Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AKS support for Backup Extension #21251

Open
1 task done
mkemmerz opened this issue Apr 3, 2023 · 7 comments
Open
1 task done

AKS support for Backup Extension #21251

mkemmerz opened this issue Apr 3, 2023 · 7 comments
Labels
enhancement preview service/kubernetes-cluster

Comments

@mkemmerz
Copy link

mkemmerz commented Apr 3, 2023
edited
Loading

Is there an existing issue for this?

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AKS should support the installation and configuration of the new Backup Extension: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-manage-backups#backup-extension-related-operations

Docs to the backup feature: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup

Extenstion installation command:

It should support the configuration mentioned in the installation command:
az k8s-extension create --name azure-aks-backup --extension-type Microsoft.DataProtection.Kubernetes --scope cluster --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg --release-train stable --configuration-settings blobContainer=containername storageAccount=storageaccountname storageAccountResourceGroup=storageaccountrg storageAccountSubscriptionId=subscriptionid

The extension is required to be able to automate the whole AKS backup feature in the future.

The managed identity that is created during the installation should be exported as output variable too (at least client id), as we need to grant permissions to it for the feature.

New or Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Potential Terraform Configuration

resource "azurerm_kubernetes_cluster" "example" {
  ...

  backup {
    name          = "foo"
    release-train = "stable"
    
    blob {
      container_name                      = "mycontainer"
      storage_account_name                = "mystorage"
      storage_account_resource_group_name = "myreg"
      subscription_id                     = "1234-5678-9999"
    }
  }

References

No response
@fabian-ro
Copy link

The backup extension and the necessary role assignments can be created with the azurerm provider:

resource "azurerm_kubernetes_cluster_extension" "aks_backup" {
  name           = "backup"
  cluster_id     = azurerm_kubernetes_cluster.this.id
  extension_type = "microsoft.dataprotection.kubernetes"
  release_train  = "stable"

  configuration_settings = {
    "credentials.tenantId"                                      = data.azurerm_client_config.this.tenant_id
    "configuration.backupStorageLocation.config.subscriptionId" = data.azurerm_client_config.this.subscription_id
    "configuration.backupStorageLocation.config.resourceGroup"  = azurerm_storage_account.aks_backup.resource_group_name
    "configuration.backupStorageLocation.config.storageAccount" = azurerm_storage_account.aks_backup.name
    "configuration.backupStorageLocation.bucket"                = azurerm_storage_container.aks_backup.name
  }
}

However, the backup policy and backup configuration are not yet supported. Something like azurerm_data_protection_backup_policy_kubernetes and azurerm_data_protection_backup_instance_kubernetes would be nice. In the meantime, the azapi Provider is an option to manage these resources.

@jkroepke
Copy link
Contributor

In the meantime, the azapi Provider is an option to manage these resources.

@fabian-ro Do you have an example to share?

@fabian-ro
Copy link

fabian-ro commented Dec 7, 2023
edited
Loading

@jkroepke I created a Gist with some example code.

@antoineozenne-at-leocare
Copy link

Thank you @fabian-ro. Just for information, according to my tests, azurerm_kubernetes_cluster_extension.name must be azure-aks-backup for the extension to be displayed in the Azure Portal in the Backup menu (However, I tried without any backup_configuration).

@antoineozenne-at-leocare
Copy link

antoineozenne-at-leocare commented Feb 16, 2024
edited
Loading

The resource azurerm_data_protection_backup_policy_kubernetes_cluster is now available in the version 3.91.0. All that remains is to implement azurerm_data_protection_backup_instance_kubernetes.

@antoineozenne-at-leocare
Copy link

The resource azurerm_data_protection_backup_instance_kubernetes_cluster is now available in the version 3.95.0 with a great and complete example.

Please, is it possible to implement the data source of these two resources now?

@mjnovice
Copy link

Isn't this already closed now ? I see https://registry.terraform.io/providers/hashicorp/azurerm/3.110.0/docs/resources/kubernetes_cluster_extension ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement preview service/kubernetes-cluster
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jkroepke @mjnovice @mybayern1974 @stephybun @mkemmerz @fabian-ro @antoineozenne-at-leocare