration. | object({…}) | | {…} |
+| [max_pods_per_node](variables.tf#L167) | Maximum number of pods per node in this cluster. | number | | 110 |
+| [min_master_version](variables.tf#L173) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L179) | Monitoring components. | object({…}) | | {…} |
+| [node_locations](variables.tf#L195) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [private_cluster_config](variables.tf#L202) | Private cluster configuration. | object({…}) | | null |
+| [release_channel](variables.tf#L221) | Release channel for GKE upgrades. | string | | null |
| [tags](variables.tf#L213) | Network tags applied to nodes. | list(string) | | null |
## Outputs
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index a42c4fb3..0261cab2 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -119,7 +119,7 @@ resource "google_container_cluster" "cluster" {
enabled = var.enable_addons.config_connector
}
gke_backup_agent_config {
- enabled = var.enable_addons.gke_backup_agent
+ enabled = try(var.backup_configs.enable_backup_agent, false)
}
}
@@ -386,6 +386,29 @@ resource "google_container_cluster" "cluster" {
}
}
+resource "google_gke_backup_backup_plan" "backup_plan" {
+ for_each = try(var.backup_configs.enable_backup_agent, false) ? var.backup_configs.backup_plans : null
+ name = each.key
+ cluster = google_container_cluster.cluster.id
+ location = each.value.region
+ project = var.project_id
+ retention_policy {
+ backup_delete_lock_days = try(each.value.retention_policy_delete_lock_days)
+ backup_retain_days = try(each.value.retention_policy_days)
+ locked = try(each.value.retention_policy_lock)
+ }
+ backup_schedule {
+ cron_schedule = each.value.schedule
+ }
+ #TODO add support for configs
+ backup_config {
+ include_volume_data = true
+ include_secrets = true
+ all_namespaces = true
+ }
+}
+
+
resource "google_compute_network_peering_routes_config" "gke_master" {
count = (
try(var.private_cluster_config.peering_config, null) != null ? 1 : 0
diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf
index a51ff208..932afad2 100644
--- a/modules/gke-cluster/variables.tf
+++ b/modules/gke-cluster/variables.tf
@@ -14,6 +14,21 @@
* limitations under the License.
*/
+variable "backup_configs" {
+ description = "Configuration for Backup for GKE."
+ type = object({
+ enable_backup_agent = optional(bool, false)
+ backup_plans = optional(map( object({
+ region = string
+ schedule = string
+ retention_policy_days = optional(string)
+ retention_policy_lock = optional(bool, false)
+ retention_policy_delete_lock_days = optional(string)
+ })))
+ })
+ default = null
+}
+
variable "cluster_autoscaling" {
description = "Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler."
type = object({
@@ -49,7 +64,6 @@ variable "enable_addons" {
dns_cache = optional(bool, false)
gce_persistent_disk_csi_driver = optional(bool, false)
gcp_filestore_csi_driver = optional(bool, false)
- gke_backup_agent = optional(bool, false)
horizontal_pod_autoscaling = optional(bool, false)
http_load_balancing = optional(bool, false)
istio = optional(object({