Setting up automatic policy assignment

You can set up automatic assignment of policies to instances, Google Kubernetes Engine (GKE) applications, or buckets by using one of the following methods:

Resources Method 1 Method 2
Instances

By first adding labels (preferred) or custom metadata tags to instances in Google Compute Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

By adding the hycu-policy tag to instances in Google Compute Engine, applications in Google Kubernetes Engine, or buckets in Google Cloud Storage. Use the following name/value pair:

Name: hycu-policy

Value: <PolicyName>

In this case, <PolicyName> is the name of a HYCU for Google Cloud policy (for example, Gold).

GKE applications

By first adding metadata labels to applications in Google Kubernetes Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

Buckets

By first adding bucket labels to buckets in Google Cloud Storage, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

The corresponding policies are automatically assigned to the instances, GKE applications, or buckets during the next instance, application, or bucket synchronization in HYCU for Google Cloud.

Prerequisites

  • All relevant prerequisites that apply also for manual policy assignment are fulfilled. For details, see “Backing up instances”.

  • For Google Kubernetes Engine applications: The resource objects for which you want to set up automatic policy assignment must be deployed as applications (the resource object of kind: Application is defined in the application deployment).

Considerations

  • Assigning policies automatically takes precedence over assigning policies manually or setting a default policy. This means that the label or the tag added to the preferred instance, GKE application, or bucket defines which policy is assigned to it, even if the same instance, application, or bucket already has an assigned policy.
  • If you want to assign a new policy to an instance, a GKE application, or a bucket for which automatic policy assignment has been set up, do one of the following: