Configurar a recuperação de desastres para um cluster
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Esta página fornece instruções sobre como configurar a recuperação de desastres para
cargas de trabalho em clusters no Google Distributed Cloud (GDC) com isolamento físico.
Como administrador da plataforma (PA, na sigla em inglês), você precisa criar um bucket, um repositório de backup e um plano de backup para um cluster especificado.
Depois que esses recursos forem criados, informe um operador de infraestrutura
(IO) para concluir a restauração.
Antes de começar
Para configurar a recuperação de desastres de um cluster, você precisa ter o seguinte:
Administrador de backup de DR: realiza backups de recuperação de desastres. Peça ao administrador do IAM da organização para conceder a você o papel de Administrador de backup de DR (dr-backup-admin) do cluster.
Administrador do sistema de DR: gerencia objetos no namespace dr-system para
configurar backups do cluster de gerenciamento. Peça ao administrador do IAM da organização para conceder a você o papel de administrador do sistema de DR (dr-system-admin).
Criar um bucket no local do backup
Crie um bucket no local do backup:
Use a CLI gdcloud para criar um bucket no local do backup:
Modifique o campo de endpoint na configuração para o caso de uso de backup remoto. Anexe a porta :8082 ao URL. Por exemplo, https://objectstorage.zone1.google.gdch.test se torna
https://objectstorage.zone1.google.gdch.test:8082.
Criar um repositório de backup no local de origem
Crie um repositório de backup carregando o arquivo de configuração do bucket no local de origem:
MANAGEMENT_BACKUP_PLAN_NAME: o nome escolhido para o recurso do plano de backup no plano de gerenciamento do cluster de infraestrutura.
INFRASTRUCTURE_BACKUP_PLAN_NAME: o nome escolhido para o recurso do plano de backup
no plano de controle do cluster de infraestrutura.
NAMESPACE_MP: o namespace escolhido para backup no servidor da API Management.
NAMESPACE_CP: o namespace escolhido para fazer backup no servidor da API de infraestrutura.
Esses planos de backup seguem estas regras:
Faz backup do namespace selecionado a cada 24 horas. Essa frequência pode ser ajustada modificando o campo cronSchedule.
O backup inclui dados de volumes e usa uma estratégia específica do provisionador.
Uma política de retenção está definida para manter backups por 40 dias. Você pode ajustar backupRetainDays e backupDeleteLockDays para atender às suas políticas de retenção de dados.
Realizar a restauração
Você precisa fazer o encaminhamento para um operador de infraestrutura (IO) para realizar a
restauração em seu nome. Forneça as informações necessárias, como o nome dos recursos BackupRepository e BackupPlan. Para mais informações sobre
grupos de público-alvo no GDC, consulte
Públicos-alvo da documentação.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-05 UTC."],[[["\u003cp\u003eThis page guides Platform Administrators (PAs) through configuring disaster recovery for cluster workloads in Google Distributed Cloud (GDC) air-gapped environments.\u003c/p\u003e\n"],["\u003cp\u003ePAs must create a bucket, a backup repository linked to this bucket, and a backup plan to schedule regular backups for a specified cluster.\u003c/p\u003e\n"],["\u003cp\u003eConfiguring disaster recovery requires specific Kubernetes cluster access and the \u003ccode\u003edr-backup-admin-mp\u003c/code\u003e and \u003ccode\u003edr-system-admin-mp\u003c/code\u003e identity and access roles.\u003c/p\u003e\n"],["\u003cp\u003eOnce the bucket, repository, and plan are created, PAs need to inform an Infrastructure Operator (IO) to complete the restoration process.\u003c/p\u003e\n"],["\u003cp\u003eThe created backup plan will backup the specified namespace every ten minutes, include volume data using a local snapshot strategy, and has a retention policy set to retain backups for ten days.\u003c/p\u003e\n"]]],[],null,["# Configure disaster recovery for a cluster\n\nThis page provides instructions for how to configure disaster recovery for\ncluster workloads in Google Distributed Cloud (GDC) air-gapped.\n\nAs a Platform Administrator (PA), you must create a bucket, backup repository,\nand a backup plan for a specified cluster.\n\nOnce these resources are created, you must inform an Infrastructure Operator\n(IO) to complete the restore.