gke-backup-dr
GKE Backup & Disaster Recovery Skill
This skill provides workflows for protecting your stateful workloads on GKE using Backup for GKE.
Workflows
1. Enable Backup for GKE
Backup for GKE must be enabled on the cluster level.
Command:
gcloud container clusters update <cluster-name> \
--enable-gke-backup \
--region <region>
2. Create a Backup Plan
A Backup Plan defines what to back up, when, and for how long.
Command to create a backup plan:
gcloud container backup-restore backup-plans create <plan-name> \
--cluster=<cluster-name> \
--region=<region> \
--retention-days=<days> \
--cron-schedule="<cron-expression>" \
--all-namespaces
[!NOTE] You can replace
--all-namespaceswith--included-namespaces=<namespace1>,<namespace2>to back up specific namespaces instead of all of them.
Encryption Note: You can specify a Customer-Managed Encryption Key (CMEK) to encrypt backups. Add --backup-encryption-key=<key-resource-name> to the create command.
3. Create a Manual Backup
Trigger a backup immediately outside the schedule.
Command:
gcloud container backup-restore backups create <backup-name> \
--backup-plan=<plan-name> \
--region=<region>
4. Restore from Backup
Restore a workload or cluster from a backup.
Command to create a restore plan:
gcloud container backup-restore restore-plans create <restore-plan-name> \
--cluster=<target-cluster-name> \
--region=<region> \
--backup-plan=<source-backup-plan-name> \
--cluster-resource-conflict-policy=USE_EXISTING_VERSION \
--namespaced-resource-restore-mode=FAIL_ON_CONFLICT
Execute the restore:
gcloud container backup-restore restores create <restore-name> \
--restore-plan=<restore-plan-name> \
--backup=<backup-name> \
--region=<region>
Best Practices
- Automate Backups: Always use a cron schedule for production workloads.
- Test Restores: Regularly test restoring backups to a separate namespace or cluster to ensure data integrity.
- Cross-Region DR: Consider storing backups in a different region or setting up a cross-region restore plan for disaster recovery.
- Secure Backups: Use Customer-Managed Encryption Keys (CMEK) to encrypt backups for compliance and security.
More from googlecloudplatform/gke-mcp
gke-reliability
Workflows for ensuring high availability and reliability of GKE workloads.
2gke-storage
Guidance on managing storage in Google Kubernetes Engine (GKE) clusters.
2gke-app-onboarding
Workflows for containerizing and deploying applications to GKE for the first time.
2gke-workload-security
Workflows for auditing and hardening the security of GKE workloads.
2gke-cost-optimization
Guidance on optimizing costs for Google Kubernetes Engine (GKE) clusters.
2gke-networking-edge
Workflows for configuring edge networking, ingress, and security on GKE.
2