Plan VM backups

This page describes how to create a backup repository and create backup plans for virtual machines (VMs).

Create a repository

Before creating backups or snapshots, you must define at least one backup repository that can be shared among several backups or snapshots. A backup repository tells the backup system where to store or retrieve backups. Backup repositories for VMs are restricted to org admin and system clusters.

Before you begin

Before you create a backup repository, you must first create a storage bucket and credentials for the bucket.

To get the permissions that you need to create a backup repository, ask your Organization IAM Admin to grant you the Organization Backup Admin (organization-backup-admin) role.

Create a repository using the GDC console or the API.

Console

Sign into the GDC console.
In the navigation menu, click Backup for Virtual Machines > Repositories.
Click Create repository.
Enter a repository name and an optional description.
In the S3 URI endpoint field, enter an endpoint with the fully-qualified domain name of your object storage site.
In the Bucket name field, enter the name of the bucket.
In the Bucket region field, enter the region where the bucket was created.
In the Access Key ID list, enter the access key ID.
In the Access key field, enter the access key.
Click Create.

API

Create a BackupRepositoryManager custom resource using your credentials.

Add the credentials (access-key and access-key-id) to the org admin cluster as a secret to communicate with a storage bucket that you can use to backup and restore many different VMs. This secret is added to the org admin cluster to automate backup and restore operations. This secret doesn't exist inside any of the VMs being backed up or restored. The credentials must look like the following example:
```
apiVersion: v1
kind: Namespace
metadata:
  name: "s3-secret-ns"
  labels:
    name: "s3-secret-ns"
---
apiVersion: v1
kind: Secret
metadata:
  namespace: "s3-secret-ns"
  name: "s3-secret"
type: Opaque
data:
  access-key-id: YWNjZXNzS2V5MQ== # echo -n accessKey1 | base64 -w0
  access-key:  dmVyeVNlY3JldEtleTE= # echo -n verySecretKey1 | base64 -w0
```

To create a backup repository using the API, create a BackupRepositoryManager custom resource to use these credentials and apply the new resource to the org admin cluster.

apiVersion: backup.gdc.goog/v1
kind: BackupRepositoryManager
metadata:
  name: backup-repository-gcs
spec:
  readWriteCluster:
    name: org-1-system
    namespace: org-1-system-cluster
  readOnlyClusters:
    name: org-1-admin
    namespace: org-1
  backupRepositorySpec:
    secretReference:
      namespace: "gcs-secret-ns"
      name: "gcs-secret"
    endpoint: "http://storage.googleapis.com"
    type: "S3"
    s3Options:
      bucket: "bucket-name"
      region: "us-east-1"
      forcePathStyle: true
    importPolicy: "ReadWrite"

This example includes the following values:

Value	Description
`readWriteCluster`	The name and namespace of the system cluster.
`readOnlyClusters`	The name and namespace of the org admin cluster.
`secretReference`	A `NamespacedName` referencing the secret that contains access credentials for the `endpoint.`
`endpoint`	The fully-qualified domain name for the storage system.
`type`	The type of backup repository. Only the `S3` type is supported.
`s3Options`	Configuration for the S3 endpoint. Required if `type` is `S3`. `bucket`: the name of the bucket. `region`: region of the given endpoint. Storage system specific. `forcePathStyle`: whether to force path style URLs for objects.
`importPolicy`	Set to one of the following: `ReadWrite`: This repository can be used to schedule or create backups, backup plans, and restores. `ReadOnly`: This repository can only be used to import and view backups. No new backups or resources can be created in this repository, but restores can use and reference read-only backups for restoration. There is no restriction on how often a backup repository can be used as `ReadOnly.`

The BackupRepositoryManager propagates the secret into the system cluster and creates a ReadWrite enabled BackupRepository resource in the system cluster and a ReadOnly enabled BackupRepository resource in the org admin cluster.

View a repository

View a backup repository GDC console or kubectl.

Console

View a list of repositories using the GDC console.

Sign into the GDC console.
In the navigation menu, click Backup for Virtual Machines > Repositories.
Click a repository in the list to view its details.

kubectl

View a backup repository by listing the backup repositories and viewing their details using kubectl.

List the existing backup repositories:

kubectl get backuprepositories -n PROJECT_NAME

In the list, find the backup repository that you want to view.
View the backup repository details:
```
kubectl describe backuprepository BACKUP_REPOSITORY_NAME -n PROJECT_NAME
```
Replace the following:
- BACKUP_REPOSITORY_NAME: the name of the backup repository.
- PROJECT_NAME: the name of the project.

Deactivate a backup repository

To get the permissions that you need to deactivate a backup repository, ask your Organization IAM Admin to grant you the Organization Backup Admin (organization-backup-admin) role.

Deactivate a backup repository using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Virtual Machines > Repositories.
Click the name of the backup repository that you want to deactivate.
Click Deactivate Repository.
Enter the name of the backup repository into the text field.
Click Deactivate to confirm the deletion of the backup repository.

Note: After deactivation, you are able to reactivate this backup repository.

Reactivate a backup repository

Reactivate a backup repository using the GDC console:

Sign in to the GDC console.
In the navigation menu, click Backup for Virtual Machines > Repositories.
Click the name of the backup repository that you want to reactivate.
Click Activate Repository.
Click Activate.

Plan a set of VM backups

Backup plans provide the configuration and location for backups. A backup plan contains a backup configuration including the source VM and the selection of which VM to back up. You can create one or more backup plans for each VM. After a backup plan is created, users with the Backup Creator role can manually back up VMs.

To get the permissions you need to create a backup plan, ask your Organization IAM Admin to grant you the User Cluster Backup Admin (user-cluster-backup-admin) role.

Create a backup plan for VMs

Create a backup plan using the GDC console or the API.

Console

Sign into the GDC console.
In the navigation menu, click Backup for Virtual Machines > Backup plans.
Click Create a backup plan.
In the Project field, select a project for which this backup plan is available.
Enter the backup plan name and description.
In the Backup repo field, select a backup repository. Backup repositories are a set of object storage implementations.
Click Create.

API

To plan your backups, create a VirtualMachineBackupPlanTemplate custom resource. Here's an example of a VirtualMachineBackupPlanTemplate:

apiVersion: virtualmachines.gdc.goog/v1
kind: VirtualMachineBackupPlanTemplate
metadata:
  name: vmbpt-test
spec:
  backupRepository: "default"

This example includes the following value:

backupRepository: The name of the repository created in the previous section.

View a backup plan

View a backup plan using the GDC console or kubectl.

Console

View a list of backup plans using the GDC console.

Sign into the GDC console.
In the navigation menu, click Backup for Virtual Machines > Backup plans.
Select a project.
Click a backup plan in the list to view its details.

kubectl

View a backup plan by listing the backup plans and viewing their details using kubectl.

List the existing backup plans:

kubectl get backupplans -n PROJECT_NAME

In the list, find the backup plan that you want to view.
View the backup plan details:
```
kubectl describe backupplan BACKUP_PLAN_NAME -n PROJECT_NAME
```
Replace the following:
- BACKUP_PLAN_NAME: the name of the backup plan.
- PROJECT_NAME: the name of the project.

What's next

Back up VMs