Basic disaster recovery scenario
This guide explain how to recover the declared state from an existing Git repository.
Prerequisites
- A new Kubernetes cluster.
- BYO Git repository URL and credentials (the repository used in the original installation).
- Sealed-secrets key pair backup exported from the original cluster.
Configure recovery mode
-
Edit the
values.yamlfile used for the original BYO Git installation. -
Add
installation.mode: recoveryand embed the contents of thesealed-secrets-key.yamlexported underinstallation.recovery.manifests:installation: mode: recovery recovery: manifests: apiVersion: v1 items: - apiVersion: v1 data: tls.crt: <base64-encoded certificate> tls.key: <base64-encoded private key> kind: Secret metadata: labels: sealedsecrets.bitnami.com/sealed-secrets-key: active name: sealed-secrets-key namespace: sealed-secrets type: kubernetes.io/tls kind: List metadata: resourceVersion: ""The values for
tls.crtandtls.keycome directly from thesealed-secrets-key.yamlbackup file — they are already base64-encoded. See Sealed Secrets Key Recovery for the export command. -
Install the platform:
helm install apl apl/apl -f values.yaml
What happens in recovery mode
When the operator starts in recovery mode:
- It bootstraps the App Platform and deploys the sealed-secrets controller.
- Then it clones the existing BYO Git repository and applies the manifests to the cluster.
- The sealed-secrets controller decrypts the existing
SealedSecretmanifests from the BYO Git repository using the restored key.
For more information on the sealed-secrets key pair and backup procedures, see Sealed Secrets Key Recovery.
