AlloyDBCluster


Property Value
Google Cloud Service Name AlloyDB for PostgreSQL
Google Cloud Service Documentation /alloydb/docs/
Google Cloud REST Resource Name v1.projects.locations.clusters
Google Cloud REST Resource Documentation /alloydb/docs/reference/rest/v1/projects.locations.clusters
Config Connector Resource Short Names gcpalloydbcluster
gcpalloydbclusters
alloydbcluster
Config Connector Service Name alloydb.googleapis.com
Config Connector Resource Fully Qualified Name alloydbclusters.alloydb.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No
Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Spec

Schema

automatedBackupPolicy:
  backupWindow: string
  enabled: boolean
  encryptionConfig:
    kmsKeyNameRef:
      external: string
      name: string
      namespace: string
  labels:
    string: string
  location: string
  quantityBasedRetention:
    count: integer
  timeBasedRetention:
    retentionPeriod: string
  weeklySchedule:
    daysOfWeek:
    - string
    startTimes:
    - hours: integer
      minutes: integer
      nanos: integer
      seconds: integer
clusterType: string
continuousBackupConfig:
  enabled: boolean
  encryptionConfig:
    kmsKeyNameRef:
      external: string
      name: string
      namespace: string
  recoveryWindowDays: integer
deletionPolicy: string
displayName: string
encryptionConfig:
  kmsKeyNameRef:
    external: string
    name: string
    namespace: string
initialUser:
  password:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  user: string
location: string
maintenanceUpdatePolicy:
  maintenanceWindows:
  - day: string
    startTime:
      hours: integer
      minutes: integer
      nanos: integer
      seconds: integer
networkConfig:
  allocatedIpRange: string
  networkRef:
    external: string
    name: string
    namespace: string
networkRef:
  external: string
  name: string
  namespace: string
projectRef:
  external: string
  name: string
  namespace: string
resourceID: string
restoreBackupSource:
  backupNameRef:
    external: string
    name: string
    namespace: string
restoreContinuousBackupSource:
  clusterRef:
    external: string
    name: string
    namespace: string
  pointInTime: string
secondaryConfig:
  primaryClusterNameRef:
    external: string
    name: string
    namespace: string
Fields

automatedBackupPolicy

Optional

object

The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.

automatedBackupPolicy.backupWindow

Optional

string

The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

automatedBackupPolicy.enabled

Optional

boolean

Whether automated backups are enabled.

automatedBackupPolicy.encryptionConfig

Optional

object

EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).

automatedBackupPolicy.encryptionConfig.kmsKeyNameRef

Optional

object

(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].

automatedBackupPolicy.encryptionConfig.kmsKeyNameRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

automatedBackupPolicy.encryptionConfig.kmsKeyNameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

automatedBackupPolicy.encryptionConfig.kmsKeyNameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

automatedBackupPolicy.labels

Optional

map (key: string, value: string)

Labels to apply to backups created using this configuration.

automatedBackupPolicy.location

Optional

string

The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.

automatedBackupPolicy.quantityBasedRetention

Optional

object

Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.

automatedBackupPolicy.quantityBasedRetention.count

Optional

integer

The number of backups to retain.

automatedBackupPolicy.timeBasedRetention

Optional

object

Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.

automatedBackupPolicy.timeBasedRetention.retentionPeriod

Optional

string

The retention period. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

automatedBackupPolicy.weeklySchedule

Optional

object

Weekly schedule for the Backup.

automatedBackupPolicy.weeklySchedule.daysOfWeek

Optional

list (string)

The days of the week to perform a backup. At least one day of the week must be provided. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].

automatedBackupPolicy.weeklySchedule.daysOfWeek[]

Optional

string

automatedBackupPolicy.weeklySchedule.startTimes

Required*

list (object)

The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).

automatedBackupPolicy.weeklySchedule.startTimes[]

Required*

object

automatedBackupPolicy.weeklySchedule.startTimes[].hours

Optional

integer

Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

automatedBackupPolicy.weeklySchedule.startTimes[].minutes

Optional

integer

Minutes of hour of day. Currently, only the value 0 is supported.

automatedBackupPolicy.weeklySchedule.startTimes[].nanos

Optional

integer

Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.

automatedBackupPolicy.weeklySchedule.startTimes[].seconds

Optional

integer

Seconds of minutes of the time. Currently, only the value 0 is supported.

clusterType

Optional

string

The type of cluster. If not set, defaults to PRIMARY. Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].

continuousBackupConfig

Optional

object

The continuous backup config for this cluster. If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.

continuousBackupConfig.enabled

Optional

boolean

Whether continuous backup recovery is enabled. If not set, defaults to true.

