Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to create and manage backup plans for cluster workloads in Google Distributed Cloud (GDC) air-gapped.
Backup plans provide the configuration, location, and management functions for
a sequence of backups. A backup plan contains a backup configuration, including
the source cluster and the selection of workloads to back up. Google recommends
providing every cluster with at least one backup plan.
You can create one or more backup plans for each cluster. You might want to
partition the backups of your cluster for one of the following reasons:
Instead of having one very large backup taken at a single time of the day, you want
multiple smaller backups distributed throughout the day.
You want to back up some portions of your cluster more often than others,
such as daily backups for some namespaces and hourly backups for others.
A single cluster or virtual machine (VM) can belong to one or more backup plans.
A backup plan cannot span more than one cluster; however, a single backup plan
can capture multiple VMs if they exist in the same cluster. All backup
and restore resources must be associated with a project name.
Before you begin
To create a backup plan, you must have the following:
The necessary identity and access role:
User Cluster Backup Admin: manages backup resources such as backup and restore plans in user clusters. Ask your Organization IAM Admin to grant you the
User Cluster Backup Admin (user-cluster-backup-admin) role. For more information, see Role definitions.
If you are an Application Operator, ask your administrator that has User Cluster Backup Admin
privileges to create a backup plan for you.
Create a backup plan
We recommend that you define a cron schedule for the backup plan, so that
backups are automatically created according to that schedule. You can also
manually back up your workloads. For more information, see Create a manual backup.
Create backup plans using the GDC console or the API.
Console
Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Create Backup Plan.
In the Plan details section, complete the following steps and click
Continue:
In the Cluster list, select the cluster to back up.
In the Project list, select the project.
In the Backup plan name field, enter your chosen backup plan name.
(Optional) In Backup plan description enter a description for the backup plan.
In the Backup repo field, select a backup repository. Backup
repositories are a set of object storage implementations.
Click Next.
In the Scope and encryption section, complete the following steps
and click Continue:
Select one of the following scopes for the backup plan:
Click Entire cluster to back up all namespace resources in
the backup.
Click Selected namespaces within the cluster to choose the
namespaces in the backup to restore.
Click Edit Cluster Namespace and then Add Cluster
Namespace to enter a Namespace.
Click Selected protected applications within this cluster to
add resources by specifying the namespace and the application name.
Click Edit Protected Applications and then Add
Protected Application to enter a Namespace and
Protected Application.
Click Include Secrets to include Kubernetes Secret resources.
Click Include persistent volume data if you want the volume data
in your backup. Clear this checkbox if you want to create empty
volumes during the restore.
In the Schedule and retention section, complete the following steps
and click Continue:
To define a schedule, enter an expression using standard cron syntax
in the CRON string field. For example, the expression 10 3 * *
* creates a backup at 0310 every day. All times are interpreted as
UTC. The minimum interval between scheduled backups is 10 minutes.
In the Delete backups after field, set the number of days for which to
retain the backup. Once the number of days is reached, the
backup is automatically deleted.
Set the number of days during which backups cannot be deleted.
To lock the retention policy, click the lock icon to turn the lock
from Off to On.
Review the backup plan details and click Create Plan.
API
Create a ClusterBackupPlan custom resource in the cluster to schedule backups. A
backup plan periodically schedules backups based on the backupSchedule.
ClusterBackupPlan resources are namespace resources. Here's an example of a ClusterBackupPlan:
Replace PROJECT_NAME with the name of your GDC project.
This example includes the following values:
Value
Description
targetClusterName
The name of the cluster to back up.
targetClusterType
The type of the cluster to back up. For example, `UserCluster` and `ManagementAPI`.
backupSchedule
The schedule indicating how often to perform the backup.
cronSchedule: a crontab schedule indicating when to
schedule backups.
paused: If true, periodic backups are not scheduled.
clusterBackupConfig
Configuration details for the backups:
backupScope: Indicates which
resources are backed up. Specify one of the following:
allNamespaces: captures all resources in all
namespaces.
selectedNamespaces: captures resources in the list of
specified namespaces.
selectedApplication: captures resources defined by
protectedApplications.
clusterBackupRepositoryName: the target repository that stores the
backups. This must be imported as ReadWrite.
retentionPolicy
Determines how long backups persist in the
backupRepository.
backupDeleteLockDays: prevents deletion of the backup
for the number of days specified after backup creation.
backupRetainDays: deletes backups after the number of
days specified after backup creation.
Retention policies don't override the retention policies of the
storage location, nor can they exceed 90 days.
description
The description of the backup plan.
After a backup plan is created, backups are automatically created with the
specified backup configuration based on the backup schedule.
View a backup plan
View a backup plan using the GDC console:
Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project and select an organization or project depending on
your role:
User Cluster Backup Admin: Select an organization to see all backup
plans in an organization or select a project to see all backup plans in
a project.
Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click a backup plan in the list to view its details. Users with User Cluster
Backup Admin privileges can view all backup plans in the organization. Users
with the Backup Creator role can view all backup plans in the selected
project.
