Comments (5)
I think this will be solved by including the Backup-restore operator CRDs in the resourceSet. Will check this and update the resourceset accordingly
This is not needed
from backup-restore-operator.
The main reason behind "Unauthorized" errors is the service account tied to the pod.
We configure the operator pod to use the serviceaccount that has cluster-admin role. When this service account is created, k8s also creates a secret associated with it and mounts it in the pod. During restore, since prune is enabled by default, this secret gets deleted.
So if we restore with prune=false we shouldn't see this error. But that leads to the duplicate "Default" and "System" projects issue
from backup-restore-operator.
The following steps should be used for restoring to a new cluster for the DR use case, which will ensure the operator pod retains its serviceaccount and associated secret
- Install the backup-restore-operator on the new cluster using Helm CLI
- Restore from backup AND set prune=false
- This restore also adds in the secret associated with the helm release of rancher from cluster 1. So run
helm upgrade
instead ofhelm install
and bring up rancher.
Discussed this offline with @cloudnautique and there is no need to bring up rancher first on the new cluster and then launch the operator from dashboard, if we're restoring from backup, it makes sense for the operator to bring up the entire setup. Will test these steps once again
from backup-restore-operator.
Steps
- helm install backup-restore-operator-crd rancherchart/backup-restore-operator-crd -n cattle-resources-system --create-namespace
- helm install backup-restore-operator rancherchart/backup-restore-operator -n cattle-resources-system
- kubectl apply -f migrationResource.yaml where prune=false
Helm3 stores chart release info as a secret, so rancher chart from cluster1 is stored as secret in cattle-system namespace, which gets backed up and created on the new cluster due to restore. So now no need to reinstall rancher, we just need to upgrade it - (If needed, also follow steps to install cert-manager from rancher HA install docs)
- helm upgrade rancher rancher-alpha/rancher --version 2.5.0-alpha1 --namespace cattle-system --set hostname= --set rancherImageTag=master-head --set webhook.enabled=false
should work with above steps, moving to test as no actual change is needed in the operator or the chart
from backup-restore-operator.
Verified on master-head - commit id: ad697207
- Deploy rancher HA setup.
- Deploy a couple of user clusters.
- deploy backup restore chart/app in the local cluster.
- Take a backup b1 which is saved
- Delete the local cluster nodes for this HA setup
- Deploy a new RKE cluster (3 nodes all roles). Add this node to the target groups/load balancer.
- Install the backup-restore-operator chart on the new cluster using Helm CLI
helm repo add rancherchart https://charts.rancher.io
helm repo update
helm install backup-restore-operator-crd rancherchart/backup-restore-operator-crd -n cattle-resources-system --create-namespace
helm install backup-restore-operator rancherchart/backup-restore-operator -n cattle-resources-system
- Restore from backup using a restore CR and prune must be set to false. Like this
- Install certs - https://rancher.com/docs/rancher/v2.x/en/installation/k8s-install/helm-rancher/#5-install-cert-manager
- Bring up rancher by
helm upgrade rancher rancher-alpha/rancher --version 2.5.0-alpha1 --namespace cattle-system --set hostname=<same hostname as first rancher server> --set rancherImageTag=master-head
- When rancher comes up, the user clusters come up fine.
- Deploy a backup CR.
- Backup gets saved successfully in S3.
from backup-restore-operator.
Related Issues (20)
- Required policy to access bucket? HOT 1
- Impossible to store backups in AWS S3 eu-south-2 (Spain) region HOT 1
- [2.7] Update Wrangler Go Package HOT 6
- Backup not stored to S3: Request Entity Too Large HOT 2
- no kind "Backup" is registered for version "resources.cattle.io/v1" HOT 2
- Avoid restoring system cluster resources HOT 4
- rancher-charts repo doesn't have latest version? HOT 4
- Add initial Renovate configuration HOT 5
- Add Hull coverage to Rancher Backups HOT 1
- Add prometheus metrics to backups HOT 2
- restore is not working: Error restoring CRDs restoreCRDs: restoreResource: err creating resource the server could not find the requested resource HOT 2
- Issues with restoring rancher.cattle.io resources, cannot update userName for creator-cluster-owner HOT 1
- Unable to perform a restore when Rancher resides in an AKS cluster with a imported generic cluster HOT 2
- Backup fails due to retention enforcement on a versioned AWS S3 bucket.
- test issue HOT 1
- Restoring rancher mgr from minio/s3 backup results in "creatorID annotation cannot be changed" for vsphere downstream HOT 8
- Migration from k3s local cluster to rke2 breaks with config restore HOT 4
- [Feature Request] Restore Resource Patches
- Kubernetes 1.28 support for Backup/Restore Operator HOT 1
- Kubernetes 1.29 support for Backup/Restore Operator
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backup-restore-operator.