Install Backup for GKE

Standard

This page describes how to enable Backup for GKE.

Before you begin

Before you start, make sure you have performed the following tasks:

Enable the Google Kubernetes Engine API.

If you want to use the Google Cloud CLI for this task, install and then initialize the gcloud CLI.
Note: For existing gcloud CLI installations, make sure to set the compute/region and compute/zone properties. By setting default locations, you can avoid errors in gcloud CLI like the following: One of [--zone, --region] must be supplied: Please specify location.

Enable the Backup for GKE API

You must enable the Backup for GKE service in your project before you can set up backups and restores for any GKE clusters in that project. You can enable the Backup for GKE service by using the Google Cloud CLI or the Google Cloud console.

gcloud

To enable the Backup for GKE service, run the following command:

gcloud services enable gkebackup.googleapis.com

Console

In the Google Cloud console, enable the Backup for GKE API:

Enable the API

Enable Backup for GKE on a new cluster

When you enable Backup for GKE on your cluster, the Backup for GKE agent is installed into your cluster. You can create a new cluster with Backup for GKE enabled by using the gcloud CLI or the Google Cloud console.

gcloud

To install the Backup for GKE agent, add the following parameter: --addons=BackupRestore to the Google Cloud CLI cluster creation command.

The following example shows how you can create a 1.24 cluster with the Backup for GKE agent installed:

gcloud container clusters create CLUSTER_NAME \
    --project=PROJECT_ID  \
    --region=COMPUTE_REGION \
    --cluster-version=1.24.2-gke.1900 \
    --addons=BackupRestore

If your GKE clusters are running 1.23 or lower, you also need to install Workload Identity. The following example shows how you can create a 1.22 cluster with the Backup for GKE agent and Workload Identity enabled:

gcloud container clusters create CLUSTER_NAME \
    --project=PROJECT_ID  \
    --region=COMPUTE_REGION \
    --cluster-version=1.22.12-gke.300 \
    --workload-pool=PROJECT_ID.svc.id.goog \
    --addons=BackupRestore

Replace the following:

CLUSTER_NAME: the name of the cluster to back up.
PROJECT_ID: the ID of your Google Cloud project.
COMPUTE_REGION: the Compute Engine region for the cluster, for example us-central1. For zonal clusters, use --zone=COMPUTE_ZONE instead.

Console

Perform the following tasks in the Google Cloud console:

Go to the Google Kubernetes Engine page in the Google Cloud console.

Go to Google Kubernetes Engine
Click Create.
In the Standard section, click Configure.
Specify a name and location for the cluster.
In the navigation menu, click Security and then select the Enable Workload Identity checkbox (if creating a version 1.23 or lower cluster).
In the navigation menu, click Features page and then select the Enable Backup for GKE checkbox.
Click Create.

Enable Backup for GKE on an existing cluster

You can enable Backup for GKE on an existing cluster by using the gcloud CLI or the Google Cloud console.

gcloud

When updating a cluster, specify the following options in the gcloud CLI:

gcloud container clusters update CLUSTER_NAME \
   --project=PROJECT_ID  \
   --region=COMPUTE_REGION \
   --update-addons=BackupRestore=ENABLED

Console

Perform the following tasks in the Google Cloud console:

Go to the Google Kubernetes Engine page in the Google Cloud console.

Go to Google Kubernetes Engine
Click the name of the cluster that you want to update.
In the Features section, click Edit for Backup for GKE.
Select the Enable Backup for GKE checkbox.
Click Save Changes.

Verify that Backup for GKE is enabled on your cluster

You can verify that your cluster is using Backup for GKE with the gcloud CLI or the Google Cloud console.

gcloud

Describe the cluster:

gcloud container clusters describe CLUSTER_NAME \
    --project=PROJECT_ID  \
    --region=COMPUTE_REGION

If Backup for GKE is enabled, the output of the command includes these lines:

addonsConfig:
  gkeBackupAgentConfig:
    enabled: true

Console

Perform the following tasks in the Google Cloud console:

Go to the Google Kubernetes Engine page in the Google Cloud console.

Go to Google Kubernetes Engine
Click the name of the cluster that you want to inspect.
In the Features section, verify that Backup for GKE is Enabled.

Disable Backup for GKE on an existing cluster

You can disable Backup for GKE with the gcloud CLI or the Google Cloud console.

gcloud

When updating an existing cluster, specify the --update-addons=BackupRestore=DISABLED option in the gcloud CLI:

gcloud container clusters update CLUSTER_NAME \
    --project=PROJECT_ID  \
    --region=COMPUTE_REGION \
    --update-addons=BackupRestore=DISABLED

Console

Perform the following tasks in the Google Cloud console:

Go to the Google Kubernetes Engine page in the Google Cloud console.

Go to Google Kubernetes Engine
Click the name of the cluster that you want to inspect.
In the Features section, click Edit for Backup & Restore.
Clear the Enable Backup for GKE checkbox.
Click Save Changes.

What's next

Learn more about defining custom backups.
Learn more about planning a set of backups.