 GCP CloudSQL Backups
 GCP CloudSQL Backups
Checks if a GCP CloudSQL instance has been successfully backed up recently.
gcp-database.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - maxAge: 6h
      gcp:
        project: google-project-name
        instance: cloudsql-instance-name
| Field | Description | Scheme | Required | 
|---|---|---|---|
| gcp | Connect to GCP project and instance | GCPDatabase | Yes | 
| maxAge | Max age for backup allowed, eg. 5h30m | Duration | |
| * | All other common fields | Common | |
Duration
Durations are strings with an optional fraction and unit e.g.  300ms, 1.5h or 2h45m. Valid time units are ms, s, m, h.
GCPDatabase
| Field | Description | Scheme | Required | 
|---|---|---|---|
| project | GCP project name | string | Yes | 
| instance | Google CloudSQL instance name | string | Yes | 
| Connection | |||
| connection | Path of an existing connection e.g. connection://aws/instance/. Mutually exclusive withcredentials | Connection | |
| credentials | GCP Access Token File. Mutually exclusive with connection | EnvVar | Yes | 
Connecting to GCP
There are 3 options when connecting to GCP:
- GKE workload identity (the default if no connectionorcredentialsis specified)
- connection, this is the recommended method, connections are reusable and secure
aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - maxAge: 6h
      gcp:
        project: google-project-name
        instance: cloudsql-instance-name
       connection: connection://gcp/internal
- accessKeyand- secretKeyEnvVar with the credentials stored in a secret.
aws.yaml
                
              apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - name: gcp db check
      maxAge: 6h
      gcp:
        project: google-project-name
        credentials:
          valueFrom:
            secretKeyRef:
              name: gcp-credentials
              key: AUTH_ACCESS_TOKEN