Setting up automatic policy assignment

You can set up automatic assignment of policies to instances, Google Kubernetes Engine (GKE) applications, or buckets by using one of the following methods:

Resources Method 1 Method 2

Instances

Resources	Method 1	Method 2
Instances	By first adding labels (preferred) or custom metadata tags to instances in Google Compute Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.	By adding the `hycu-policy` tag to instances in Google Compute Engine, applications in Google Kubernetes Engine, or buckets in Google Cloud Storage. Use the following name/value pair: Name: `hycu-policy` Value: <PolicyName> In this case, <PolicyName> is the name of a HYCU for Google Cloud policy (for example, Gold).
GKE applications	By first adding metadata labels to applications in Google Kubernetes Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.
Buckets	By first adding bucket labels to buckets in Google Cloud Storage, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

By first adding labels (preferred) or custom metadata tags to instances in Google Compute Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

By adding the hycu-policy tag to instances in Google Compute Engine, applications in Google Kubernetes Engine, or buckets in Google Cloud Storage. Use the following name/value pair:

Name: hycu-policy

Value: <PolicyName>

In this case, <PolicyName> is the name of a HYCU for Google Cloud policy (for example, Gold).

GKE applications

By first adding metadata labels to applications in Google Kubernetes Engine, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

Buckets

By first adding bucket labels to buckets in Google Cloud Storage, and then specifying the corresponding label names and values in HYCU for Google Cloud policies. For details, see “Creating custom policies”.

The corresponding policies are automatically assigned to the instances, GKE applications, or buckets during the next instance, application, or bucket synchronization in HYCU for Google Cloud.

Prerequisites

All relevant prerequisites that apply also for manual policy assignment are fulfilled. For details, see “Backing up instances”.
For Google Kubernetes Engine applications: The resource objects for which you want to set up automatic policy assignment must be deployed as applications (the resource object of kind: Application is defined in the application deployment).

Considerations

Assigning policies automatically takes precedence over assigning policies manually or setting a default policy. This means that the label or the tag added to the preferred instance, GKE application, or bucket defines which policy is assigned to it, even if the same instance, application, or bucket already has an assigned policy.
If you want to assign a new policy to an instance, a GKE application, or a bucket for which automatic policy assignment has been set up, do one of the following:
- Define new tags or labels as described in this section.
- Assign the policy to the instance, the application, or the bucket as described in “Backing up instances”, “Backing up applications”, or “Backing up buckets”. In this case, the manually assigned policy will not be overridden by the automatically assigned one again.