Configure disaster recovery for a cluster

This page provides instructions for how to configure disaster recovery for cluster workloads in Google Distributed Cloud (GDC) air-gapped.

As a Platform Administrator (PA), you must create a bucket, backup repository, and a backup plan for a specified cluster.

Once these resources are created, you must inform an Infrastructure Operator (IO) to complete the restore.

Before you begin

To configure disaster recovery for a cluster, you must have the following:

Access to the Kubernetes cluster you want to create the restore for. For more information, see Kubernetes cluster overview.
The necessary identity and access roles:
- DR Backup Admin: performs disaster recovery backups. Ask your Organization IAM Admin to grant you the DR Backup Admin (dr-backup-admin) cluster role.
- DR System Admin: manage objects in dr-system namespace for setting up management cluster backups. Ask your Organization IAM Admin to grant you the DR System Admin (dr-system-admin) role.

Create bucket on the backup site

Create a bucket on the backup site:

Use the gdcloud CLI to create a bucket in the backup site:
```
gdcloud dr buckets create --cluster=CLUSTER_NAME \
--source-site=SOURCE_SITE
```
Replace the following:
- SOURCE_SITE: the identifier of the source site as chosen by the customer. For example, us-west.
- CLUSTER_NAME: the cluster name for the cluster such as root-admin.
- BUCKET_CONFIG_FILE: the path of saved bucket configuration file.

Store the bucket configuration locally in JSON format:

gdcloud dr buckets describe --cluster=CLUSTER_NAME \
--source-site=SOURCE_SITE \
--output-path=BUCKET_CONFIG_FILE

Modify the endpoint field in the configuration for the remote backup use case. Append port :8082 to the URL: For example, https://objectstorage.zone1.google.gdch.test becomes https://objectstorage.zone1.google.gdch.test:8082.

Create backup repository on the source site

Create a backup repository by loading the bucket config file in the source site:

    gdcloud dr backup-repositories create
    --cluster=CLUSTER_NAME
    --bucket-config-file=BUCKET_CONFIG_FILE

Create backup plans for infrastructure and Management API servers

Create a BackupPlan resource on both the infrastructure and Management control planes using kubectl:

    apiVersion: backup.gdc.goog/v1
    kind: BackupPlan
    metadata:
    name: MANAGEMENT_BACKUP_PLAN_NAME
    namespace: dr-system
    spec:
    clusterName: infra-mp
    backupSchedule:
        cronSchedule: "0 0 * * *"
        paused: false
    backupConfig:
        backupScope:
        selectedNamespaces:
            namespaces:
            - NAMESPACE_MP
        backupRepository: dr-backup-repo
        includeVolumeData: true
        volumeStrategy: ProvisionerSpecific
    retentionPolicy:
        backupDeleteLockDays: 40
        backupRetainDays: 40
    ---
    apiVersion: backup.gdc.goog/v1
    kind: BackupPlan
    metadata:
    name: INFRASTRUCTURE_BACKUP_PLAN_NAME
    namespace: dr-system
    spec:
    clusterName: infra-cp
    backupSchedule:
        cronSchedule: "0 0 * * *"
        paused: false
    backupConfig:
        backupScope:
        selectedNamespaces:
            namespaces:
            - NAMESPACE_CP
        backupRepository: dr-backup-repo
        includeVolumeData: true
        volumeStrategy: ProvisionerSpecific
    retentionPolicy:
        backupDeleteLockDays: 40
        backupRetainDays: 40

Replace the following:

MANAGEMENT_BACKUP_PLAN_NAME: your chosen name for the backup plan. resource on the infrastructure cluster management plane.
INFRASTRUCTURE_BACKUP_PLAN_NAME: your chosen name for the backup plan resource on the infrastructure cluster control plane.
NAMESPACE_MP: the chosen namespace to backup in the Management API server.
NAMESPACE_CP: the chosen namespace to backup in the infrastructure API server.

These backup plans follow these rules:

Backs up the selected namespace every 24 hours. This frequency can be adjusted by modifying the cronSchedule field.
The backup includes volume data and uses a provisioner specific strategy.
A retention policy is set to keep backups for 40 days. You can adjust backupRetainDays and backupDeleteLockDays to meet your data retention policies.

Perform the restoration

You must escalate and instruct an Infrastructure Operator (IO) to perform the restore on your behalf. Provide the necessary information such as the name of the BackupRepository and BackupPlan resource. For more information on audience groups in GDC, see Documentation audiences.