GCP CloudSQL Backups
Checks if a GCP CloudSQL instance has been successfully backed up recently.
gcp-database.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- maxAge: 6h
gcp:
project: google-project-name
instance: cloudsql-instance-name
| Field | Description | Scheme | Required |
|---|---|---|---|
gcp |
Connect to GCP project and instance | GCPDatabase | Yes |
maxAge |
Max age for backup allowed, eg. 5h30m | Duration | |
* |
All other common fields | Common | |
Duration
Durations are strings with an optional fraction and unit e.g. 300ms, 1.5h or 2h45m. Valid time units are ms, s, m, h.
GCPDatabase
| Field | Description | Scheme | Required |
|---|---|---|---|
project |
GCP project name | string | Yes |
instance |
Google CloudSQL instance name | string | Yes |
| Connection | |||
connection |
Path of an existing connection e.g. connection://aws/instance/. Mutually exclusive with credentials |
Connection | |
credentials |
GCP Access Token File. Mutually exclusive with connection |
EnvVar | Yes |
Connecting to GCP
There are 3 options when connecting to GCP:
- GKE workload identity (the default if no
connectionorcredentialsis specified) connection, this is the recommended method, connections are reusable and secure
aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- maxAge: 6h
gcp:
project: google-project-name
instance: cloudsql-instance-name
connection: connection://gcp/internal
accessKeyandsecretKeyEnvVar with the credentials stored in a secret.
aws.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- name: gcp db check
maxAge: 6h
gcp:
project: google-project-name
credentials:
valueFrom:
secretKeyRef:
name: gcp-credentials
key: AUTH_ACCESS_TOKEN