GCP CloudSQL Backups

Checks if a GCP CloudSQL instance has been successfully backed up recently.

gcp-database.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - maxAge: 6h
      gcp:
        project: google-project-name
        instance: cloudsql-instance-name

Field	Description	Scheme	Required
`gcp`	Connect to GCP project and instance	GCPDatabase	Yes
`maxAge`	Max age for backup allowed, eg. 5h30m	Duration
`name`	Name of the check, must be unique within the canary	`string`	Yes
`description`	Description for the check	`string`
`icon`	Icon for overwriting default icon on the dashboard	`string`
`labels`	Labels for check	`map[string]string`
`test`	Evaluate whether a check is healthy	`Expression`
`display`	Expression to change the formatting of the display	`Expression`
`transform`	Transform data from a check into multiple individual checks	`Expression`
`metrics`	Metrics to export from	`[]Metrics`

Duration

Durations are strings with an optional fraction and unit e.g. 300ms, 1.5h or 2h45m. Valid time units are ms, s, m, h.

GCPDatabase

Field	Description	Scheme	Required
`project`	GCP project\ name	string	Yes
`instance`	Google CloudSQL instance name	string	Yes
Connection
`connection`	Path of an existing connection e.g. `connection://aws/instance`/. Mutually exclusive with `credentials`	Connection
`credentials`	GCP Access Token File. Mutually exclusive with `connection`	EnvVar	Yes

Connecting to GCP

There are 3 options when connecting to GCP:

GKE workload identity (the default if no connection or credentials is specified)
connection, this is the recommended method, connections are reusable and secure

aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - maxAge: 6h
      gcp:
        project: google-project-name
        instance: cloudsql-instance-name
       connection: connection://gcp/internal

accessKey and secretKey EnvVar with the credentials stored in a secret.

aws.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: database-backup-check
spec:
  interval: 60
  databaseBackup:
    - name: gcp db check
      maxAge: 6h
      gcp:
        project: google-project-name
        credentials:
          valueFrom:
            secretKeyRef:
              name: gcp-credentials
              key: AUTH_ACCESS_TOKEN

GCP CloudSQL Backups

Duration​

GCPDatabase​

Connecting to GCP​

Duration

GCPDatabase

Connecting to GCP