|
| 1 | +--- |
| 2 | +Title: "Data Protection of a Tanzu Kubernetes Cluster" |
| 3 | +Description: |- |
| 4 | + An example of using Data Protection Feature for a Tanzu Kubernetes Cluster |
| 5 | +--- |
| 6 | +# Enable Data Protection |
| 7 | + |
| 8 | +The `tanzu-mission-control_enable_data_protection` resource enables users to activate and set up data protection for a Tanzu Kubernetes Cluster. |
| 9 | +Once enabled, users can create instant backups or schedule backups for later. |
| 10 | + |
| 11 | +For more information regarding data protection, see [Data Protection][data-protection]. |
| 12 | + |
| 13 | +[data-protection]: https://docs.vmware.com/en/VMware-Tanzu-Mission-Control/services/tanzumc-concepts/GUID-C16557BC-EB1B-4414-8E63-28AD92E0CAE5.html |
| 14 | + |
| 15 | + |
| 16 | +# Target Location |
| 17 | + |
| 18 | +The `"tanzu-mission-control_target_location` resource enables users to create and configure target locations for data protection backups. |
| 19 | +Once created, a target location can be used to store cluster backups. |
| 20 | + |
| 21 | +**NOTE**: The type of a target location is inherited from the configured credentials type which can be either "TMC Managed" or "Self Managed". |
| 22 | + |
| 23 | +For more information regarding target location, see [Target Location][target-location]. |
| 24 | + |
| 25 | +[target-location]: https://docs.vmware.com/en/VMware-Tanzu-Mission-Control/services/tanzumc-using/GUID-867683CE-8AF0-4DC7-9121-81AD507EDB3B.html |
| 26 | + |
| 27 | +# Backup Schedule |
| 28 | + |
| 29 | +The `tanzu-mission-control_backup_schedule` resource enables users to create and configure scheduled backups in a cluster. |
| 30 | + |
| 31 | +Backups can be applied in 3 levels: |
| 32 | + |
| 33 | +* Entire/Full Cluster |
| 34 | +* Selected Namespaces |
| 35 | +* Resources Selection By Label Selector |
| 36 | + |
| 37 | +For more information regarding scheduled backups, see [Scheduled Backups][backup-schedule]. |
| 38 | + |
| 39 | +[backup-schedule]: https://docs.vmware.com/en/VMware-Tanzu-Mission-Control/services/tanzumc-using/GUID-89926F80-050A-4F1C-9D04-D56D5F453995.html?hWord=N4IghgNiBcIEZgMYGsCuAHABAZ0QCwFMATVCAkAXyA |
| 40 | + |
| 41 | +## Sample usage of Data Protection |
| 42 | + |
| 43 | +You can use the following template as reference for enabling all stages of data protection feature of Tanzu Mission Control using Terraform (i.e.) Enable data-protection for cluster, Set a Target Location of backup and finally, set a backup schedule for periodic data protection. |
| 44 | + |
| 45 | +```terraform |
| 46 | +// Tanzu Mission Control Data Protection Feature |
| 47 | +
|
| 48 | +locals { |
| 49 | + cluster_name = "<cluster-name>" |
| 50 | + management_cluster_name = "<management-cluster-name>" |
| 51 | + provisioner_name = "<provisioner-name>" |
| 52 | +} |
| 53 | +
|
| 54 | +// Enable Data Protection |
| 55 | +resource "tanzu-mission-control_enable_data_protection" "data_protection" { |
| 56 | + scope { |
| 57 | + cluster { |
| 58 | + cluster_name = local.cluster_name |
| 59 | + management_cluster_name = local.management_cluster_name |
| 60 | + provisioner_name = local.provisioner_name |
| 61 | + } |
| 62 | + } |
| 63 | +
|
| 64 | + spec { |
| 65 | + disable_restic = false // Default: false |
| 66 | + enable_csi_snapshots = false // Default: false |
| 67 | + enable_all_api_group_versions_backup = false // Default: false |
| 68 | + } |
| 69 | +
|
| 70 | + deletion_policy { |
| 71 | + delete_backups = false // Default: false |
| 72 | + } |
| 73 | +} |
| 74 | +
|
| 75 | +// Create Target Location for Scheduled Back Up |
| 76 | +// Self managed AWS Target Location |
| 77 | +resource "tanzu-mission-control_target_location" "aws_self_provisioned" { |
| 78 | + name = "<target-location-name>" |
| 79 | +
|
| 80 | + spec { |
| 81 | + target_provider = "AWS" |
| 82 | + credential = { |
| 83 | + name = "<aws-credential-name?" |
| 84 | + } |
| 85 | +
|
| 86 | + bucket = "<bucket-name>" |
| 87 | + region = "<region>" |
| 88 | +
|
| 89 | + config { |
| 90 | + aws { |
| 91 | + s3_force_path_style = false |
| 92 | + s3_bucket_url = "<aws-s3-bucket-url>" |
| 93 | + s3_public_url = "<aws-s3-public-url>" |
| 94 | + } |
| 95 | + } |
| 96 | +
|
| 97 | + assigned_groups { |
| 98 | + cluster { |
| 99 | + name = local.cluster_name |
| 100 | + management_cluster_name = local.management_cluster_name |
| 101 | + provisioner_name = local.provisioner_name |
| 102 | + } |
| 103 | +
|
| 104 | + cluster_groups = ["<cluster-group-name-1>", "<cluster-group-name-2>"] |
| 105 | + } |
| 106 | + } |
| 107 | +} |
| 108 | +
|
| 109 | +// Create Full Cluster Scheduled Back Up |
| 110 | +resource "tanzu-mission-control_backup_schedule" "backup_full_cluster" { |
| 111 | + name = "<scheduled-backup-name>" |
| 112 | + scope { |
| 113 | + cluster { |
| 114 | + cluster_name = local.cluster_name |
| 115 | + management_cluster_name = local.management_cluster_name |
| 116 | + provisioner_name = local.provisioner_name |
| 117 | + } |
| 118 | + } |
| 119 | +
|
| 120 | + backup_scope = "FULL_CLUSTER" |
| 121 | +
|
| 122 | + spec { |
| 123 | + schedule { |
| 124 | + rate = "0 12 * * 1" |
| 125 | + } |
| 126 | +
|
| 127 | + template { |
| 128 | + backup_ttl = "2592000s" |
| 129 | + excluded_namespaces = [ |
| 130 | + "<namespace-1>", |
| 131 | + ] |
| 132 | + excluded_resources = [ |
| 133 | + "<resource-1>", |
| 134 | + "<resource-2>" |
| 135 | + ] |
| 136 | +
|
| 137 | + storage_location = tanzu-mission-control_target_location.aws_self_provisioned.name |
| 138 | + } |
| 139 | + } |
| 140 | +} |
| 141 | +``` |
0 commit comments