Plan a set of backups


This page describes how to create a Backup for GKE backup plan, which is used for backing up your workloads in Google Kubernetes Engine (GKE).

Backup plans provide the configuration, location, and management functions for a sequence of backups. A backup plan contains a backup configuration including the source cluster, the selection of which workloads to back up, and the region in which backup artifacts produced under this plan are stored.

You can create one or more backup plans for each cluster. There are two main reasons why you might want more than one backup plan for a cluster:

  • You want to store your backup artifacts in multiple regions. In this case, create a backup plan for each region in which you want to store backups.
  • You want to partition the backups of your cluster, for example:

    • Instead of one very large backup taken at a single time of the day, you want multiple smaller backups distributed throughout the day.
    • You want to back up some portions of your cluster more often than others (such as daily backups for some namespaces and hourly backups for others).

We recommend that every cluster has at least one backup plan.

We also recommend that you define a cron schedule for the backup plan, so that backups are automatically created according to that schedule. You can also manually back up your workloads. After you create a backup plan, you can create a backup for that plan.

Before you begin

Install Backup for GKE.

Create a backup plan

Create a backup plan by using the gcloud CLI or the Google Cloud console.

gcloud

To create a backup plan with a schedule, run the following command:

gcloud beta container backup-restore backup-plans create BACKUP_PLAN \
    --project=PROJECT_ID \
    --location=LOCATION \
    --cluster=CLUSTER \
    --all-namespaces \
    --include-secrets \
    --include-volume-data \
    --encryption-key=ENCRYPTION_KEY
    --cron-schedule=SCHEDULE \
    --backup-retain-days=RETAIN_DAYS \
    --backup-delete-lock-days DELETE_LOCK_DAYS \
    --locked

Replace the following:

  • BACKUP_PLAN: the name of the backup plan that you want to create.
  • PROJECT_ID: the ID of your Google Cloud project.
  • LOCATION: the compute region for the resource, for example us-central1. See About resource locations.
  • CLUSTER: the relative path to the cluster:
    • Regional clusters: projects/PROJECT_ID/locations/REGION/clusters/CLUSTER_NAME
    • Zonal clusters: projects/PROJECT_ID/locations/ZONE/clusters/CLUSTER_NAME
  • CLUSTER_NAME: the name of the cluster to back up.
  • --all-namespaces: backs up all namespaces for the cluster. Alternatively, specify --selected-applications with a list of applications to back up or --selected-namespaces with a list of namespaces to back up. You must specify one of these options when creating a backup plan.
  • --include-secrets: (Optional) includes Secret resources if they are in the scope of the backup.
  • --include-volume-data: (Optional) includes persistent volume data in the backup. Omit this flag if you want to create empty volumes during restore.
  • ENCRYPTION_KEY: (Optional) defines the path to a customer-managed encryption key. See About CMEK encryption.
  • SCHEDULE: (Optional) defines a schedule that automatically creates backups and supports standard cron syntax. For example "10 3 * * *" creates a backup at 3:10 AM every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
  • RETAIN_DAYS: (Required if SCHEDULE is set) the number of days to keep the backup. Backups for this plan are automatically deleted after this period expires.
  • DELETE_LOCK_DAYS: (Optional) the number of days during which backups cannot be deleted. If this value is set, then backups created for that plan cannot be deleted (either automatically or manually) until that lifetime expires.

  • --locked: (Optional) locks the retention policy for the backup plan.

For the full list of options, refer to the gcloud beta container backup-restore backup-plans create documentation.

Console

Perform the following tasks in the console:

  1. Go to the Google Kubernetes Engine page in the console.

    Go to Google Kubernetes Engine

  2. In the navigation menu, click Backup for GKE.

  3. Click Create a backup plan.

  4. In the Plan details section, complete the following and click Next:

    1. Select the cluster to back up.
    2. Enter the backup plan name and optional description.
    3. Choose a location for the backup.
  5. (Optional) In the Scope and encryption section, complete the following and click Next:

    1. Select the scope for the backup plan:

      1. Click All namespaces to back up all namespaced resources in the backup.
      2. Click Selected namespaces within this cluster to choose the namespaces you want to include in the backup plan.
      3. Click Selected protected applications within this cluster to add resources by specifying the namespace and application name.
    2. Click the Include Secrets checkbox to include Kubernetes Secret resources.

