Move GKE cluster from one project to another

Question

Just thinking., Is there a possibility to move one of the GKE standard cluster from one GCP project to another project.? If someone has explored a way to do this please do share.

score 2 · Answer 1 · answered Jul 29 '21 at 11:38

2

No, you can't migrate a cluster from a project to another one. You need to copy your cluster, I mean, you need to redeploy your resources (it's quite easy, simply apply your yaml and that's all!!) and copy the data.

This last part is the hardest and depends on how your data are stored, inside the cluster, or in external services (Cloud SQL, Spanner,...). That is the tricky part.

answered Jul 29 '21 at 11:38

guillaume blaquiere

66,369
2
47
76

1

Thanks ., Yes the challenge was about SQL.. We have to take backup and restore it on the other. – Nishchal Dinesh Jul 29 '21 at 15:06
1

Isnt that possible using tools like velero.?? Taking the kubernetes cluster backup using velero .?? @guillaume – Nishchal Dinesh Jul 30 '21 at 02:54
I don't know velero tools. Most of the time I use home made solution to migrate data. – guillaume blaquiere Jul 30 '21 at 08:32

score 0 · Answer 2 · answered Jul 26 '23 at 14:58

As an option, you can re-create the cluster and migrate workloads (deployments, secrets, persistent volumes, etc.) using Backup for GKE.

Step-by-step:

Re-create the GKE cluster & node pools in another project with the same configuration (taints, node pools names, etc.).
Migrate workloads - create a backup of the original cluster and restore it to the target GKE cluster in another project. You can use UI to create a backup for the original cluster workloads, and use gcloud to create restore plan and restore workloads on the target cluster in another project (you need to use CLI/gcloud to restore the backup in another project because UI doesn't support this case, just specify target cluster & project with required operation arguments).
Keep in mind that you need to assign proper IAM roles to the target GKE cluster service account to have access to the source GKE cluster backups (otherwise, you will get a forbidden error message during the restore operation). See required IAM roles for backup/restore.
Also, you can face with the following error: googleapi: Error 403: Permission 'gkebackup.backups.execute' denied. To resolve this, you need to assign the proper IAM role to the special service account Kubernetes Engine Service Agent (service-xxxxx@container-engine-robot.iam.gserviceaccount.com) from the target project (where do you want to restore). IAM role (it could be Backup for GKE Admin) should be assigned on the source project (a project with GKE backups) to the mentioned service account `service-xxxxx@container-engine-robot.iam.gserviceaccount.com).

Move GKE cluster from one project to another

2 Answers2