Mengonfigurasi pemulihan dari bencana untuk cluster
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini memberikan petunjuk tentang cara mengonfigurasi pemulihan dari bencana untuk workload cluster di Google Distributed Cloud (GDC) air gap.
Sebagai Administrator Platform (PA), Anda harus membuat bucket, repositori cadangan, dan rencana pencadangan untuk cluster tertentu.
Setelah resource ini dibuat, Anda harus memberi tahu Operator Infrastruktur (IO) untuk menyelesaikan pemulihan.
Sebelum memulai
Untuk mengonfigurasi pemulihan dari bencana untuk cluster, Anda harus memiliki hal berikut:
Akses ke cluster Kubernetes yang ingin Anda buat pemulihannya. Untuk mengetahui informasi selengkapnya, lihat Ringkasan cluster Kubernetes.
Peran identitas dan akses yang diperlukan:
Admin Pencadangan DR: melakukan pencadangan pemulihan dari bencana. Minta Admin IAM Organisasi Anda untuk memberi Anda peran cluster DR Backup Admin (dr-backup-admin).
Admin Sistem DR: mengelola objek di namespace dr-system untuk
menyiapkan cadangan cluster pengelolaan. Minta Admin IAM Organisasi Anda untuk memberi Anda peran DR System Admin (dr-system-admin).
Buat bucket di situs cadangan
Buat bucket di situs cadangan:
Gunakan gdcloud CLI untuk membuat bucket di situs cadangan:
Ubah kolom endpoint dalam konfigurasi untuk kasus penggunaan pencadangan jarak jauh. Tambahkan port :8082 ke URL: Misalnya, https://objectstorage.zone1.google.gdch.test menjadi
https://objectstorage.zone1.google.gdch.test:8082.
Membuat repositori cadangan di situs sumber
Buat repositori cadangan dengan memuat file konfigurasi bucket di situs sumber:
MANAGEMENT_BACKUP_PLAN_NAME: nama yang Anda pilih untuk rencana cadangan.
resource di bidang pengelolaan cluster infrastruktur.
INFRASTRUCTURE_BACKUP_PLAN_NAME: nama yang Anda pilih untuk resource rencana cadangan di bidang kontrol cluster infrastruktur.
NAMESPACE_MP: namespace yang dipilih untuk dicadangkan di server Management API.
NAMESPACE_CP: namespace yang dipilih untuk dicadangkan di server API infrastruktur.
Rencana cadangan ini mengikuti aturan berikut:
Mencadangkan namespace yang dipilih setiap 24 jam. Frekuensi ini dapat disesuaikan dengan mengubah kolom cronSchedule.
Pencadangan mencakup data volume dan menggunakan strategi khusus penyedia.
Kebijakan retensi disetel untuk menyimpan cadangan selama 40 hari. Anda dapat menyesuaikan backupRetainDays dan backupDeleteLockDays untuk memenuhi kebijakan retensi data Anda.
Melakukan pemulihan
Anda harus mengeskalasikan dan menginstruksikan Operator Infrastruktur (IO) untuk melakukan pemulihan atas nama Anda. Berikan informasi yang diperlukan seperti nama resource BackupRepository dan BackupPlan. Untuk mengetahui informasi selengkapnya tentang
grup audiens di GDC, lihat
Audiens dokumentasi.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-05 UTC."],[[["\u003cp\u003eThis page guides Platform Administrators (PAs) through configuring disaster recovery for cluster workloads in Google Distributed Cloud (GDC) air-gapped environments.\u003c/p\u003e\n"],["\u003cp\u003ePAs must create a bucket, a backup repository linked to this bucket, and a backup plan to schedule regular backups for a specified cluster.\u003c/p\u003e\n"],["\u003cp\u003eConfiguring disaster recovery requires specific Kubernetes cluster access and the \u003ccode\u003edr-backup-admin-mp\u003c/code\u003e and \u003ccode\u003edr-system-admin-mp\u003c/code\u003e identity and access roles.\u003c/p\u003e\n"],["\u003cp\u003eOnce the bucket, repository, and plan are created, PAs need to inform an Infrastructure Operator (IO) to complete the restoration process.\u003c/p\u003e\n"],["\u003cp\u003eThe created backup plan will backup the specified namespace every ten minutes, include volume data using a local snapshot strategy, and has a retention policy set to retain backups for ten days.\u003c/p\u003e\n"]]],[],null,["# Configure disaster recovery for a cluster\n\nThis page provides instructions for how to configure disaster recovery for\ncluster workloads in Google Distributed Cloud (GDC) air-gapped.\n\nAs a Platform Administrator (PA), you must create a bucket, backup repository,\nand a backup plan for a specified cluster.\n\nOnce these resources are created, you must inform an Infrastructure Operator\n(IO) to complete the restore.\n\nBefore you begin\n----------------\n\nTo configure disaster recovery for a cluster, you must have the following:\n\n- Access to the Kubernetes cluster you want to create the restore for. For more information, see [Kubernetes cluster overview](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/clusters).\n- The necessary identity and access roles:\n - DR Backup Admin: performs disaster recovery backups. Ask your Organization IAM Admin to grant you the DR Backup Admin (`dr-backup-admin`) cluster role.\n - DR System Admin: manage objects in dr-system namespace for setting up management cluster backups. Ask your Organization IAM Admin to grant you the DR System Admin (`dr-system-admin`) role.\n\n### Create bucket on the backup site\n\nCreate a bucket on the backup site:\n\n1. Use the gdcloud CLI to create a bucket in the backup site:\n\n gdcloud dr buckets create --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e: the identifier of the source site as chosen by the customer. For example, `us-west`.\n - \u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e: the cluster name for the cluster such as `root-admin`.\n - \u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e: the path of saved bucket configuration file.\n2. Store the bucket configuration locally in JSON format:\n\n gdcloud dr buckets describe --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e \\\n --output-path=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n3. Modify the endpoint field in the configuration for the remote backup use case. Append port `:8082` to the URL: For example, `https://objectstorage.zone1.google.gdch.test` becomes\n `https://objectstorage.zone1.google.gdch.test:8082`.\n\n### Create backup repository on the source site\n\nCreate a backup repository by loading the bucket config file in the source site: \n\n gdcloud dr backup-repositories create\n --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e\n --bucket-config-file=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n### Create backup plans for infrastructure and Management API servers\n\nCreate a `BackupPlan` resource on both the infrastructure and Management control planes using `kubectl`: \n\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-mp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n ---\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-cp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan. resource on the infrastructure cluster management plane.\n- \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan resource on the infrastructure cluster control plane.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e: the chosen namespace to backup in the Management API server.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e: the chosen namespace to backup in the infrastructure API server.\n\nThese backup plans follow these rules:\n\n- Backs up the selected namespace every 24 hours. This frequency can be adjusted by modifying the `cronSchedule` field.\n- The backup includes volume data and uses a provisioner specific strategy.\n- A retention policy is set to keep backups for 40 days. You can adjust `backupRetainDays` and `backupDeleteLockDays` to meet your data retention policies.\n\nPerform the restoration\n-----------------------\n\nYou must escalate and instruct an Infrastructure Operator (IO) to perform the\nrestore on your behalf. Provide the necessary information such as the name of\nthe `BackupRepository` and `BackupPlan` resource. For more information on\naudience groups in GDC, see\n[Documentation audiences](/distributed-cloud/hosted/docs/latest/gdch/resources/audiences)."]]