Protect clusters with Backup for GKE

You can use Google Kubernetes Engine (GKE) clusters to run mission-critical workloads, which must be resilient to many types of disruptions, including infrastructure failures, user errors, and cyber attacks.

With Backup for GKE, you can:

  • Back up configurations and persistent volume data to make workloads resilient to disruption.
  • Restore workloads from backups if disruptions occur.
  • Achieve business-critical Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
  • Streamline day-to-day operations by cloning production configuration and data for use cases such as sandbox testing, and the creation of test and development environments.

GKE monitors your clusters and uses the Recommender service to provide guidance for how you can optimize your usage of the platform. GKE detects opportunities to make workloads more resilient to disruptions by enabling Backup for GKE.

To learn more about how to manage insights and recommendations from Recommender, see Optimize your usage of GKE with insights and recommendations.

Identify clusters unprotected by Backup for GKE

GKE generates insights that identify clusters within your organization that aren't protected by backups. To get these insights, follow the instructions to view insights and recommendations using the Google Cloud console, the Google Cloud CLI, or the Recommender API with the CLUSTER_BACKUP_PLAN_NOT_CREATED subtype.

How GKE identifies clusters without a backup plan

GKE uses the following criteria to determine that you should create a backup plan to protect your cluster:

  • The cluster is not ephemeral, meaning that the GKE cluster meets all of the following criteria:

    • The cluster has existed for at least seven days.

    • The cluster is in one of the following zones or regions:

      • Zone: us-central1-a, us-central1-b, us-central1-c, us-central1-f, us-east1-b, us-east1-c, or us-east1-d
      • Region: us-east1

    • The cluster is running.

    • The cluster is not an alpha cluster.

  • The cluster has no associated Backup for GKE backup plan.

Assess if your cluster needs data protection with Backup for GKE

Consider the following criteria to assess whether you should back up your cluster with Backup for GKE:

  • Running stateful applications: Stateful applications retain state, which is vulnerable to loss and corruption. Backups provide the best defense against disruptions due to zonal, regional, workload, or user-induced failures.
  • Quick application rollback is important: Recover both stateful and stateless applications to a known healthy state in the event of faults, failed upgrades, or corruption. A recovery from backups can often lead to quicker recovery times compared to redeploying your application. With backups, you can store multiple points in time for greater flexibility.
  • Need protection from cyber attack: Prepare for the impact of cyber attack threats by creating immutable and encrypted backups, and locking those backups against deletion for a minimum amount of time.

Both stateful and stateless workloads can benefit from backups. Consider configuring backups if one or more of this criteria applies to your cluster.

Act on the recommendation

If you've determined that you should enable Backup for GKE and create a backup plan for your cluster, follow these instructions:

  1. Enable Backup for GKE API.
  2. Enable Backup for GKE for a cluster.
  3. Create a backup plan.

What's next