    3. Click the Include persistent volume data checkbox if you want the volume data in your backup. Clear this checkbox if you want to create empty volumes during restore.

    4. To enable CMEK encryption, you must first grant the access to the appropriate CMEK keys (see About CMEK encryption).

      1. Click the Use a customer-managed encryption key checkbox to select a key.
  6. (Optional) In the Schedule and retention section, complete the following and click Next:

    1. To define a schedule, in the CRON string field, enter an expression using standard cron syntax. For example, 10 3 * * * creates a backup at 0310 every day. All times are interpreted as UTC. The minimum interval between scheduled backups is 10 minutes.
    2. Set the number of days to retain the backup before the backup is automatically deleted.
    3. Set the number of days during which backups cannot be deleted.
    4. To lock the retention policy, click the lock icon to turn the lock from Off to On.
  7. Review the backup plan details and click Create plan.

View a backup plan

View a backup plan and its details by using the gcloud CLI or the console.

gcloud

To list all the backup plans within the project and region, run the following command:

gcloud beta container backup-restore backup-plans list \
    --project=PROJECT_ID \
    --location=LOCATION

For list commands only, you can provide - as the value for any parameters except PROJECT_ID. The - value acts as a wildcard. The - value is the default for any parameter if you do not specify a command-line option or set a property.

For the full list of options, refer to the gcloud beta container backup-restore backup-plans list documentation.

To see the details of a backup plan, run the following command:

gcloud beta container backup-restore backup-plans describe BACKUP_PLAN \
     --project=PROJECT_ID \
     --location=LOCATION

For the full list of options, refer to the gcloud beta container backup-restore backup-plans describe documentation.

Console

Perform the following tasks in the console:

  1. Go to the Google Kubernetes Engine page in the console.

    Go to Google Kubernetes Engine.

  2. In the navigation menu, click Backup for GKE.

  3. Click the Backup Plans tab.

  4. Expand the cluster and click the plan name.

  5. Click the Details tab to see the plan details.

Update a backup plan

Update a backup plan by using the gcloud CLI or the console.

gcloud

To update a backup plan, for example by adding a new description, run the following command:

gcloud beta container backup-restore backup-plans update BACKUP_PLAN \
    --project=PROJECT_ID \
    --location=LOCATION \
    --description=DESCRIPTION

For the full list of options, refer to the gcloud beta container backup-restore backup-plans update documentation.

Console

Perform the following tasks in the console:

  1. Go to the Google Kubernetes Engine page in the console.

    Go to Google Kubernetes Engine

  2. In the navigation menu, click Backup for GKE.

  3. Click the Backup Plans tab.

  4. Expand the cluster and click the plan name.

  5. Click the Details tab to edit the plan details.

  6. Click Edit to edit a plan section and click Save changes.

Pause a backup schedule

You can pause your backup schedule. While the schedule is paused, automatic backups are not created. You can still create backups manually.

gcloud

To pause a backup schedule, run the following command:

gcloud beta container backup-restore backup-plans update BACKUP_PLAN \
    --project=PROJECT_ID \
    --location=LOCATION \
    --paused

For the full list of options, refer to the gcloud beta container backup-restore backup-plans update documentation.

Console

Perform the following tasks in the console:

  1. Go to the Google Kubernetes Engine page in the console.

    Go to Google Kubernetes Engine

  2. In the navigation menu, click Backup for GKE.

  3. Click the Backup Plans tab.

  4. Expand the cluster and click the plan name.

  5. Click Pause Schedule and then click Pause Schedule in the confirmation dialog.

Delete a backup plan

You can delete a backup plan by using the gcloud CLI or the console. You cannot delete a backup plan if the plan contains any backups.

gcloud

To delete a backup plan, run the following command:

gcloud beta container backup-restore backup-plans delete BACKUP_PLAN \
    --project=PROJECT_ID \
    --location=LOCATION

For the full list of options, refer to the gcloud beta container backup-restore backup-plans delete documentation.

Console

Perform the following tasks in the console:

  1. Go to the Google Kubernetes Engine page in the console.

    Go to Google Kubernetes Engine

  2. In the navigation menu, click Backup for GKE.

  3. Click the Backup Plans tab.

  4. Expand the cluster and click the plan name.

  5. Click Delete plan.

  6. Type the backup plan name and then click Delete backup plan in the confirmation dialog.

What's next