Plan a set of backups

This page describes how to create and manage backup plans for cluster workloads in Google Distributed Cloud (GDC) air-gapped.

Backup plans provide the configuration, location, and management functions for a sequence of backups. A backup plan contains a backup configuration, including the source cluster and the selection of workloads to back up. Google recommends providing every cluster with at least one backup plan.

You can create one or more backup plans for each cluster. You might want to partition the backups of your cluster for one of the following reasons:

Instead of having one very large backup taken at a single time of the day, you want multiple smaller backups distributed throughout the day.
You want to back up some portions of your cluster more often than others, such as daily backups for some namespaces and hourly backups for others.

A single cluster or virtual machine (VM) can belong to one or more backup plans. A backup plan cannot span more than one cluster; however, a single backup plan can capture multiple VMs if they exist in the same cluster. All backup and restore resources must be associated with a project name.

Before you begin

To create a backup plan, you must have the following:

The necessary identity and access role:
- User Cluster Backup Admin: manages backup resources such as backup and restore plans in user clusters. Ask your Organization IAM Admin to grant you the User Cluster Backup Admin (user-cluster-backup-admin) role. For more information, see Role definitions.
If you are an Application Operator, ask your administrator that has User Cluster Backup Admin privileges to create a backup plan for you.

Create a backup plan

We recommend that you define a cron schedule for the backup plan, so that backups are automatically created according to that schedule. You can also manually back up your workloads. For more information, see Create a manual backup.

Create backup plans using the GDC console or the API.

Console

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Create Backup Plan.
In the Plan details section, complete the following steps and click Continue:
1. In the Cluster list, select the cluster to back up.
2. In the Project list, select the project.
3. In the Backup plan name field, enter your chosen backup plan name.
4. (Optional) In Backup plan description enter a description for the backup plan.
5. In the Backup repo field, select a backup repository. Backup repositories are a set of object storage implementations.
6. Click Next.
In the Scope and encryption section, complete the following steps and click Continue:
1. Select one of the following scopes for the backup plan:
  1. Click Entire cluster to back up all namespace resources in the backup.
  2. Click Selected namespaces within the cluster to choose the namespaces in the backup to restore.
    1. Click Edit Cluster Namespace and then Add Cluster Namespace to enter a Namespace.
  3. Click Selected protected applications within this cluster to add resources by specifying the namespace and the application name.
    1. Click Edit Protected Applications and then Add Protected Application to enter a Namespace and Protected Application.
2. Click Include Secrets to include Kubernetes Secret resources.
3. Click Include persistent volume data if you want the volume data in your backup. Clear this checkbox if you want to create empty volumes during the restore.
In the Schedule and retention section, complete the following steps and click Continue:
1. To define a schedule, enter an expression using standard cron syntax in the CRON string field. For example, the expression 10 3 * * * creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
2. In the Delete backups after field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.
3. Set the number of days during which backups cannot be deleted.
4. To lock the retention policy, click the lock icon to turn the lock from Off to On.
Review the backup plan details and click Create Plan.

API

Create a ClusterBackupPlan custom resource in the cluster to schedule backups. A backup plan periodically schedules backups based on the backupSchedule. ClusterBackupPlan resources are namespace resources. Here's an example of a ClusterBackupPlan:

apiVersion: backup.gdc.goog/v1
kind: ClusterBackupPlan
metadata:
  name: backup-plan
  namespace: PROJECT_NAME
spec:
  targetCluster:
    targetClusterType: UserCluster
    targetClusterName:
      kind: "Cluster"
      name: "cluster-sample"
  backupSchedule:
    cronSchedule: "*/30 * * * *"
    paused: false
  clusterBackupConfig:
    backupScope:
      selectedNamespaces:
        namespaces: ["nginx"]
    clusterBackupRepositoryName: backup-repository
  retentionPolicy:
    backupDeleteLockDays: 10
    backupRetainDays: 10

Replace PROJECT_NAME with the name of your GDC project.

This example includes the following values:

Value	Description
`targetClusterName`	The name of the cluster to back up.
`targetClusterType`	The type of the cluster to back up. For example, `UserCluster` and `ManagementAPI`.
`backupSchedule`	The schedule indicating how often to perform the backup. `cronSchedule:` a crontab schedule indicating when to schedule backups. `paused:` If `true`, periodic backups are not scheduled.
`clusterBackupConfig`	Configuration details for the backups: `backupScope:` Indicates which resources are backed up. Specify one of the following: `allNamespaces:` captures all resources in all namespaces. `selectedNamespaces:` captures resources in the list of specified namespaces. `selectedApplication:` captures resources defined by `protectedApplications`. `clusterBackupRepositoryName:` the target repository that stores the backups. This must be imported as `ReadWrite.`
`retentionPolicy`	Determines how long backups persist in the `backupRepository.` `backupDeleteLockDays:` prevents deletion of the backup for the number of days specified after backup creation. `backupRetainDays:` deletes backups after the number of days specified after backup creation. Retention policies don't override the retention policies of the storage location, nor can they exceed 90 days.
`description`	The description of the backup plan.

After a backup plan is created, backups are automatically created with the specified backup configuration based on the backup schedule.

View a backup plan

View a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.
- Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click a backup plan in the list to view its details. Users with User Cluster Backup Admin privileges can view all backup plans in the organization. Users with the Backup Creator role can view all backup plans in the selected project.

Edit a backup plan

Edit a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization, or select a project to see all of the backup plans in a project.
- Backup Creator: Select a project to see all of the backup plans in a project.
Click the Backup Plans tab.
Click the name of the backup plan that you want to edit.
Click the Plan Configuration tab to view the fields that can be modified.
Click the Edit icon for Schedule and retention to edit that resource:
1. To update a schedule, enter an expression using standard cron syntax in the CRON string field. For example, the expression 10 3 * * * creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
2. In the Delete backups after field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.
3. In the Prevent deletion for field, set the number of days during which backups cannot be deleted.
  
  Note: If both fields are enabled, the value of the Prevent deletion for field must be less than the value of the Delete backups after field.
4. To lock the retention policy, click the lock icon from Off to On.
  
  Note: Once the retention policy is locked, you won't be able to edit the retention policy of this backup plan again. You can only update the schedule.
5. Click the Save button to confirm your changes.

Deactivate a backup plan

Deactivate a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.
- Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click the name of the backup plan you want to deactivate.
Click the Deactivate Plan button.
Enter the name of the backup plan you are deactivating into the field.
Click the Deactivate button to complete the deactivation of this backup plan.

Note: This operation cannot be undone. Deactivating the backup plan does not delete the backups contained within it, but no new backups can be created automatically or manually.

What's next

Back up your workloads