continuousBackupConfig.encryptionConfig

Optional

object

EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).

continuousBackupConfig.encryptionConfig.kmsKeyNameRef

Optional

object

(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].

continuousBackupConfig.encryptionConfig.kmsKeyNameRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

continuousBackupConfig.encryptionConfig.kmsKeyNameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

continuousBackupConfig.encryptionConfig.kmsKeyNameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

continuousBackupConfig.recoveryWindowDays

Optional

integer

The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. If not set, defaults to 14 days.

deletionPolicy

Optional

string

Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.

displayName

Optional

string

User-settable and human-readable display name for the Cluster.

encryptionConfig

Optional

object

EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).

encryptionConfig.kmsKeyNameRef

Optional

object

(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].

encryptionConfig.kmsKeyNameRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

encryptionConfig.kmsKeyNameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

encryptionConfig.kmsKeyNameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

initialUser

Optional

object

Initial user to setup during cluster creation.

initialUser.password

Required*

object

The initial password for the user.

initialUser.password.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

initialUser.password.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

initialUser.password.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

initialUser.password.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

initialUser.password.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

initialUser.user

Optional

string

The database username.

location

Required

string

Immutable. The location where the alloydb cluster should reside.

maintenanceUpdatePolicy

Optional

object

MaintenanceUpdatePolicy defines the policy for system updates.

maintenanceUpdatePolicy.maintenanceWindows

Optional

list (object)

Preferred windows to perform maintenance. Currently limited to 1.

maintenanceUpdatePolicy.maintenanceWindows[]

Optional

object

maintenanceUpdatePolicy.maintenanceWindows[].day

Required*

string

Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].

maintenanceUpdatePolicy.maintenanceWindows[].startTime

Required*

object

Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time.

maintenanceUpdatePolicy.maintenanceWindows[].startTime.hours

Required*

integer

Hours of day in 24 hour format. Should be from 0 to 23.

maintenanceUpdatePolicy.maintenanceWindows[].startTime.minutes

Optional

integer

Minutes of hour of day. Currently, only the value 0 is supported.

maintenanceUpdatePolicy.maintenanceWindows[].startTime.nanos

Optional

integer

Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.

maintenanceUpdatePolicy.maintenanceWindows[].startTime.seconds

Optional

integer

Seconds of minutes of the time. Currently, only the value 0 is supported.

networkConfig

Optional

object

Metadata related to network configuration.

networkConfig.allocatedIpRange

Optional

string

The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". If set, the instance IPs for this cluster will be created in the allocated range.

networkConfig.networkRef

Optional

object

(Required) The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: projects/{project}/global/networks/{network_id}.

networkConfig.networkRef.external

Optional

string

Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.

networkConfig.networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkConfig.networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkRef

Optional

object

(Required) The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: projects/{project}/global/networks/{network_id}.

networkRef.external

Optional

string

Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.

networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

projectRef

Required

object

The project that this resource belongs to.

projectRef.external

Optional

string

Allowed value: The `name` field of a `Project` resource.

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The clusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

restoreBackupSource

Optional

object

Immutable. The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.

restoreBackupSource.backupNameRef

Required*

object

(Required) The name of the backup that this cluster is restored from.

restoreBackupSource.backupNameRef.external

Optional

string

Allowed value: The `name` field of an `AlloyDBBackup` resource.

restoreBackupSource.backupNameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

restoreBackupSource.backupNameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

restoreContinuousBackupSource

Optional

object

Immutable. The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.

restoreContinuousBackupSource.clusterRef

Required*

object

(Required) The name of the source cluster that this cluster is restored from.

restoreContinuousBackupSource.clusterRef.external

Optional

string

Allowed value: The `name` field of an `AlloyDBCluster` resource.

restoreContinuousBackupSource.clusterRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

restoreContinuousBackupSource.clusterRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

restoreContinuousBackupSource.pointInTime

Required*

string

Immutable. The point in time that this cluster is restored to, in RFC 3339 format.

secondaryConfig

Optional

object

Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.

secondaryConfig.primaryClusterNameRef

Required*

object

Name of the primary cluster must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}'

secondaryConfig.primaryClusterNameRef.external

Optional

string

Allowed value: The `name` field of an `AlloyDBCluster` resource.

secondaryConfig.primaryClusterNameRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

secondaryConfig.primaryClusterNameRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema

backupSource:
- backupName: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
continuousBackupInfo:
- earliestRestorableTime: string
  enabledTime: string
  encryptionInfo:
  - encryptionType: string
    kmsKeyVersions:
    - string
  schedule:
  - string
databaseVersion: string
encryptionInfo:
- encryptionType: string
  kmsKeyVersions:
  - string
migrationSource:
- hostPort: string
  referenceId: string
  sourceType: string
name: string
observedGeneration: integer
observedState:
  clusterType: string
uid: string
Fields
backupSource

list (object)

