Stay organized with collections
Save and categorize content based on your preferences.
Autopilot
Standard
You can use Google Kubernetes Engine (GKE) clusters to run mission-critical
workloads, which must be resilient to many types of disruptions, including
infrastructure failures, user errors, and cyber attacks.
Back up configurations and persistent volume data to make workloads resilient to disruption.
Restore workloads from backups if disruptions occur.
Achieve business-critical Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).
Streamline day-to-day operations by cloning production configuration and
data for use cases such as sandbox testing, and the creation of test and development environments.
GKE monitors your clusters and uses the Recommender service
to provide guidance for how you can optimize your usage of the platform.
GKE detects opportunities to make workloads more resilient to disruptions by
enabling Backup for GKE.
GKE generates insights that identify clusters within your organization that
aren't protected by backups. To get these insights, follow the instructions to
view insights and recommendations
using the Google Cloud console, the Google Cloud CLI, or the Recommender API with
the CLUSTER_BACKUP_PLAN_NOT_CREATED subtype.
How GKE identifies clusters without a backup plan
GKE uses the following criteria to determine that you should create a backup
plan to protect your cluster:
The cluster is not ephemeral, meaning that the GKE cluster meets all of the following criteria:
The cluster has existed for at least seven days.
The cluster is in one of the following zones or regions:
Zone: us-central1-a, us-central1-b, us-central1-c, us-central1-f,
us-east1-b, us-east1-c, or us-east1-d
The cluster has no associated Backup for GKE backup plan.
Assess if your cluster needs data protection with Backup for GKE
Consider the following criteria to assess whether you should back up your
cluster with Backup for GKE:
Running stateful applications: Stateful applications retain state, which
is vulnerable to loss and corruption. Backups provide the best defense
against disruptions due to zonal, regional, workload, or user-induced failures.
Quick application rollback is important: Recover both stateful and
stateless applications to a known healthy state in the event of faults,
failed upgrades, or corruption. A recovery from backups can often lead to
quicker recovery times compared to redeploying your application.
With backups, you can store multiple points in time for greater flexibility.
Need protection from cyber attack: Prepare for the impact of cyber
attack threats by creating immutable and encrypted backups, and locking
those backups against deletion for a minimum amount of time.
Both stateful and stateless workloads can benefit from backups. Consider
configuring backups if one or more of this criteria applies to your cluster.
Act on the recommendation
If you've determined that you should enable Backup for GKE and create a
backup plan for your cluster, follow these instructions:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Protect clusters with Backup for GKE\n\nAutopilot Standard\n\n*** ** * ** ***\n\nYou can use Google Kubernetes Engine (GKE) clusters to run mission-critical\nworkloads, which must be resilient to many types of disruptions, including\ninfrastructure failures, user errors, and cyber attacks.\n\nWith [Backup for GKE](/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke), you can:\n\n- Back up configurations and persistent volume data to make workloads resilient to disruption.\n- Restore workloads from backups if disruptions occur.\n- Achieve business-critical Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).\n- Streamline day-to-day operations by cloning production configuration and data for use cases such as sandbox testing, and the creation of test and development environments.\n\nGKE monitors your clusters and uses the [Recommender service](/recommender/docs/overview)\nto provide guidance for how you can optimize your usage of the platform.\nGKE detects opportunities to make workloads more resilient to disruptions by\nenabling Backup for GKE.\n\nTo learn more about how to manage insights and recommendations from Recommender,\nsee [Optimize your usage of GKE with insights and recommendations](/kubernetes-engine/docs/how-to/optimize-with-recommenders).\n\nIdentify clusters unprotected by Backup for GKE\n-----------------------------------------------\n\nGKE generates insights that identify clusters within your organization that\naren't protected by backups. To get these insights, follow the instructions to\n[view insights and recommendations](/kubernetes-engine/docs/how-to/optimize-with-recommenders#view-insights-recs)\nusing the Google Cloud console, the Google Cloud CLI, or the Recommender API with\nthe `CLUSTER_BACKUP_PLAN_NOT_CREATED` subtype.\n\nHow GKE identifies clusters without a backup plan\n-------------------------------------------------\n\nGKE uses the following criteria to determine that you should create a backup\nplan to protect your cluster:\n\n- The cluster is not ephemeral, meaning that the GKE cluster meets all of the following criteria:\n\n - The cluster has existed for at least seven days.\n - The cluster is in one of the following zones or regions:\n\n - **Zone** : `us-central1-a`, `us-central1-b`, `us-central1-c`, `us-central1-f`, `us-east1-b`, `us-east1-c`, or `us-east1-d`\n - **Region** : `us-east1`\n - The cluster is running.\n\n - The cluster is not an [alpha cluster](/kubernetes-engine/docs/concepts/alpha-clusters).\n\n- The cluster has no associated Backup for GKE backup plan.\n\nAssess if your cluster needs data protection with Backup for GKE\n----------------------------------------------------------------\n\nConsider the following criteria to assess whether you should back up your\ncluster with Backup for GKE:\n\n- **Running stateful applications**: Stateful applications retain state, which is vulnerable to loss and corruption. Backups provide the best defense against disruptions due to zonal, regional, workload, or user-induced failures.\n- **Quick application rollback is important**: Recover both stateful and stateless applications to a known healthy state in the event of faults, failed upgrades, or corruption. A recovery from backups can often lead to quicker recovery times compared to redeploying your application. With backups, you can store multiple points in time for greater flexibility.\n- **Need protection from cyber attack**: Prepare for the impact of cyber attack threats by creating immutable and encrypted backups, and locking those backups against deletion for a minimum amount of time.\n\nBoth stateful and stateless workloads can benefit from backups. Consider\nconfiguring backups if one or more of this criteria applies to your cluster.\n\nAct on the recommendation\n-------------------------\n\nIf you've determined that you should enable Backup for GKE and create a\nbackup plan for your cluster, follow these instructions:\n\n1. [Enable Backup for GKE API](/kubernetes-engine/docs/add-on/backup-for-gke/how-to/install).\n2. [Enable Backup for GKE for a cluster](/kubernetes-engine/docs/add-on/backup-for-gke/how-to/enable-gke-cluster).\n3. [Create a backup plan](/kubernetes-engine/docs/add-on/backup-for-gke/how-to/backup-plan#console).\n\nWhat's next\n-----------\n\n- [Optimize your usage of GKE with insights and recommendations](/kubernetes-engine/docs/how-to/optimize-with-recommenders)\n- [Restore a backup](/kubernetes-engine/docs/add-on/backup-for-gke/how-to/restore)"]]