GCP CloudSQL Backups
Checks if a GCP CloudSQL instance has been successfully backed up recently.
gcp-database.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- maxAge: 6h
gcp:
project: google-project-name
instance: cloudsql-instance-name
| Field | Description | Scheme | Required |
|---|---|---|---|
gcp | Connect to GCP project and instance | GCPDatabase | Yes |
maxAge | Max age for backup allowed, eg. 5h30m | Duration | |
name | Name of the check, must be unique within the canary | string | Yes |
description | Description for the check | string | |
icon | Icon for overwriting default icon on the dashboard | string | |
labels | Labels for check | map[string]string | |
test | Evaluate whether a check is healthy | Expression | |
display | Expression to change the formatting of the display | Expression | |
transform | Transform data from a check into multiple individual checks | Expression | |
metrics | Metrics to export from | []Metrics | |
Duration
Durations are strings with an optional fraction and unit e.g. 300ms, 1.5h or 2h45m. Valid time units are ms, s, m, h.
GCPDatabase
| Field | Description | Scheme | Required |
|---|---|---|---|
project | GCP project\ name | string | Yes |
instance | Google CloudSQL instance name | string | Yes |
| Connection | |||
connection | Path of an existing connection e.g. connection://aws/instance/. Mutually exclusive with credentials | Connections | |
credentials | GCP Access Token File. Mutually exclusive with connection | EnvVar | Yes |
Connecting to GCP
There are 3 options when connecting to GCP:
- GKE workload identity (the default if no
connectionorcredentialsis specified) connection, this is the recommended method, connections are reusable and secure
aws-connection.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- maxAge: 6h
gcp:
project: google-project-name
instance: cloudsql-instance-name
connection: connection://gcp/internal
accessKeyandsecretKeyEnvVar with the credentials stored in a secret.
aws.yamlapiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: database-backup-check
spec:
interval: 60
databaseBackup:
- name: gcp db check
maxAge: 6h
gcp:
project: google-project-name
credentials:
valueFrom:
secretKeyRef:
name: gcp-credentials
key: AUTH_ACCESS_TOKEN