Cluster created from backup.

backupSource[]

object

backupSource[].backupName

string

The name of the backup resource.

conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

continuousBackupInfo

list (object)

ContinuousBackupInfo describes the continuous backup properties of a cluster.

continuousBackupInfo[]

object

continuousBackupInfo[].earliestRestorableTime

string

The earliest restorable time that can be restored to. Output only field.

continuousBackupInfo[].enabledTime

string

When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled.

continuousBackupInfo[].encryptionInfo

list (object)

Output only. The encryption information for the WALs and backups required for ContinuousBackup.

continuousBackupInfo[].encryptionInfo[]

object

continuousBackupInfo[].encryptionInfo[].encryptionType

string

Output only. Type of encryption.

continuousBackupInfo[].encryptionInfo[].kmsKeyVersions

list (string)

Output only. Cloud KMS key versions that are being used to protect the database or the backup.

continuousBackupInfo[].encryptionInfo[].kmsKeyVersions[]

string

continuousBackupInfo[].schedule

list (string)

Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request.

continuousBackupInfo[].schedule[]

string

databaseVersion

string

The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.

encryptionInfo

list (object)

EncryptionInfo describes the encryption information of a cluster or a backup.

encryptionInfo[]

object

encryptionInfo[].encryptionType

string

Output only. Type of encryption.

encryptionInfo[].kmsKeyVersions

list (string)

Output only. Cloud KMS key versions that are being used to protect the database or the backup.

encryptionInfo[].kmsKeyVersions[]

string

migrationSource

list (object)

Cluster created via DMS migration.

migrationSource[]

object

migrationSource[].hostPort

string

The host and port of the on-premises instance in host:port format.

migrationSource[].referenceId

string

Place holder for the external source identifier(e.g DMS job name) that created the cluster.

migrationSource[].sourceType

string

Type of migration source.

name

string

The name of the cluster resource.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

observedState

object

The observed state of the underlying GCP resource.

observedState.clusterType

string

The type of cluster. If not set, defaults to PRIMARY. Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].

uid

string

The system-generated UID of the resource.

Sample YAML(s)

Regular Cluster

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
  name: alloydbcluster-sample-regular
spec:
  location: asia-south2
  networkConfig:
    networkRef: 
      name: alloydbcluster-dep-regular
  projectRef:
    external: ${PROJECT_ID?}
  automatedBackupPolicy:
    backupWindow: 3600s
    encryptionConfig:
      kmsKeyNameRef: 
        name: alloydbcluster-dep-regular
    enabled: true
    labels:
      source: kcc
    location: asia-south2
    timeBasedRetention:
      retentionPeriod: 43200s
    weeklySchedule:
      daysOfWeek: [MONDAY]
      startTimes: 
        - hours: 4
          minutes: 0
          seconds: 0
          nanos: 0
  encryptionConfig:
    kmsKeyNameRef: 
      name: alloydbcluster-dep-regular
  maintenanceUpdatePolicy:
    maintenanceWindows:
      - day: WEDNESDAY
        startTime:
          hours: 12
          minutes: 0
          seconds: 0
          nanos: 0
  initialUser:
    user: "postgres"
    password:
      value: "Postgres123"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: alloydbcluster-dep-regular
spec:
  location: global
  addressType: INTERNAL
  networkRef:
    name: alloydbcluster-dep-regular
  prefixLength: 16
  purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: alloydbcluster-dep-regular
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: alloydbcluster-dep-regular
spec:
  resourceRef:
    apiVersion: kms.cnrm.cloud.google.com/v1beta1
    kind: KMSCryptoKey
    name: alloydbcluster-dep-regular
  bindings:
    - role: roles/cloudkms.cryptoKeyEncrypterDecrypter
      members:
        - memberFrom:
            serviceIdentityRef:
              name: alloydbcluster-dep-regular
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
  labels:
    source: kcc-alloydbcluster-sample
  name: alloydbcluster-dep-regular
spec:
  keyRingRef:
    name: alloydbcluster-dep-regular
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
  name: alloydbcluster-dep-regular
spec:
  location: asia-south2
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
  name: alloydbcluster-dep-regular
spec:
  networkRef:
    name: alloydbcluster-dep-regular
  reservedPeeringRanges:
  - external: alloydbcluster-dep-regular
  service: servicenetworking.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
  name: alloydbcluster-dep-regular
spec:
  projectRef:
    external: ${PROJECT_ID?}
  resourceID: alloydb.googleapis.com

