This page describes how to create a backup repository and create backup plans for virtual machines (VMs).
Create a repository
Before creating backups or snapshots, you must define at least one backup repository that can be shared among several backups or snapshots. A backup repository tells the backup system where to store or retrieve backups. Backup repositories for VMs are restricted to org admin and system clusters.
Before you begin
Before you create a backup repository, you must first create a storage bucket and credentials for the bucket.
To get the permissions that you need to create a backup repository, ask your
Organization IAM Admin to grant you the Backup Repository Admin
(backup-repository-admin) role.
Create a repository using the GDC console or the API.
Console
- Sign into the GDC console.
- In the navigation menu, click Backup for Virtual Machines. Ensure that the project selector does not have a project selected.
- Click Create repository.
- Enter a repository name and an optional description.
- In the S3 URI endpoint field, enter an endpoint with the fully-qualified domain name of your object storage site.
- In the Bucket name field, enter the name of the bucket.
- In the Bucket region field, enter the region where the bucket was created.
- In the Access Key ID list, enter the access key ID.
- In the Access key field, enter the access key.
- Click Create.
API
Create a BackupRepositoryManager custom resource using your credentials.
Add the credentials (
access-keyandaccess-key-id) to the org admin cluster as a secret to communicate with a storage bucket that you can use to backup and restore many different VMs. This secret is added to the org admin cluster to automate backup and restore operations. This secret doesn't exist inside any of the VMs being backed up or restored. The credentials must look like the following example:apiVersion: v1 kind: Namespace metadata: name: "s3-secret-ns" labels: name: "s3-secret-ns" --- apiVersion: v1 kind: Secret metadata: namespace: "s3-secret-ns" name: "s3-secret" type: Opaque data: access-key-id: YWNjZXNzS2V5MQ== # echo -n accessKey1 | base64 -w0 access-key: dmVyeVNlY3JldEtleTE= # echo -n verySecretKey1 | base64 -w0To create a backup repository using the API, create a
BackupRepositoryManagercustom resource to use these credentials and apply the new resource to the org admin cluster.apiVersion: backup.gpc.gke.io/v1 kind: BackupRepositoryManager metadata: name: backup-repository-gcs spec: readWriteCluster: name: org-1-system namespace: org-1-system-cluster readOnlyClusters: name: org-1-admin namespace: org-1 backupRepositorySpec: secretReference: namespace: "gcs-secret-ns" name: "gcs-secret" endpoint: "http://storage.googleapis.com" type: "S3" s3Options: bucket: "bucket-name" region: "us-east-1" forcePathStyle: true importPolicy: "ReadWrite"
This example includes the following values:
| Value | Description |
|---|---|
readWriteCluster
|
The name and namespace of the system cluster. |
readOnlyClusters
|
The name and namespace of the org admin cluster. |
secretReference
|
A NamespacedName referencing the secret that contains
access credentials for the endpoint. |
endpoint |
The fully-qualified domain name for the storage system. |
type |
The type of backup repository. Only the S3 type is
supported. |
s3Options |
Configuration for the S3 endpoint. Required if type is
S3.
|
importPolicy |
Set to one of the following:
|
The BackupRepositoryManager propagates the secret into the system cluster and
creates a ReadWrite enabled BackupRepository resource in the system cluster
and a ReadOnly enabled BackupRepository resource in the org admin cluster.
View a repository
View a backup repository GDC console or kubectl.
Console
View a list of repositories using the GDC console.
- Sign into the GDC console.
- In the navigation menu, click Backup for Virtual Machines. Ensure that the project selector does not have a project selected.
- Click the Repositories tab.
- Click a repository in the list to view its details.
kubectl
View a backup repository by listing the backup repositories and viewing
their details using kubectl.
List the existing backup repositories:
kubectl get backuprepositories -n PROJECT_NAMEIn the list, find the backup repository that you want to view.
View the backup repository details:
kubectl describe backuprepository BACKUP_REPOSITORY_NAME -n PROJECT_NAMEReplace the following:
BACKUP_REPOSITORY_NAME: the name of the backup repository.PROJECT_NAME: the name of the project.
Deactivate a backup repository
To get the permissions that you need to deactivate a backup repository, ask your
Organization IAM Admin to grant you the Backup Repository Admin (backup-repository-admin) role.
Deactivate a backup repository using the GDC console:
- Sign in to the GDC console.
- In the navigation menu, click Backup for Virtual Machines.
- Click the Repositories tab.
- Click the name of the backup repository that you want to deactivate.
- Click Deactivate Repository.
- Enter the name of the backup repository into the text field.
Click Deactivate to confirm the deletion of the backup repository.
Reactivate a backup repository
Reactivate a backup repository using the GDC console:
- Sign in to the GDC console.
- In the navigation menu, click Backup for Virtual Machines.
- Click the Repositories tab.
- Click the name of the backup repository that you want to reactivate.
- Click Activate Repository.
- Click Activate.
Plan a set of VM backups
Backup plans provide the configuration and location for backups. A backup plan contains a backup configuration including the source VM and the selection of which VM to back up. You can create one or more backup plans for each VM. After a backup plan is created, users with the Backup Creator role can manually back up VMs.
To get the permissions you need to create a backup plan, ask your Organization
IAM Admin to grant you the User Cluster Backup Admin (user-cluster-backup-admin) role.
Create a backup plan for VMs
Create a backup plan using the GDC console or the API.
Console
- Sign into the GDC console.
- In the navigation menu, click Backup for Virtual Machines. Ensure that the project selector does not have a project selected.
- Click Create a backup plan.
- In the Project field, select a project for which this backup plan is available.
- Enter the backup plan name and description.
- In the Backup repo field, select a backup repository. Backup repositories are a set of object storage implementations.
- Click Create.
API
To plan your backups, create a VirtualMachineBackupPlanTemplate custom
resource. Here's an example of a VirtualMachineBackupPlanTemplate:
apiVersion: virtualmachines.gdc.goog/v1
kind: VirtualMachineBackupPlanTemplate
metadata:
name: vmbpt-test
spec:
backupRepository: "default"
This example includes the following value:
backupRepository: The name of the repository created in the previous section.
View a backup plan
View a backup plan using the GDC console or kubectl.
Console
View a list of backup plans using the GDC console.
- Sign into the GDC console.
- In the navigation menu, click Backup for Virtual Machines.
- Select a project.
- Click the Backup Plans tab.
- Click a backup plan in the list to view its details.
kubectl
View a backup plan by listing the backup plans and viewing
their details using kubectl.
List the existing backup plans:
kubectl get backupplans -n PROJECT_NAMEIn the list, find the backup plan that you want to view.
View the backup plan details:
kubectl describe backupplan BACKUP_PLAN_NAME -n PROJECT_NAMEReplace the following:
BACKUP_PLAN_NAME: the name of the backup plan.PROJECT_NAME: the name of the project.