Create a backup repository

This page describes how to create a backup repository for virtual machines (VMs) in Google Distributed Cloud (GDC) air-gapped.

Before creating backups or snapshots, you must define at least one backup repository that can be shared among several backups or snapshots. A backup repository tells the backup system where to store or retrieve backups. Backup repositories for VMs are restricted to Management API server.

Before you begin

To create a backup repository, you must have the following:

A storage bucket and S3 credentials for the bucket.
The necessary identity and access role:
- Organization Backup Admin: manages backup resources such as backup and restore plans in user clusters. Ask your Organization IAM Admin to grant you the Organization Backup Admin (organization-backup-admin) role. For more information, see Role definitions.

Create a backup repository

Create a repository using the GDC console or the API.

Console

Sign into the GDC console.
In the navigation menu, click Backup for Virtual Machines > Repositories.
Click Create repository.
Enter a repository name and an optional description.
In the S3 URI endpoint field, enter an endpoint with the fully-qualified domain name of your object storage site.
In the Bucket name field, enter the name of the bucket.
In the Bucket region field, enter the region where the bucket was created.
In the Access Key ID list, enter the access key ID.
In the Access key field, enter the access key.
Click Create.

API

Create a ClusterBackupRepository custom resource using your credentials.

Add the credentials (access-key and access-key-id) to the Management API server as a secret to communicate with a storage bucket that you can use to backup and restore many different VMs. This secret is added to the Management API server to automate backup and restore operations. This secret doesn't exist inside any of the VMs being backed up or restored. The credentials must look like the following example:
```
apiVersion: v1
kind: Namespace
metadata:
  name: "s3-secret-ns"
  labels:
    name: "s3-secret-ns"
---
apiVersion: v1
kind: Secret
metadata:
  namespace: "s3-secret-ns"
  name: "s3-secret"
type: Opaque
data:
  access-key-id: YWNjZXNzS2V5MQ== # echo -n accessKey1 | base64 -w0
  access-key:  dmVyeVNlY3JldEtleTE= # echo -n verySecretKey1 | base64 -w0
```
Create a ClusterBackupRepository directly in the Management API server:
```
apiVersion: backup.gdc.goog/v1
kind: ClusterBackupRepository
metadata:
  name: REPOSITORY_NAME
spec:
  secretReference:
    namespace: STORAGE_NAMESPACE
    name: STORAGE_NAME
  endpoint: ENDPOINT
  type: "S3"
s3Options:
  bucket: BUCKET_NAME
  region: REGION
  forcePathStyle: FORCE_PATH_STYLE
importPolicy: IMPORT_POLICY
```
Replace the following:
- REPOSITORY_NAME: the name of the backup repository.
- STORAGE_NAMESPACE: the namespace for the secret that contains access credentials for the endpoint, such as object-storage-secret-ns.
- STORAGE_NAME: the name of the secret that contains access credentials for the endpoint, such as object-storage-secret.
- ENDPOINT: the fully qualified domain name for the storage system, such as https://objectstorage.google.gdch.test. For the type field, only a value of S3 is supported
- BUCKET_NAME: the name of the bucket.
- REGION: the region where the bucket was created.
- FORCE_PATH_STYLE: Use the forcePathStyle field to force path style URLs for objects. This field must have a value of true or false.
- IMPORT_POLICY: Set to one of the following:
  - ReadWrite: This repository can be used to schedule or create backups, backup plans, and restores.
  - ReadOnly: This repository can only be used to import and view backups. No new backups or resources can be created in this repository, but restores can use and reference read-only backups for restoration. There is no restriction on how often a backup repository can be used as ReadOnly.
The ClusterBackupRepository creates a read-write enabled BackupRepository resource in the Management API server that has the same name.

What's next

Manage a backup repository