AlloyDBCluster
Property | Value |
---|---|
Google Cloud Service Name | AlloyDB for PostgreSQL |
Google Cloud Service Documentation | /alloydb/docs/ |
Google Cloud REST Resource Name | v1.projects.locations.clusters |
Google Cloud REST Resource Documentation | /alloydb/docs/reference/rest/v1/projects.locations.clusters |
Config Connector Resource Short Names | gcpalloydbcluster gcpalloydbclusters alloydbcluster |
Config Connector Service Name | alloydb.googleapis.com |
Config Connector Resource Fully Qualified Name | alloydbclusters.alloydb.cnrm.cloud.google.com |
Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
automatedBackupPolicy:
backupWindow: string
enabled: boolean
encryptionConfig:
kmsKeyNameRef:
external: string
name: string
namespace: string
labels:
string: string
location: string
quantityBasedRetention:
count: integer
timeBasedRetention:
retentionPeriod: string
weeklySchedule:
daysOfWeek:
- string
startTimes:
- hours: integer
minutes: integer
nanos: integer
seconds: integer
clusterType: string
continuousBackupConfig:
enabled: boolean
encryptionConfig:
kmsKeyNameRef:
external: string
name: string
namespace: string
recoveryWindowDays: integer
deletionPolicy: string
displayName: string
encryptionConfig:
kmsKeyNameRef:
external: string
name: string
namespace: string
initialUser:
password:
value: string
valueFrom:
secretKeyRef:
key: string
name: string
user: string
location: string
maintenanceUpdatePolicy:
maintenanceWindows:
- day: string
startTime:
hours: integer
minutes: integer
nanos: integer
seconds: integer
networkConfig:
allocatedIpRange: string
networkRef:
external: string
name: string
namespace: string
networkRef:
external: string
name: string
namespace: string
projectRef:
external: string
name: string
namespace: string
resourceID: string
restoreBackupSource:
backupNameRef:
external: string
name: string
namespace: string
restoreContinuousBackupSource:
clusterRef:
external: string
name: string
namespace: string
pointInTime: string
secondaryConfig:
primaryClusterNameRef:
external: string
name: string
namespace: string
Fields | |
---|---|
Optional |
The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. |
Optional |
The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". |
Optional |
Whether automated backups are enabled. |
Optional |
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). |
Optional |
(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. |
Optional |
Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
Labels to apply to backups created using this configuration. |
Optional |
The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster. |
Optional |
Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together. |
Optional |
The number of backups to retain. |
Optional |
Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together. |
Optional |
The retention period. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". |
Optional |
Weekly schedule for the Backup. |
Optional |
The days of the week to perform a backup. At least one day of the week must be provided. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. |
Optional |
|
Required* |
The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00). |
Required* |
|
Optional |
Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
Optional |
Minutes of hour of day. Currently, only the value 0 is supported. |
Optional |
Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. |
Optional |
Seconds of minutes of the time. Currently, only the value 0 is supported. |
Optional |
The type of cluster. If not set, defaults to PRIMARY. Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"]. |
Optional |
The continuous backup config for this cluster. If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. |
Optional |
Whether continuous backup recovery is enabled. If not set, defaults to true. |
Optional |
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). |
Optional |
(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. |
Optional |
Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. If not set, defaults to 14 days. |
Optional |
Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. |
Optional |
User-settable and human-readable display name for the Cluster. |
Optional |
EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). |
Optional |
(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. |
Optional |
Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
Initial user to setup during cluster creation. |
Required* |
The initial password for the user. |
Optional |
Value of the field. Cannot be used if 'valueFrom' is specified. |
Optional |
Source for the field's value. Cannot be used if 'value' is specified. |
Optional |
Reference to a value with the given key in the given Secret in the resource's namespace. |
Required* |
Key that identifies the value to be extracted. |
Required* |
Name of the Secret to extract a value from. |
Optional |
The database username. |
Required |
Immutable. The location where the alloydb cluster should reside. |
Optional |
MaintenanceUpdatePolicy defines the policy for system updates. |
Optional |
Preferred windows to perform maintenance. Currently limited to 1. |
Optional |
|
Required* |
Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. |
Required* |
Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. |
Required* |
Hours of day in 24 hour format. Should be from 0 to 23. |
Optional |
Minutes of hour of day. Currently, only the value 0 is supported. |
Optional |
Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. |
Optional |
Seconds of minutes of the time. Currently, only the value 0 is supported. |
Optional |
