Stay organized with collections
Save and categorize content based on your preferences.
This page provides instructions for how to configure disaster recovery for
cluster workloads in Google Distributed Cloud (GDC) air-gapped.
As a Platform Administrator (PA), you must create a bucket, backup repository,
and a backup plan for a specified cluster.
Once these resources are created, you must inform an Infrastructure Operator
(IO) to complete the restore.
Before you begin
To configure disaster recovery for a cluster, you must have the following:
Access to the Kubernetes cluster you want to create the restore for. For more information, see Kubernetes cluster overview.
The necessary identity and access roles:
DR Backup Admin: performs disaster recovery backups. Ask your
Organization IAM Admin to grant you the DR Backup Admin
(dr-backup-admin) cluster role.
DR System Admin: manage objects in dr-system namespace for
setting up management cluster backups. Ask your Organization IAM Admin to
grant you the DR System Admin (dr-system-admin) role.
Create bucket on the backup site
Create a bucket on the backup site:
Use the gdcloud CLI to create a bucket in the backup site:
Modify the endpoint field in the configuration for the remote backup use case. Append port :8082 to the URL: For example, https://objectstorage.zone1.google.gdch.test becomes
https://objectstorage.zone1.google.gdch.test:8082.
Create backup repository on the source site
Create a backup repository by loading the bucket config file in the source site:
MANAGEMENT_BACKUP_PLAN_NAME: your chosen name for the backup plan.
resource on the infrastructure cluster management plane.
INFRASTRUCTURE_BACKUP_PLAN_NAME: your chosen name for the backup plan
resource on the infrastructure cluster control plane.
NAMESPACE_MP: the chosen namespace to backup in the Management API server.
NAMESPACE_CP: the chosen namespace to backup in the infrastructure API server.
These backup plans follow these rules:
Backs up the selected namespace every 24 hours. This frequency can be adjusted by modifying the cronSchedule field.
The backup includes volume data and uses a provisioner specific strategy.
A retention policy is set to keep backups for 40 days. You can adjust backupRetainDays and backupDeleteLockDays to meet your data retention policies.
Perform the restoration
You must escalate and instruct an Infrastructure Operator (IO) to perform the
restore on your behalf. Provide the necessary information such as the name of
the BackupRepository and BackupPlan resource. For more information on
audience groups in GDC, see
Documentation audiences.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis page guides Platform Administrators (PAs) through configuring disaster recovery for cluster workloads in Google Distributed Cloud (GDC) air-gapped environments.\u003c/p\u003e\n"],["\u003cp\u003ePAs must create a bucket, a backup repository linked to this bucket, and a backup plan to schedule regular backups for a specified cluster.\u003c/p\u003e\n"],["\u003cp\u003eConfiguring disaster recovery requires specific Kubernetes cluster access and the \u003ccode\u003edr-backup-admin-mp\u003c/code\u003e and \u003ccode\u003edr-system-admin-mp\u003c/code\u003e identity and access roles.\u003c/p\u003e\n"],["\u003cp\u003eOnce the bucket, repository, and plan are created, PAs need to inform an Infrastructure Operator (IO) to complete the restoration process.\u003c/p\u003e\n"],["\u003cp\u003eThe created backup plan will backup the specified namespace every ten minutes, include volume data using a local snapshot strategy, and has a retention policy set to retain backups for ten days.\u003c/p\u003e\n"]]],[],null,["# Configure disaster recovery for a cluster\n\nThis page provides instructions for how to configure disaster recovery for\ncluster workloads in Google Distributed Cloud (GDC) air-gapped.\n\nAs a Platform Administrator (PA), you must create a bucket, backup repository,\nand a backup plan for a specified cluster.\n\nOnce these resources are created, you must inform an Infrastructure Operator\n(IO) to complete the restore.\n\nBefore you begin\n----------------\n\nTo configure disaster recovery for a cluster, you must have the following:\n\n- Access to the Kubernetes cluster you want to create the restore for. For more information, see [Kubernetes cluster overview](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/clusters).\n- The necessary identity and access roles:\n - DR Backup Admin: performs disaster recovery backups. Ask your Organization IAM Admin to grant you the DR Backup Admin (`dr-backup-admin`) cluster role.\n - DR System Admin: manage objects in dr-system namespace for setting up management cluster backups. Ask your Organization IAM Admin to grant you the DR System Admin (`dr-system-admin`) role.\n\n### Create bucket on the backup site\n\nCreate a bucket on the backup site:\n\n1. Use the gdcloud CLI to create a bucket in the backup site:\n\n gdcloud dr buckets create --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e: the identifier of the source site as chosen by the customer. For example, `us-west`.\n - \u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e: the cluster name for the cluster such as `root-admin`.\n - \u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e: the path of saved bucket configuration file.\n2. Store the bucket configuration locally in JSON format:\n\n gdcloud dr buckets describe --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e \\\n --output-path=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n3. Modify the endpoint field in the configuration for the remote backup use case. Append port `:8082` to the URL: For example, `https://objectstorage.zone1.google.gdch.test` becomes\n `https://objectstorage.zone1.google.gdch.test:8082`.\n\n### Create backup repository on the source site\n\nCreate a backup repository by loading the bucket config file in the source site: \n\n gdcloud dr backup-repositories create\n --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e\n --bucket-config-file=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n### Create backup plans for infrastructure and Management API servers\n\nCreate a `BackupPlan` resource on both the infrastructure and Management control planes using `kubectl`: \n\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-mp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n ---\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-cp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan. resource on the infrastructure cluster management plane.\n- \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan resource on the infrastructure cluster control plane.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e: the chosen namespace to backup in the Management API server.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e: the chosen namespace to backup in the infrastructure API server.\n\nThese backup plans follow these rules:\n\n- Backs up the selected namespace every 24 hours. This frequency can be adjusted by modifying the `cronSchedule` field.\n- The backup includes volume data and uses a provisioner specific strategy.\n- A retention policy is set to keep backups for 40 days. You can adjust `backupRetainDays` and `backupDeleteLockDays` to meet your data retention policies.\n\nPerform the restoration\n-----------------------\n\nYou must escalate and instruct an Infrastructure Operator (IO) to perform the\nrestore on your behalf. Provide the necessary information such as the name of\nthe `BackupRepository` and `BackupPlan` resource. For more information on\naudience groups in GDC, see\n[Documentation audiences](/distributed-cloud/hosted/docs/latest/gdch/resources/audiences)."]]
