Terraform implementation for AKS Backup & Restore

Question

I have started reading about AKS Backup from https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup

Understood that it requires below thing for implementation :

1. Create Backup Extension
  a. Storage Account
  b. Blob Container
  c. How to enable Trusted Access between Storage Account and backup extension using Terraform ?

2. Create Backup Vault
3. Create Backup policy
4. Configure Backup
5. How to Register Microsoft.kubernetesconfiguration resource provider at subscription level using terraform ?
6. How to enable CSI drivers and snapshots for the cluster using terraform ?

I am looking for Terraform implementation step by step for creating aks backup and configuring it.

//Terraform Code
resource "azurerm_kubernetes_cluster_extension" "azure_backup" {
  name           = "example-ext"
  cluster_id     = azurerm_kubernetes_cluster.example.id
  extension_type = "microsoft.flux"
}

What extension_type i should use for "AKS Backup" ?
How to define configuration_settings value ?
How to Register Microsoft.kubernetesconfiguration resource provider at subscription level using terraform ?

Answer 1

What extension_type i should use for "AKS Backup" ?

"Microsoft.DataProtection.Kubernetes"

How to define configuration_settings value ?

Example:

resource "azurerm_kubernetes_cluster_extension" "aks_extension" {
  name              = "aks-ext-name"
  cluster_id        = var.kubernetes_cluster_id
  extension_type    = "Microsoft.DataProtection.Kubernetes"
  release_train     = "stable"
  release_namespace = "dataprotection-microsoft"
  configuration_settings = {
    "configuration.backupStorageLocation.bucket"                = azurerm_storage_container.backup_storage_container.name
    "configuration.backupStorageLocation.config.resourceGroup"  = var.resource_group_name
    "configuration.backupStorageLocation.config.storageAccount" = azurerm_storage_account.backup_storage_account.name
    "configuration.backupStorageLocation.config.subscriptionId" = var.subscription_id
    "credentials.tenantId"                                      = var.tenant_id
  }
}

How to Register Microsoft.kubernetesconfiguration resource provider at subscription level using terraform ?

I assume you can use azurerm_kubernetes_cluster_extension for that as well.

there is good doc in this terraform module for overall setup at https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_instance_kubernetes_cluster