This page describes how to back up and restore an admin cluster, including its etcd data, secrets and certificates, using the gkectl command. You can also back up and restore an admin cluster manually.
Back up an admin cluster
You can set up admin cluster backups so they are automatically performed before and after cluster creation, update and upgrade for user and admin clusters. You can also perform an on-demand backup whenever you deem it necessary.
An admin cluster backup includes admin cluster etcd data, secrets and certificates. The size of a backup can range from 3 MB–100 MB depending on the size of the cluster.
Enable the admin cluster backup feature
By default this feature is disabled. To enable the admin cluster backup feature:
Add the following section to the admin cluster configuration file:
clusterBackup: datastore: DATASTORE
Replace DATASTORE with the datastore where you want to store the backup. The datastore must be in the same datacenter as the admin cluster. Backups are located in the anthos-backup/DATADISK_PATH directory of the specified datastore.
Update the admin cluster:
gkectl update admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
Replace:
- ADMIN_CLUSTER_KUBECONFIG with the path of your admin cluster kubeconfig file.
- ADMIN_CLUSTER_CONFIG with the path of your admin cluster configuration file.
Disable the admin cluster backup feature
Remove the
clusterBackup
section from the admin cluster configuration file.clusterBackup: datastore: DATASTORE
Update the admin cluster with this change, using this command:
gkectl update admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
Updating the backup datastore
Once you have enabled this backup feature, further updates to clusterBackup.datastore
using gkectl update
are not supported.
On-demand backup
To trigger an on-demand admin cluster backup, run the following command:
gkectl backup admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG
Limit on number of backups
You can have a maximum total of six backups, divided into a maximum of three on-demand backups, and a maximum of three backups from cluster update, upgrade or create operations. These backups are automatically rotated should these limits be exceeded. No manual intervention is necessary.
Restore an admin cluster
You should restore an admin cluster only when it is completely broken with data loss or corruption. For example,
- The admin master data disk is lost or corrupted.
- The admin cluster's etcd is lost or corrupted.
- The admin cluster's control plane secrets and certificates are lost or corrupted.
Do not use this approach to restore a working admin cluster to an arbitrary previous state. This restore feature should not be used as a way to revert admin cluster operations such as a cluster update or cluster upgrade.
To recreate the admin cluster from a backup, run the following command:
gkectl repair admin-master --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config ADMIN_CLUSTER_CONFIG --restore-from-backup
This command retrieves all of the backups of this admin cluster from the datastore defined in the clusterBackup
section of the admin cluster configuration file, and it prompts you to select the one from which you want to use to restore the admin cluster.