Expanding the configuration of GKE Backup.

modules/beta-private-cluster-update-variant/gke_backup.tf

@@ -0,0 +1,32 @@
+# Add backup plan resources outside the cluster resource
+resource "google_gke_backup_backup_plan" "this" {
+  for_each = {
+    for plan in try(var.gke_backup_agent_config.backup_plans, []) :
+    plan.name => plan
+    if try(var.gke_backup_agent_config.enabled, false)
+  }
+
+  name     = each.value.name
+  location = each.value.location
+  cluster  = each.value.cluster
+
+  description = try(each.value.description, null)
+  labels      = try(each.value.labels, null)
+
+  dynamic "retention_policy" {
+    for_each = each.value.retention_policy != null ? [each.value.retention_policy] : []
+    content {
+      backup_delete_lock_days = try(retention_policy.value.backup_delete_lock_days, null)
+      backup_retain_days      = try(retention_policy.value.backup_retain_days, null)
+      locked                  = try(retention_policy.value.locked, null)
+    }
+  }
+
+  dynamic "schedule" {
+    for_each = each.value.schedule != null ? [each.value.schedule] : []
+    content {
+      cron_schedule = schedule.value.cron_schedule
+      paused        = try(schedule.value.paused, null)
+    }
+  }
+}

modules/beta-private-cluster-update-variant/outputs.tf

@@ -238,3 +238,18 @@ output "fleet_membership" {
   description = "Fleet membership (if registered)"
   value       = local.fleet_membership
 }
+
+output "gke_backup_agent_config_enabled" {
+  value = var.gke_backup_agent_config.enabled
+  description = "Whether the Backup for GKE agent is enabled."
+}
+
+output "gke_backup_backup_plan_ids" {
+  value = { for k, v in google_gke_backup_backup_plan.this : k => v.id }
+  description = "IDs of created Backup for GKE backup plans."
+}
+
+output "gke_backup_backup_plan_names" {
+  value = { for k, v in google_gke_backup_backup_plan.this : k => v.name }
+  description = "Names of created Backup for GKE backup plans."
+}

modules/beta-private-cluster-update-variant/variables.tf

@@ -875,9 +875,30 @@ variable "gcs_fuse_csi_driver" {
   default     = false
 }
 variable "gke_backup_agent_config" {
-  type        = bool
-  description = "Whether Backup for GKE agent is enabled for this cluster."
-  default     = false
+  description = "Config for Backup for GKE add-on and backup plans"
+  type = object({
+    enabled      = bool
+    backup_plans = optional(list(object({
+      name        = string
+      location    = string
+      cluster     = string
+      description = optional(string)
+      labels      = optional(map(string))
+      retention_policy = optional(object({
+        backup_delete_lock_days = optional(number)
+        backup_retain_days      = optional(number)
+        locked                  = optional(bool)
+      }))
+      schedule = optional(object({
+        cron_schedule = string
+        paused        = optional(bool)
+      }))
+    })), [])
+  })
+  default = {
+    enabled      = false
+    backup_plans = []
+  }
 }
 
 variable "stateful_ha" {