Edit a backup plan
Edit a backup plan using the GDC console:
Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on
your role:
User Cluster Backup Admin: Select an organization to see all backup
plans in an organization, or select a project to see all of the backup plans in
a project.
Backup Creator: Select a project to see all of the backup plans in a project.
Click the Backup Plans tab.
Click the name of the backup plan that you want to edit.
Click the Plan Configuration tab to view the fields that can be modified.
Click the edit Edit icon for Schedule and retention to edit that resource:
To update a schedule, enter an expression using standard cron syntax
in the CRON string field. For example, the expression 10 3 * * * creates a backup at 0310 every day. All times are interpreted as
UTC. The minimum interval between scheduled backups is 10 minutes.
In the Delete backups after field, set the number of days for which to
retain the backup. Once the number of days is reached, the
backup is automatically deleted.
In the Prevent deletion for field, set the number of days during which backups cannot be deleted.
To lock the retention policy, click the lock icon
from Off to On.
Click the Save button to confirm your changes.
Deactivate a backup plan
Deactivate a backup plan using the GDC console:
Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on
your role:
User Cluster Backup Admin: Select an organization to see all backup
plans in an organization or select a project to see all backup plans in
a project.
Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click the name of the backup plan you want to deactivate.
Click the Deactivate Plan button.
Enter the name of the backup plan you are deactivating into the field.
Click the Deactivate button to complete the deactivation of this backup plan.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eBackup plans in Google Distributed Cloud (GDC) air-gapped define the configuration, location, and management for a series of backups, allowing for multiple smaller backups throughout the day or differing backup frequencies for different parts of a cluster.\u003c/p\u003e\n"],["\u003cp\u003eEach cluster should have at least one backup plan, and a single cluster or virtual machine (VM) can be part of multiple backup plans, although a plan cannot span across multiple clusters.\u003c/p\u003e\n"],["\u003cp\u003eBackup plans can be created and managed through the GDC console or the API, with options to back up the entire cluster, specific namespaces, or selected applications, and the ability to include secrets and persistent volume data.\u003c/p\u003e\n"],["\u003cp\u003eBackup plans can be scheduled using cron syntax, and users can set retention policies for backups, including how long to keep backups and for how many days they are prevented from being deleted.\u003c/p\u003e\n"],["\u003cp\u003eBackup plans can be viewed, edited, and deactivated through the GDC console by users with the appropriate roles, with deactivation preventing future backups without deleting existing ones.\u003c/p\u003e\n"]]],[],null,["# Plan a set of backups\n\nThis page describes how to create and manage backup plans for cluster workloads in Google Distributed Cloud (GDC) air-gapped.\n\n*Backup plans* provide the configuration, location, and management functions for\na sequence of backups. A backup plan contains a backup configuration, including\nthe source cluster and the selection of workloads to back up. Google recommends\nproviding every cluster with at least one backup plan.\n\nYou can create one or more backup plans for each cluster. You might want to\npartition the backups of your cluster for one of the following reasons:\n\n- Instead of having one very large backup taken at a single time of the day, you want multiple smaller backups distributed throughout the day.\n- You want to back up some portions of your cluster more often than others, such as daily backups for some namespaces and hourly backups for others.\n\nA single cluster or virtual machine (VM) can belong to one or more backup plans.\nA backup plan cannot span more than one cluster; however, a single backup plan\ncan capture multiple VMs if they exist in the same cluster. All backup\nand restore resources must be associated with a project name.\n\nBefore you begin\n----------------\n\nTo create a backup plan, you must have the following:\n\n- The necessary identity and access role:\n - User Cluster Backup Admin: manages backup resources such as backup and restore plans in user clusters. Ask your Organization IAM Admin to grant you the User Cluster Backup Admin (`user-cluster-backup-admin`) role. For more information, see [Role definitions](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/iam/role-definitions).\n- If you are an Application Operator, ask your administrator that has User Cluster Backup Admin privileges to create a backup plan for you.\n\nCreate a backup plan\n--------------------\n\nWe recommend that you define a cron schedule for the backup plan, so that\nbackups are automatically created according to that schedule. You can also\nmanually back up your workloads. For more information, see [Create a manual backup](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/back-up-workloads#create-manual-backup).\n\nCreate backup plans using the GDC console or the API. \n\n### Console\n\n1. Sign in to the GDC console.\n2. In the navigation menu, click **Backup for Clusters**.\n3. Click **Create Backup Plan**.\n4. In the **Plan details** section, complete the following steps and click **Continue** :\n 1. In the **Cluster** list, select the cluster to back up.\n 2. In the **Project** list, select the project.\n 3. In the **Backup plan name** field, enter your chosen backup plan name.\n 4. (Optional) In **Backup plan description** enter a description for the backup plan.\n 5. In the **Backup repo** field, select a backup repository. Backup repositories are a set of object storage implementations.\n 6. Click **Next**.