Represents a Backup Plan instance.
To get more information about BackupPlan, see:
resource "google_container_cluster" "primary" {
name = "basic-cluster"
location = "us-central1"
initial_node_count = 1
workload_identity_config {
workload_pool = "my-project-name.svc.id.goog"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "basic" {
name = "basic-plan"
cluster = google_container_cluster.primary.id
location = "us-central1"
backup_config {
include_volume_data = true
include_secrets = true
all_namespaces = true
}
}
resource "google_container_cluster" "primary" {
name = "autopilot-cluster"
location = "us-central1"
enable_autopilot = true
ip_allocation_policy {
}
release_channel {
channel = "RAPID"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "autopilot" {
name = "autopilot-plan"
cluster = google_container_cluster.primary.id
location = "us-central1"
backup_config {
include_volume_data = true
include_secrets = true
all_namespaces = true
}
}
resource "google_container_cluster" "primary" {
name = "cmek-cluster"
location = "us-central1"
initial_node_count = 1
workload_identity_config {
workload_pool = "my-project-name.svc.id.goog"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "cmek" {
name = "cmek-plan"
cluster = google_container_cluster.primary.id
location = "us-central1"
backup_config {
include_volume_data = true
include_secrets = true
selected_namespaces {
namespaces = ["default", "test"]
}
encryption_key {
gcp_kms_encryption_key = google_kms_crypto_key.crypto_key.id
}
}
}
resource "google_kms_crypto_key" "crypto_key" {
name = "backup-key"
key_ring = google_kms_key_ring.key_ring.id
}
resource "google_kms_key_ring" "key_ring" {
name = "backup-key"
location = "us-central1"
}
resource "google_container_cluster" "primary" {
name = "full-cluster"
location = "us-central1"
initial_node_count = 1
workload_identity_config {
workload_pool = "my-project-name.svc.id.goog"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "full" {
name = "full-plan"
cluster = google_container_cluster.primary.id
location = "us-central1"
retention_policy {
backup_delete_lock_days = 30
backup_retain_days = 180
}
backup_schedule {
cron_schedule = "0 9 * * 1"
}
backup_config {
include_volume_data = true
include_secrets = true
selected_applications {
namespaced_names {
name = "app1"
namespace = "ns1"
}
namespaced_names {
name = "app2"
namespace = "ns2"
}
}
}
}
resource "google_container_cluster" "primary" {
name = "rpo-daily-cluster"
location = "us-central1"
initial_node_count = 1
workload_identity_config {
workload_pool = "my-project-name.svc.id.goog"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "rpo_daily_window" {
name = "rpo-daily-window"
cluster = google_container_cluster.primary.id
location = "us-central1"
retention_policy {
backup_delete_lock_days = 30
backup_retain_days = 180
}
backup_schedule {
paused = true
rpo_config {
target_rpo_minutes=1440
exclusion_windows {
start_time {
hours = 12
}
duration = "7200s"
daily = true
}
exclusion_windows {
start_time {
hours = 8
minutes = 40
seconds = 1
nanos = 100
}
duration = "3600s"
single_occurrence_date {
year = 2024
month = 3
day = 16
}
}
}
}
backup_config {
include_volume_data = true
include_secrets = true
all_namespaces = true
}
}
resource "google_container_cluster" "primary" {
name = "rpo-weekly-cluster"
location = "us-central1"
initial_node_count = 1
workload_identity_config {
workload_pool = "my-project-name.svc.id.goog"
}
addons_config {
gke_backup_agent_config {
enabled = true
}
}
deletion_protection = "true"
network = "default"
subnetwork = "default"
}
resource "google_gke_backup_backup_plan" "rpo_weekly_window" {
name = "rpo-weekly-window"
cluster = google_container_cluster.primary.id
location = "us-central1"
retention_policy {
backup_delete_lock_days = 30
backup_retain_days = 180
}
backup_schedule {
paused = true
rpo_config {
target_rpo_minutes=1440
exclusion_windows {
start_time {
hours = 1
minutes = 23
}
duration = "1800s"
days_of_week {
days_of_week = ["MONDAY", "THURSDAY"]
}
}
exclusion_windows {
start_time {
hours = 12
}
duration = "3600s"
single_occurrence_date {
year = 2024
month = 3
day = 17
}
}
exclusion_windows {
start_time {
hours = 8
minutes = 40
}
duration = "600s"
single_occurrence_date {
year = 2024
month = 3
day = 18
}
}
}
}
backup_config {
include_volume_data = true
include_secrets = true
all_namespaces = true
}
}
The following arguments are supported:
name
-
(Required)
The full name of the BackupPlan Resource.
cluster
-
(Required)
The source cluster from which Backups will be created via this BackupPlan.
location
-
(Required)
The region of the Backup Plan.
description
-
(Optional)
User specified descriptive string for this BackupPlan.
retention_policy
-
(Optional)
RetentionPolicy governs lifecycle of Backups created under this plan.
Structure is documented below.
labels
-
(Optional)
Description: A set of custom labels supplied by the user.
A list of key->value pairs.
Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
backup_schedule
-
(Optional)
Defines a schedule for automatic Backup creation via this BackupPlan.
Structure is documented below.
deactivated
-
(Optional)
This flag indicates whether this BackupPlan has been deactivated.
Setting this field to True locks the BackupPlan such that no further updates will be allowed
(except deletes), including the deactivated field itself. It also prevents any new Backups
from being created via this BackupPlan (including scheduled Backups).
backup_config
-
(Optional)
Defines the configuration of Backups created via this BackupPlan.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The retention_policy
block supports:
backup_delete_lock_days
-
(Optional)
Minimum age for a Backup created via this BackupPlan (in days).
Must be an integer value between 0-90 (inclusive).
A Backup created under this BackupPlan will not be deletable
until it reaches Backup's (create time + backup_delete_lock_days).
Updating this field of a BackupPlan does not affect existing Backups.
Backups created after a successful update will inherit this new value.
backup_retain_days
-
(Optional)
The default maximum age of a Backup created via this BackupPlan.
This field MUST be an integer value >= 0 and <= 365. If specified,
a Backup created under this BackupPlan will be automatically deleted
after its age reaches (createTime + backupRetainDays).
If not specified, Backups created under this BackupPlan will NOT be
subject to automatic deletion. Updating this field does NOT affect
existing Backups under it. Backups created AFTER a successful update
will automatically pick up the new value.
NOTE: backupRetainDays must be >= backupDeleteLockDays.
If cronSchedule is defined, then this must be <= 360 * the creation interval.
If rpo_config is defined, then this must be
<= 360 * targetRpoMinutes/(1440minutes/day)
locked
-
(Optional)
This flag denotes whether the retention policy of this BackupPlan is locked.
If set to True, no further update is allowed on this policy, including
the locked field itself.
The backup_schedule
block supports:
cron_schedule
-
(Optional)
A standard cron string that defines a repeating schedule for
creating Backups via this BackupPlan.
This is mutually exclusive with the rpoConfig field since at most one
schedule can be defined for a BackupPlan.
If this is defined, then backupRetainDays must also be defined.
paused
-
(Optional)
This flag denotes whether automatic Backup creation is paused for this BackupPlan.
rpo_config
-
(Optional)
Defines the RPO schedule configuration for this BackupPlan. This is mutually
exclusive with the cronSchedule field since at most one schedule can be defined
for a BackupPLan. If this is defined, then backupRetainDays must also be defined.
Structure is documented below.
The rpo_config
block supports:
target_rpo_minutes
-
(Required)
Defines the target RPO for the BackupPlan in minutes, which means the target
maximum data loss in time that is acceptable for this BackupPlan. This must be
at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days.
exclusion_windows
-
(Optional)
User specified time windows during which backup can NOT happen for this BackupPlan.
Backups should start and finish outside of any given exclusion window. Note: backup
jobs will be scheduled to start and finish outside the duration of the window as
much as possible, but running jobs will not get canceled when it runs into the window.
All the time and date values in exclusionWindows entry in the API are in UTC. We
only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no
restriction on number of single occurrence windows.
Structure is documented below.
