Version 1.8. This version is supported as outlined in the Anthos version support policy, offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem). Refer to the release notes for more details. This is not the most recent version.

Back up and restore an admin cluster with gkectl

This page describes how to back up and restore an admin cluster, including its etcd data, secrets and certificates, using the gkectl command. You can also back up and restore an admin cluster manually.

Back up an admin cluster

You can set up admin cluster backups so they are automatically performed before and after cluster creation, update and upgrade for user and admin clusters. You can also perform an on-demand backup whenever you deem it necessary.

An admin cluster backup includes admin cluster etcd data, secrets and certificates. The size of a backup can range from 3 MB–100 MB depending on the size of the cluster.

Enable the admin cluster backup feature

By default this feature is disabled. To enable the admin cluster backup feature:

  1. Add the following section to the admin cluster configuration file:

    clusterBackup:
      datastore: DATASTORE
    

    Replace DATASTORE with the datastore where you want to store the backup. The datastore must be in the same datacenter as the admin cluster. Backups are located in the anthos-backup/DATADISK_PATH directory of the specified datastore.

  2. Update the admin cluster:

    gkectl update admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
    

    Replace:

    • ADMIN_CLUSTER_KUBECONFIG with the path of your admin cluster kubeconfig file.
    • ADMIN_CLUSTER_CONFIG with the path of your admin cluster configuration file.

Disable the admin cluster backup feature

  1. Remove the clusterBackup section from the admin cluster configuration file.

    clusterBackup:
      datastore: DATASTORE
    
  2. Update the admin cluster with this change, using this command:

    gkectl update admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
    

Updating the backup datastore

Once you have enabled this backup feature, further updates to clusterBackup.datastore using gkectl update are not supported.

On-demand backup

To trigger an on-demand admin cluster backup, run the following command:

gkectl  backup admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
   

Limit on number of backups

You can have a maximum total of six backups, divided into a maximum of three on-demand backups, and a maximum of three backups from cluster update, upgrade or create operations. These backups are automatically rotated should these limits be exceeded. No manual intervention is necessary.

Restore an admin cluster

You should restore an admin cluster only when it is completely broken with data loss or corruption. For example,

  • The admin master data disk is lost or corrupted.
  • The admin cluster's etcd is lost or corrupted.
  • The admin cluster's control plane secrets and certificates are lost or corrupted.

Do not use this approach to restore a working admin cluster to an arbitrary previous state. This restore feature should not be used as a way to revert admin cluster operations such as a cluster update or cluster upgrade.

To recreate the admin cluster from a backup, run the following command:

  gkectl repair admin-master --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG --restore-from-backup
  

This command retrieves all of the backups of this admin cluster from the datastore defined in the clusterBackup section of the admin cluster configuration file, and it prompts you to select the one from which you want to use to restore the admin cluster.