\n5. In the **Scope and encryption** section, complete the following steps\n and click **Continue**:\n\n 1. Select one of the following scopes for the backup plan:\n\n 1. Click **Entire cluster** to back up all namespace resources in the backup.\n 2. Click **Selected namespaces within the cluster** to choose the namespaces in the backup to restore.\n 1. Click **Edit Cluster Namespace** and then **Add Cluster\n Namespace** to enter a **Namespace**.\n 3. Click **Selected protected applications within this cluster** to add resources by specifying the namespace and the application name.\n 1. Click **Edit Protected Applications** and then **Add\n Protected Application** to enter a **Namespace** and **Protected Application**.\n 2. Click **Include Secrets** to include Kubernetes `Secret` resources.\n\n 3. Click **Include persistent volume data** if you want the volume data\n in your backup. Clear this checkbox if you want to create empty\n volumes during the restore.\n\n6. In the **Schedule and retention** section, complete the following steps\n and click **Continue**:\n\n 1. To define a schedule, enter an expression using standard cron syntax in the **CRON string** field. For example, the expression `10 3 * *\n *` creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.\n 2. In the **Delete backups after** field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.\n 3. Set the number of days during which backups cannot be deleted.\n 4. To lock the retention policy, click the lock icon to turn the lock from **Off** to **On**.\n7. Review the backup plan details and click **Create Plan**.\n\n### API\n\nCreate a `ClusterBackupPlan` custom resource in the cluster to schedule backups. A\nbackup plan periodically schedules backups based on the `backupSchedule`.\n`ClusterBackupPlan` resources are namespace resources. Here's an example of a `ClusterBackupPlan`: \n\n apiVersion: backup.gdc.goog/v1\n kind: ClusterBackupPlan\n metadata:\n name: backup-plan\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003ePROJECT_NAME\u003c/span\u003e\u003c/var\u003e\n spec:\n targetCluster:\n targetClusterType: UserCluster\n targetClusterName:\n kind: \"Cluster\"\n name: \"cluster-sample\"\n backupSchedule:\n cronSchedule: \"*/30 * * * *\"\n paused: false\n clusterBackupConfig:\n backupScope:\n selectedNamespaces:\n namespaces: [\"nginx\"]\n clusterBackupRepositoryName: backup-repository\n retentionPolicy:\n backupDeleteLockDays: 10\n backupRetainDays: 10\n\nReplace \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e with the name of your GDC project.\n\nThis example includes the following values:\n\nAfter a backup plan is created, backups are automatically created with the\nspecified backup configuration based on the backup schedule.\n\nView a backup plan\n------------------\n\nView a backup plan using the GDC console:\n\n1. Sign in to the GDC console.\n2. In the navigation menu, click **Backup for Clusters**.\n3. Click **Select project** and select an organization or project depending on your role:\n - User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.\n - Backup Creator: Select a project to see all backup plans in a project.\n4. Click the **Backup Plans** tab.\n5. Click a backup plan in the list to view its details. Users with User Cluster Backup Admin privileges can view all backup plans in the organization. Users with the Backup Creator role can view all backup plans in the selected project.\n\nEdit a backup plan\n------------------\n\nEdit a backup plan using the GDC console:\n\n1. Sign in to the GDC console.\n2. In the navigation menu, click **Backup for Clusters**.\n3. Click **Select project** , and select an organization or project depending on your role:\n - User Cluster Backup Admin: Select an organization to see all backup plans in an organization, or select a project to see all of the backup plans in a project.\n - Backup Creator: Select a project to see all of the backup plans in a project.\n4. Click the **Backup Plans** tab.\n5. Click the name of the backup plan that you want to edit.\n6. Click the **Plan Configuration** tab to view the fields that can be modified.\n7. Click the *edit* Edit icon for **Schedule and retention** to edit that resource:\n\n 1. To update a schedule, enter an expression using standard cron syntax in the **CRON string** field. For example, the expression `10 3 * * *` creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.\n 2. In the **Delete backups after** field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.\n 3. In the **Prevent deletion for** field, set the number of days during which backups cannot be deleted.\n\n | **Note:** If both fields are enabled, the value of the **Prevent deletion for** field must be less than the value of the **Delete backups after** field.\n 4. To lock the retention policy, click the lock icon\n from **Off** to **On**.\n\n | **Note:** Once the retention policy is locked, you won't be able to edit the retention policy of this backup plan again. You can only update the schedule.\n 5. Click the **Save** button to confirm your changes.\n\nDeactivate a backup plan\n------------------------\n\nDeactivate a backup plan using the GDC console:\n\n1. Sign in to the GDC console.\n2. In the navigation menu, click **Backup for Clusters**.\n3. Click **Select project** , and select an organization or project depending on your role:\n - User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.\n - Backup Creator: Select a project to see all backup plans in a project.\n4. Click the **Backup Plans** tab.\n5. Click the name of the backup plan you want to deactivate.\n6. Click the **Deactivate Plan** button.\n7. Enter the name of the backup plan you are deactivating into the field.\n8. Click the **Deactivate** button to complete the deactivation of this backup plan.\n\n | **Note:** This operation cannot be undone. Deactivating the backup plan does not delete the backups contained within it, but no new backups can be created automatically or manually.\n\nWhat's next\n-----------\n\n- [Back up your workloads](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/cluster-backup/back-up-workloads)"]]