Configure disaster recovery for the org admin cluster

Disaster recovery planning includes performing control plane disaster recovery for the org admin cluster.

Before you begin

To set up the backup for an org admin cluster, you must have the following components in place:

  • A backup site identified.
  • Access to both the source and backup sites with help from the Infrastructure Operator (IO).
  • Capability to perform remote backup across the two sites with help from the IO involved in your disaster recovery planning.
  • Have the necessary identity and access roles:
    • DR Backup Admin: performs disaster recovery backups. Ask your Organization IAM Admin to grant you the DR Backup Admin (dr-backup-admin) cluster role.
    • DR System Admin: manage objects in dr-system namespace for setting up control plane backups. Ask your Organization IAM Admin to grant you the DR System Admin (dr-system-admin) role.
  • The gdcloud CLI must be installed and added to your user path. To install gdcloud CLI, see Install the gdcloud CLI.

The commands in the following sections must be run on the org admin cluster from the specified site.

Create bucket on the backup site

The bucket name must follow the format:

BUCKET_NAME=dr-bucket-SITE_IDENTIFIER

Replace SITE_IDENTIFIER with the identifier of the source site as chosen by the customer. For example, us-west.

Create and configure the bucket for the backup target site:

  1. Use the gdcloud CLI to create a bucket in the backup site:

    gdcloud dr buckets create --cluster=CLUSTER_NAME \
    --source-site=SOURCE_SITE
    

    Replace the following variables:

    • SOURCE_SITE: the identifier of the source site as chosen by the customer. For example, us-west.
    • CLUSTER_NAME: the cluster name for the root admin cluster. For example, e.g. root-admin.
    • BUCKET_CONFIG_FILE: the path of saved bucket configuration file.
  2. Store the bucket configuration locally in JSON format:

    gdcloud dr buckets describe --cluster=CLUSTER_NAME \
    --source-site=SOURCE_SITE \
    --output-path=BUCKET_CONFIG_FILE
    
  3. Modify the endpoint field in the configuration for the remote backup use case:

    • Append port :8082 to the URL.

    For example, https://objectstorage.zone1.google.gdch.test becomes https://objectstorage.zone1.google.gdch.test:8082.

Create backup repository on the source site

Create a backup repository by loading the bucket config file in the source site:

    gdcloud dr backup-repositories create
    --cluster=CLUSTER_NAME
    --bucket-config-file=BUCKET_CONFIG_FILE

Create backup plans for org admin cluster

  1. Create backup plans for all resources in the org admin cluster:

    gdcloud dr backup-plans create --cluster=CLUSTER_NAME
    --plan-scope=everything
    gdcloud dr backup-plans create --cluster=CLUSTER_NAME
    --plan-scope=dns
    
  2. Verify that the backups are working on the source site:

    kubectl get backups -n dr-system
    

    The disaster recovery backups have following prefix:

    dr-backup-plan
    dns-backup-plan
    

    A successful backup has a Succeeded state.

Perform restoration

Once the earlier steps are complete, provide the backup repository and the backup plan name to the IO, and instruct them to perform the restoration to complete the disaster recovery process.