Metadata related to network configuration. |
Optional |
The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". If set, the instance IPs for this cluster will be created in the allocated range. |
Optional |
(Required) The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: projects/{project}/global/networks/{network_id}. |
Optional |
Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
(Required) The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: projects/{project}/global/networks/{network_id}. |
Optional |
Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Required |
The project that this resource belongs to. |
Optional |
Allowed value: The `name` field of a `Project` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
Immutable. Optional. The clusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
Optional |
Immutable. The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. |
Required* |
(Required) The name of the backup that this cluster is restored from. |
Optional |
Allowed value: The `name` field of an `AlloyDBBackup` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
Immutable. The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. |
Required* |
(Required) The name of the source cluster that this cluster is restored from. |
Optional |
Allowed value: The `name` field of an `AlloyDBCluster` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Required* |
Immutable. The point in time that this cluster is restored to, in RFC 3339 format. |
Optional |
Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. |
Required* |
Name of the primary cluster must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}' |
Optional |
Allowed value: The `name` field of an `AlloyDBCluster` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
* Field is required when parent field is specified
Status
Schema
backupSource:
- backupName: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
continuousBackupInfo:
- earliestRestorableTime: string
enabledTime: string
encryptionInfo:
- encryptionType: string
kmsKeyVersions:
- string
schedule:
- string
databaseVersion: string
encryptionInfo:
- encryptionType: string
kmsKeyVersions:
- string
migrationSource:
- hostPort: string
referenceId: string
sourceType: string
name: string
observedGeneration: integer
observedState:
clusterType: string
uid: string
Fields | |
---|---|
backupSource |
Cluster created from backup. |
backupSource[] |
|
backupSource[].backupName |
The name of the backup resource. |
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
continuousBackupInfo |
ContinuousBackupInfo describes the continuous backup properties of a cluster. |
continuousBackupInfo[] |
|
continuousBackupInfo[].earliestRestorableTime |
The earliest restorable time that can be restored to. Output only field. |
continuousBackupInfo[].enabledTime |
When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled. |
continuousBackupInfo[].encryptionInfo |
Output only. The encryption information for the WALs and backups required for ContinuousBackup. |
continuousBackupInfo[].encryptionInfo[] |
|
continuousBackupInfo[].encryptionInfo[].encryptionType |
Output only. Type of encryption. |
continuousBackupInfo[].encryptionInfo[].kmsKeyVersions |
Output only. Cloud KMS key versions that are being used to protect the database or the backup. |
continuousBackupInfo[].encryptionInfo[].kmsKeyVersions[] |
|
continuousBackupInfo[].schedule |
Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request. |
continuousBackupInfo[].schedule[] |
|
databaseVersion |
The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. |
encryptionInfo |
EncryptionInfo describes the encryption information of a cluster or a backup. |
encryptionInfo[] |
|
encryptionInfo[].encryptionType |
Output only. Type of encryption. |
encryptionInfo[].kmsKeyVersions |
Output only. Cloud KMS key versions that are being used to protect the database or the backup. |
encryptionInfo[].kmsKeyVersions[] |
|
migrationSource |
Cluster created via DMS migration. |
migrationSource[] |
|
migrationSource[].hostPort |
The host and port of the on-premises instance in host:port format. |
migrationSource[].referenceId |
Place holder for the external source identifier(e.g DMS job name) that created the cluster. |
migrationSource[].sourceType |
Type of migration source. |
name |
The name of the cluster resource. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
observedState |
The observed state of the underlying GCP resource. |
observedState.clusterType |
The type of cluster. If not set, defaults to PRIMARY. Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"]. |
uid |
The system-generated UID of the resource. |
Sample YAML(s)
Regular Cluster
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
name: alloydbcluster-sample-regular
spec:
location: asia-south2
networkConfig:
networkRef:
name: alloydbcluster-dep-regular
projectRef:
external: ${PROJECT_ID?}
automatedBackupPolicy:
backupWindow: 3600s
encryptionConfig:
kmsKeyNameRef:
name: alloydbcluster-dep-regular
enabled: true
labels:
source: kcc
location: asia-south2
timeBasedRetention:
retentionPeriod: 43200s
weeklySchedule:
daysOfWeek: [MONDAY]
startTimes:
- hours: 4
minutes: 0
seconds: 0
nanos: 0
encryptionConfig:
kmsKeyNameRef:
name: alloydbcluster-dep-regular
maintenanceUpdatePolicy:
maintenanceWindows:
- day: WEDNESDAY
startTime:
hours: 12
minutes: 0
seconds: 0
nanos: 0
initialUser:
user: "postgres"
password:
value: "Postgres123"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: alloydbcluster-dep-regular
spec:
location: global
addressType: INTERNAL
networkRef:
name: alloydbcluster-dep-regular
prefixLength: 16
purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: alloydbcluster-dep-regular
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
name: alloydbcluster-dep-regular
spec:
resourceRef:
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
name: alloydbcluster-dep-regular
bindings:
- role: roles/cloudkms.cryptoKeyEncrypterDecrypter
members:
- memberFrom:
serviceIdentityRef:
name: alloydbcluster-dep-regular
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
labels:
source: kcc-alloydbcluster-sample
name: alloydbcluster-dep-regular
spec:
keyRingRef:
name: alloydbcluster-dep-regular
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
name: alloydbcluster-dep-regular
spec:
location: asia-south2
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
name: alloydbcluster-dep-regular
spec:
networkRef:
name: alloydbcluster-dep-regular
reservedPeeringRanges:
- external: alloydbcluster-dep-regular
service: servicenetworking.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
name: alloydbcluster-dep-regular
spec:
projectRef:
external: ${PROJECT_ID?}
resourceID: alloydb.googleapis.com
Restored From Backup Cluster
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
name: alloydbcluster-dep-restoredfrombackup
spec:
location: asia-south1
networkConfig:
networkRef:
name: alloydbcluster-dep-restoredfrombackup
projectRef:
external: ${PROJECT_ID?}
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
name: alloydbcluster-sample-restoredfrombackup
spec:
location: asia-south1
networkConfig:
networkRef:
name: alloydbcluster-dep-restoredfrombackup
projectRef:
external: ${PROJECT_ID?}
restoreBackupSource:
backupNameRef:
name: alloydbcluster-dep-restoredfrombackup
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBBackup
metadata:
name: alloydbcluster-dep-restoredfrombackup
spec:
clusterNameRef:
name: alloydbcluster-dep-restoredfrombackup
location: asia-south1
projectRef:
external: ${PROJECT_ID?}
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBInstance
metadata:
name: alloydbcluster-dep-restoredfrombackup
spec:
clusterRef:
name: alloydbcluster-dep-restoredfrombackup
instanceTypeRef:
name: alloydbbackup-dep-restoredfrombackup
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: alloydbcluster-dep-restoredfrombackup
spec:
location: global
addressType: INTERNAL
networkRef:
name: alloydbcluster-dep-restoredfrombackup
prefixLength: 16
purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: alloydbcluster-dep-restoredfrombackup
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
name: alloydbcluster-dep-restoredfrombackup
spec:
networkRef:
name: alloydbcluster-dep-restoredfrombackup
reservedPeeringRanges:
- external: alloydbcluster-dep-restoredfrombackup
service: servicenetworking.googleapis.com
Secondary Cluster
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
name: alloydbcluster-dep-secondary
spec:
location: australia-southeast1
networkConfig:
networkRef:
name: alloydbcluster-dep-secondary
projectRef:
external: ${PROJECT_ID?}
encryptionConfig:
kmsKeyNameRef:
name: alloydbcluster-dep1-secondary
initialUser:
user: "postgres"
password:
value: "postgres"
---
apiVersion: alloydb.cnrm.cloud.google.com/v1beta1
kind: AlloyDBCluster
metadata:
name: alloydbcluster-sample-secondary
spec:
location: australia-southeast2
networkConfig:
networkRef:
name: alloydbcluster-dep-secondary
projectRef:
external: ${PROJECT_ID?}
encryptionConfig:
kmsKeyNameRef:
name: alloydbcluster-dep2-secondary
clusterType: "SECONDARY"
secondaryConfig:
primaryClusterNameRef:
name: alloydbcluster-dep-secondary
deletionPolicy: "FORCE"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: alloydbcluster-dep-secondary
spec:
location: global
addressType: INTERNAL
networkRef:
name: alloydbcluster-dep-secondary
prefixLength: 16
purpose: VPC_PEERING
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: alloydbcluster-dep-secondary
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
name: alloydbcluster-dep1-secondary
spec:
resourceRef:
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
name: alloydbcluster-dep1-secondary
bindings:
- role: roles/cloudkms.cryptoKeyEncrypterDecrypter
members:
- memberFrom:
serviceIdentityRef:
name: alloydbcluster-dep1-secondary
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
name: alloydbcluster-dep2-secondary
spec:
resourceRef:
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
name: alloydbcluster-dep2-secondary
bindings:
- role: roles/cloudkms.cryptoKeyEncrypterDecrypter
members:
- memberFrom:
serviceIdentityRef:
name: alloydbcluster-dep2-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
name: alloydbcluster-dep1-secondary
spec:
keyRingRef:
name: alloydbcluster-dep1-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
name: alloydbcluster-dep2-secondary
spec:
keyRingRef:
name: alloydbcluster-dep2-secondary
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
name: alloydbcluster-dep1-secondary
spec:
location: australia-southeast1
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
name: alloydbcluster-dep2-secondary
spec:
location: australia-southeast2
---
apiVersion: servicenetworking.cnrm.cloud.google.com/v1beta1
kind: ServiceNetworkingConnection
metadata:
name: alloydbcluster-dep-secondary
spec:
networkRef:
name: alloydbcluster-dep-secondary
reservedPeeringRanges:
- external: alloydbcluster-dep-secondary
service: servicenetworking.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
name: alloydbcluster-dep1-secondary
spec:
projectRef:
external: ${PROJECT_ID?}
resourceID: alloydb.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: ServiceIdentity
metadata:
name: alloydbcluster-dep2-secondary
spec:
projectRef:
external: ${PROJECT_ID?}
resourceID: alloydb.googleapis.com