Restored From Backup Cluster

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
  name: alloydbcluster-dep-restoredfrombackup
spec:
  location: asia-south1
  networkConfig:
    networkRef: 
      name: alloydbcluster-dep-restoredfrombackup
  projectRef:
    external: ${PROJECT_ID?}
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
  name: alloydbcluster-sample-restoredfrombackup
spec:
  location: asia-south1
  networkConfig:
    networkRef: 
      name: alloydbcluster-dep-restoredfrombackup
  projectRef:
    external: ${PROJECT_ID?}
  restoreBackupSource:
    backupNameRef:
      name: alloydbcluster-dep-restoredfrombackup
  
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBBackup
metadata:
  name: alloydbcluster-dep-restoredfrombackup
spec:
  clusterNameRef: 
    name: alloydbcluster-dep-restoredfrombackup
  location: asia-south1
  projectRef:
    external: ${PROJECT_ID?}
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBInstance
metadata:
  name: alloydbcluster-dep-restoredfrombackup
spec:
  clusterRef: 
    name: alloydbcluster-dep-restoredfrombackup
  instanceTypeRef:
    name: alloydbbackup-dep-restoredfrombackup
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: alloydbcluster-dep-restoredfrombackup
spec:
  location: global
  addressType: INTERNAL
  networkRef:
    name: alloydbcluster-dep-restoredfrombackup
  prefixLength: 16
  purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: alloydbcluster-dep-restoredfrombackup
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
  name: alloydbcluster-dep-restoredfrombackup
spec:
  networkRef:
    name: alloydbcluster-dep-restoredfrombackup
  reservedPeeringRanges:
  - external: alloydbcluster-dep-restoredfrombackup
  service: servicenetworking.googleapis.com

Secondary Cluster

# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
  name: alloydbcluster-dep-secondary
spec:
  location: australia-southeast1
  networkConfig:
    networkRef: 
      name: alloydbcluster-dep-secondary
  projectRef:
    external: ${PROJECT_ID?}
  encryptionConfig:
    kmsKeyNameRef:
      name: alloydbcluster-dep1-secondary
  initialUser:
    user: "postgres"
    password:
      value: "postgres"
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
  name: alloydbcluster-sample-secondary
spec:
  location: australia-southeast2
  networkConfig:
    networkRef: 
      name: alloydbcluster-dep-secondary
  projectRef:
    external: ${PROJECT_ID?}
  encryptionConfig:
    kmsKeyNameRef:
      name: alloydbcluster-dep2-secondary
  clusterType: "SECONDARY"
  secondaryConfig:
    primaryClusterNameRef:
      name: alloydbcluster-dep-secondary
  deletionPolicy: "FORCE"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: alloydbcluster-dep-secondary
spec:
  location: global
  addressType: INTERNAL
  networkRef:
    name: alloydbcluster-dep-secondary
  prefixLength: 16
  purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: alloydbcluster-dep-secondary
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: alloydbcluster-dep1-secondary
spec:
  resourceRef:
    apiVersion: kms.cnrm.cloud.google.com/v1beta1
    kind: KMSCryptoKey
    name: alloydbcluster-dep1-secondary
  bindings:
    - role: roles/cloudkms.cryptoKeyEncrypterDecrypter
      members:
        - memberFrom:
            serviceIdentityRef:
              name: alloydbcluster-dep1-secondary
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: alloydbcluster-dep2-secondary
spec:
  resourceRef:
    apiVersion: kms.cnrm.cloud.google.com/v1beta1
    kind: KMSCryptoKey
    name: alloydbcluster-dep2-secondary
  bindings:
    - role: roles/cloudkms.cryptoKeyEncrypterDecrypter
      members:
        - memberFrom:
            serviceIdentityRef:
              name: alloydbcluster-dep2-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
  name: alloydbcluster-dep1-secondary
spec:
  keyRingRef:
    name: alloydbcluster-dep1-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
  name: alloydbcluster-dep2-secondary
spec:
  keyRingRef:
    name: alloydbcluster-dep2-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
  name: alloydbcluster-dep1-secondary
spec:
  location: australia-southeast1
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
  name: alloydbcluster-dep2-secondary
spec:
  location: australia-southeast2
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
  name: alloydbcluster-dep-secondary
spec:
  networkRef:
    name: alloydbcluster-dep-secondary
  reservedPeeringRanges:
  - external: alloydbcluster-dep-secondary
  service: servicenetworking.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
  name: alloydbcluster-dep1-secondary
spec:
  projectRef:
    external: ${PROJECT_ID?}
  resourceID: alloydb.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
  name: alloydbcluster-dep2-secondary
spec:
  projectRef:
    external: ${PROJECT_ID?}
  resourceID: alloydb.googleapis.com