Plan a set of backups

Backup plans provide the configuration, location, and management functions for a sequence of backups. A backup plan contains a backup configuration, including the source cluster and the selection of workloads to back up. Google recommends providing every cluster with at least one backup plan.

You can create one or more backup plans for each cluster. You might want to partition the backups of your cluster for one of the following reasons:

Instead of having one very large backup taken at a single time of the day, you want multiple smaller backups distributed throughout the day.
You want to back up some portions of your cluster more often than others, such as daily backups for some namespaces and hourly backups for others.

A single cluster or virtual machine (VM) can belong to one or more backup plans. A backup plan cannot span more than one cluster; however, a single backup plan can capture multiple VMs if they exist in the same cluster.

Create a backup plan

We recommend that you define a cron schedule for the backup plan, so that backups are automatically created according to that schedule. You can also manually back up your workloads. For more information, see Create a manual backup.

Administrators create and manage backup plans. To get the permissions required to create a backup plan, ask your Organization IAM Admin to grant you the User Cluster Backup Admin (user-cluster-backup-admin) role. If you are an Application Operator, ask your administrator that has User Cluster Backup Admin privileges to create a backup plan for you.

Create backup plans using the GDC console or the API.

Console

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Create backup plan.
In the Plan details section, complete the following steps and click Continue:
1. In the Cluster list, select the cluster to back up.
2. Enter the backup plan Name and Description.
3. In the Backup repo field, select a backup repository. Backup repositories are a set of object storage implementations.
4. In the Grant access to this backup plan section, click Add project to give other projects access to this plan.
In the Scope and encryption section, complete the following steps and click Continue:
1. Select one of the following scopes for the backup plan:
  1. Click Entire cluster to back up all namespace resources in the backup.
  2. Click Selected namespaces within the cluster to choose the namespaces in the backup to restore.
    1. Click Edit Cluster Namespace and then Add Cluster Namespace to enter a Namespace.
  3. Click Selected protected applications within this cluster to add resources by specifying the namespace and the application name.
    1. Click Edit Protected Applications and then Add Protected Application to enter a Namespace and Protected Application.
2. Click Include Secrets to include Kubernetes Secret resources.
3. Click Include persistent volume data if you want the volume data in your backup. Clear this checkbox if you want to create empty volumes during the restore.
In the Schedule and retention section, complete the following steps and click Continue:
1. To define a schedule, enter an expression using standard cron syntax in the CRON string field. For example, the expression 10 3 * * * creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
2. In the Delete backups after field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.
3. Set the number of days during which backups cannot be deleted.
4. To lock the retention policy, click the lock icon to turn the lock from Off to On.
Review the backup plan details and click Create Plan.

API

Create a BackupPlan custom resource in the cluster to schedule backups. A backup plan periodically schedules backups based on the backupSchedule. BackupPlans are namespace resources. Here's an example of a BackupPlan:

apiVersion: backup.gdc.goog/v1
kind: BackupPlan
metadata:
  name: backup-plan
  namespace: default
spec:
  clusterName: "cluster-sample"
  backupSchedule:
    cronSchedule: "*/30 * * * *"
    paused: false
  backupConfig:
    backupScope:
      selectedNamespaces:
        namespaces: ["nginx"]
    backupRepository: "backup-repository"
  retentionPolicy:
    backupDeleteLockDays: 10
    backupRetainDays: 10

This example includes the following values:

Value	Description
`clusterName`	The name of the cluster to back up.
`backupSchedule`	The schedule indicating how often to perform the backup. `cronSchedule:` a crontab schedule indicating when to schedule backups. `paused:` If `true`, periodic backups are not scheduled.
`backupConfig`	Configuration details for the backups: `backupScope:` Indicates which resources are backed up. Specify one of the following: `allNamespaces:` captures all resources in all namespaces. `selectedNamespaces:` captures resources in the list of specified namespaces. `selectedApplication:` captures resources defined by `protectedApplications`. `backupRepository:` the target repository that stores the backups. This must be imported as `ReadWrite.` `includeVolumeData:` decides whether to back up `PersistentVolume` (PV) resources within the backup scope. This value is `false` by default. `includeSecrets:` decides whether to back up `Secret` objects within the backup scope. This value is `false` by default.
`retentionPolicy`	Determines how long backups persist in the `backupRepository.` `backupDeleteLockDays:` prevents deletion of the backup for the number of days specified after backup creation. `backupRetainDays:` deletes backups after the number of days specified after backup creation. Retention policies do not override the retention policies of the storage location, nor can they exceed 90 days.
`description`	The description of the backup plan.
`deactivated`	Disables this backup plan. No new backups can be created from this plan.

After a backup plan is created, backups are automatically created with the specified backup configuration based on the backup schedule.

View a backup plan

You must have the User Cluster Backup Admin or Backup Creator role to view backup plans.

View a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.
- Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click a backup plan in the list to view its details. Users with User Cluster Backup Admin privileges can view all backup plans in the organization. Users with the Backup Creator role can view all backup plans in the selected project.

Edit a backup plan

You must have the User Cluster Backup Admin or Backup Creator role to edit a backup plan.

Edit a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization, or select a project to see all of the backup plans in a project.
- Backup Creator: Select a project to see all of the backup plans in a project.
Click the Backup Plans tab.
Click on the name of the backup plan that you want to edit.
Click the Plan Configuration tab to view the fields that can be modified.
Click the Edit icon for Schedule and retention to edit that resource:
1. To update a schedule, enter an expression using standard cron syntax in the CRON string field. For example, the expression 10 3 * * * creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
2. In the Delete backups after field, set the number of days for which to retain the backup. Once the number of days is reached, the backup is automatically deleted.
3. In the Prevent deletion for field, set the number of days during which backups cannot be deleted.
  
  Note: If both fields are enabled, the value of the Prevent deletion for field must be less than the value of the Delete backups after field.
4. To lock the retention policy, click the lock icon from Off to On.
  
  Note: Once the retention policy is locked, you won't be able to edit the retention policy of this backup plan again. You can only update the schedule.
5. Click the Save button to confirm your changes.

Deactivate a backup plan

You must have the User Cluster Backup Admin or Backup Creator role to deactivate a backup plan.

Deactivate a backup plan using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Clusters.
Click Select project, and select an organization or project depending on your role:
- User Cluster Backup Admin: Select an organization to see all backup plans in an organization or select a project to see all backup plans in a project.
- Backup Creator: Select a project to see all backup plans in a project.
Click the Backup Plans tab.
Click the name of the backup plan you want to deactivate.
Click the Deactivate Plan button.
Enter the name of the backup plan you are deactivating into the field.
Click the Deactivate button to complete the deactivation of this backup plan.

Note: This operation cannot be undone. Deactivating the backup plan does not delete the backups contained within it, but no new backups can be created automatically or manually.