The exclusion_windows
block supports:
start_time
-
(Required)
Specifies the start time of the window using time of the day in UTC.
Structure is documented below.
duration
-
(Required)
Specifies duration of the window in seconds with up to nine fractional digits,
terminated by 's'. Example: "3.5s". Restrictions for duration based on the
recurrence type to allow some time for backup to happen:
single_occurrence_date
-
(Optional)
No recurrence. The exclusion window occurs only once and on this date in UTC.
Only one of singleOccurrenceDate, daily and daysOfWeek may be set.
Structure is documented below.
daily
-
(Optional)
The exclusion window occurs every day if set to "True".
Specifying this field to "False" is an error.
Only one of singleOccurrenceDate, daily and daysOfWeek may be set.
days_of_week
-
(Optional)
The exclusion window occurs on these days of each week in UTC.
Only one of singleOccurrenceDate, daily and daysOfWeek may be set.
Structure is documented below.
The start_time
block supports:
hours
-
(Optional)
Hours of day in 24 hour format.
minutes
-
(Optional)
Minutes of hour of day.
seconds
-
(Optional)
Seconds of minutes of the time.
nanos
-
(Optional)
Fractions of seconds in nanoseconds.
The single_occurrence_date
block supports:
year
-
(Optional)
Year of the date.
month
-
(Optional)
Month of a year.
day
-
(Optional)
Day of a month.
The days_of_week
block supports:
days_of_week
-
(Optional)
A list of days of week.
Each value may be one of: MONDAY
, TUESDAY
, WEDNESDAY
, THURSDAY
, FRIDAY
, SATURDAY
, SUNDAY
.The backup_config
block supports:
include_volume_data
-
(Optional)
This flag specifies whether volume data should be backed up when PVCs are
included in the scope of a Backup.
include_secrets
-
(Optional)
This flag specifies whether Kubernetes Secret resources should be included
when they fall into the scope of Backups.
encryption_key
-
(Optional)
This defines a customer managed encryption key that will be used to encrypt the "config"
portion (the Kubernetes resources) of Backups created via this plan.
Structure is documented below.
all_namespaces
-
(Optional)
If True, include all namespaced resources.
selected_namespaces
-
(Optional)
If set, include just the resources in the listed namespaces.
Structure is documented below.
selected_applications
-
(Optional)
A list of namespaced Kubernetes Resources.
Structure is documented below.
The encryption_key
block supports:
gcp_kms_encryption_key
-
(Required)
Google Cloud KMS encryption key. Format: projects//locations//keyRings//cryptoKeys/The selected_namespaces
block supports:
namespaces
-
(Required)
A list of Kubernetes Namespaces.The selected_applications
block supports:
namespaced_names
-
(Required)
A list of namespaced Kubernetes resources.
Structure is documented below.The namespaced_names
block supports:
namespace
-
(Required)
The namespace of a Kubernetes Resource.
name
-
(Required)
The name of a Kubernetes Resource.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{name}}
uid
-
Server generated, unique identifier of UUID format.
etag
-
etag is used for optimistic concurrency control as a way to help prevent simultaneous
updates of a backup plan from overwriting each other. It is strongly suggested that
systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates
in order to avoid race conditions: An etag is returned in the response to backupPlans.get,
and systems are expected to put that etag in the request to backupPlans.patch or
backupPlans.delete to ensure that their change will be applied to the same version of the resource.
protected_pod_count
-
The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.
state
-
The State of the BackupPlan.
state_reason
-
Detailed description of why BackupPlan is in its current state.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.BackupPlan can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/backupPlans/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import BackupPlan using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/backupPlans/{{name}}"
to = google_gke_backup_backup_plan.default
}
When using the terraform import
command, BackupPlan can be imported using one of the formats above. For example:
$ terraform import google_gke_backup_backup_plan.default projects/{{project}}/locations/{{location}}/backupPlans/{{name}}
$ terraform import google_gke_backup_backup_plan.default {{project}}/{{location}}/{{name}}
$ terraform import google_gke_backup_backup_plan.default {{location}}/{{name}}
This resource supports User Project Overrides.