\n\nBefore you begin\n----------------\n\nTo configure disaster recovery for a cluster, you must have the following:\n\n- Access to the Kubernetes cluster you want to create the restore for. For more information, see [Kubernetes cluster overview](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/clusters).\n- The necessary identity and access roles:\n - DR Backup Admin: performs disaster recovery backups. Ask your Organization IAM Admin to grant you the DR Backup Admin (`dr-backup-admin`) cluster role.\n - DR System Admin: manage objects in dr-system namespace for setting up management cluster backups. Ask your Organization IAM Admin to grant you the DR System Admin (`dr-system-admin`) role.\n\n### Create bucket on the backup site\n\nCreate a bucket on the backup site:\n\n1. Use the gdcloud CLI to create a bucket in the backup site:\n\n gdcloud dr buckets create --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e: the identifier of the source site as chosen by the customer. For example, `us-west`.\n - \u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e: the cluster name for the cluster such as `root-admin`.\n - \u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e: the path of saved bucket configuration file.\n2. Store the bucket configuration locally in JSON format:\n\n gdcloud dr buckets describe --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e \\\n --source-site=\u003cvar translate=\"no\"\u003eSOURCE_SITE\u003c/var\u003e \\\n --output-path=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n3. Modify the endpoint field in the configuration for the remote backup use case. Append port `:8082` to the URL: For example, `https://objectstorage.zone1.google.gdch.test` becomes\n `https://objectstorage.zone1.google.gdch.test:8082`.\n\n### Create backup repository on the source site\n\nCreate a backup repository by loading the bucket config file in the source site: \n\n gdcloud dr backup-repositories create\n --cluster=\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e\n --bucket-config-file=\u003cvar translate=\"no\"\u003eBUCKET_CONFIG_FILE\u003c/var\u003e\n\n### Create backup plans for infrastructure and Management API servers\n\nCreate a `BackupPlan` resource on both the infrastructure and Management control planes using `kubectl`: \n\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-mp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n ---\n apiVersion: backup.gdc.goog/v1\n kind: BackupPlan\n metadata:\n name: \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e\n namespace: dr-system\n spec:\n clusterName: infra-cp\n backupSchedule:\n cronSchedule: \"0 0 * * *\"\n paused: false\n backupConfig:\n backupScope:\n selectedNamespaces:\n namespaces:\n - \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e\n backupRepository: dr-backup-repo\n includeVolumeData: true\n volumeStrategy: ProvisionerSpecific\n retentionPolicy:\n backupDeleteLockDays: 40\n backupRetainDays: 40\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eMANAGEMENT_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan. resource on the infrastructure cluster management plane.\n- \u003cvar translate=\"no\"\u003eINFRASTRUCTURE_BACKUP_PLAN_NAME\u003c/var\u003e: your chosen name for the backup plan resource on the infrastructure cluster control plane.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_MP\u003c/var\u003e: the chosen namespace to backup in the Management API server.\n- \u003cvar translate=\"no\"\u003eNAMESPACE_CP\u003c/var\u003e: the chosen namespace to backup in the infrastructure API server.\n\nThese backup plans follow these rules:\n\n- Backs up the selected namespace every 24 hours. This frequency can be adjusted by modifying the `cronSchedule` field.\n- The backup includes volume data and uses a provisioner specific strategy.\n- A retention policy is set to keep backups for 40 days. You can adjust `backupRetainDays` and `backupDeleteLockDays` to meet your data retention policies.\n\nPerform the restoration\n-----------------------\n\nYou must escalate and instruct an Infrastructure Operator (IO) to perform the\nrestore on your behalf. Provide the necessary information such as the name of\nthe `BackupRepository` and `BackupPlan` resource. For more information on\naudience groups in GDC, see\n[Documentation audiences](/distributed-cloud/hosted/docs/latest/gdch/resources/audiences)."]]