Disaster recovery for a hosted cluster within an AWS region

In a situation where you need disaster recovery (DR) for a hosted cluster, you can recover a hosted cluster to the same region within AWS. For example, you need DR when the upgrade of a management cluster fails and the hosted cluster is in a read-only state.

Hosted control planes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.

The DR process involves three main steps:

  1. Backing up the hosted cluster on the source management cluster

  2. Restoring the hosted cluster on a destination management cluster

  3. Deleting the hosted cluster from the source management cluster

Your workloads remain running during the process. The Cluster API might be unavailable for a period, but that will not affect the services that are running on the worker nodes.

Both the source management cluster and the destination management cluster must have the —external-dns flags to maintain the API server URL, as shown in this example:

Example: External DNS flags
  1. external-dns-provider=aws \
  2. external-dns-credentials=<AWS Credentials location> \
  3. external-dns-domain-filter=<DNS Base Domain>

If you do not include the —external-dns flags to maintain the API server URL, the hosted cluster cannot be migrated.

Example environment and context

Consider an scenario where you have three clusters to restore. Two are management clusters, and one is a hosted cluster. You can restore either the control plane only or the control plane and the nodes. Before you begin, you need the following information:

  • Source MGMT Namespace: The source management namespace

  • Source MGMT ClusterName: The source management cluster name

  • Source MGMT Kubeconfig: The source management kubeconfig file

  • Destination MGMT Kubeconfig: The destination management kubeconfig file

  • HC Kubeconfig: The hosted cluster kubeconfig file

  • SSH key file: The SSH public key

  • Pull secret: The pull secret file to access the release images

  • AWS credentials

  • AWS region

  • Base domain: The DNS base domain to use as an external DNS

  • S3 bucket name: The bucket in the AWS region where you plan to upload the etcd backup

This information is shown in the following example environment variables.

Example environment variables

  1. SSH_KEY_FILE=${HOME}/.ssh/id_rsa.pub
  2. BASE_PATH=${HOME}/hypershift
  3. BASE_DOMAIN="aws.sample.com"
  4. PULL_SECRET_FILE="${HOME}/pull_secret.json"
  5. AWS_CREDS="${HOME}/.aws/credentials"
  6. AWS_ZONE_ID="Z02718293M33QHDEQBROL"
  8. CONTROL_PLANE_AVAILABILITY_POLICY=SingleReplica
  9. HYPERSHIFT_PATH=${BASE_PATH}/src/hypershift
  10. HYPERSHIFT_CLI=${HYPERSHIFT_PATH}/bin/hypershift
  11. HYPERSHIFT_IMAGE=${HYPERSHIFT_IMAGE:-"quay.io/${USER}/hypershift:latest"}
  12. NODE_POOL_REPLICAS=${NODE_POOL_REPLICAS:-2}
  14. # MGMT Context
  15. MGMT_REGION=us-west-1
  16. MGMT_CLUSTER_NAME="${USER}-dev"
  17. MGMT_CLUSTER_NS=${USER}
  18. MGMT_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${MGMT_CLUSTER_NS}-${MGMT_CLUSTER_NAME}"
  19. MGMT_KUBECONFIG="${MGMT_CLUSTER_DIR}/kubeconfig"
  21. # MGMT2 Context
  22. MGMT2_CLUSTER_NAME="${USER}-dest"
  23. MGMT2_CLUSTER_NS=${USER}
  24. MGMT2_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${MGMT2_CLUSTER_NS}-${MGMT2_CLUSTER_NAME}"
  25. MGMT2_KUBECONFIG="${MGMT2_CLUSTER_DIR}/kubeconfig"
  27. # Hosted Cluster Context
  28. HC_CLUSTER_NS=clusters
  29. HC_REGION=us-west-1
  30. HC_CLUSTER_NAME="${USER}-hosted"
  31. HC_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}"
  32. HC_KUBECONFIG="${HC_CLUSTER_DIR}/kubeconfig"
  33. BACKUP_DIR=${HC_CLUSTER_DIR}/backup
  35. BUCKET_NAME="${USER}-hosted-${MGMT_REGION}"
  37. # DNS
  38. AWS_ZONE_ID="Z07342811SH9AA102K1AC"
  39. EXTERNAL_DNS_DOMAIN="hc.jpdv.aws.kerbeross.com"

Overview of the backup and restore process

The backup and restore process works as follows:

  1. On management cluster 1, which you can think of as the source management cluster, the control plane and workers interact by using the ExternalDNS API.

  2. You take a snapshot of the hosted cluster, which includes etcd, the control plane, and the worker nodes. The worker nodes are moved to the external DNS, the control plane is saved in a local manifest file, and etcd is backed up to an S3 bucket.

  3. On management cluster 2, which you can think of as the destination management cluster, you restore etcd from the S3 bucket and restore the control plane from the local manifest file.

  4. By using the External DNS API, the worker nodes are restored to management cluster 2.

  5. On management cluster 2, the control plane and worker nodes interact by using the ExternalDNS API.

You can manually back up and restore your hosted cluster, or you can run a script to complete the process. For more information about the script, see “Running a script to back up and restore a hosted cluster”.

Backing up a hosted cluster

To recover your hosted cluster in your target management cluster, you first need to back up all of the relevant data.

Procedure

  1. Create a configmap file to declare the source management cluster by entering this command:

    1. $ oc create configmap mgmt-parent-cluster -n default --from-literal=from=${MGMT_CLUSTER_NAME}

  2. Shut down the reconciliation in the hosted cluster and in the node pools by entering these commands:

    1. PAUSED_UNTIL="true"
    2. oc patch -n ${HC_CLUSTER_NS} hostedclusters/${HC_CLUSTER_NAME} -p '{"spec":{"pausedUntil":"'${PAUSED_UNTIL}'"}}' --type=merge
    3. oc scale deployment -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --replicas=0 kube-apiserver openshift-apiserver openshift-oauth-apiserver control-plane-operator
    1. PAUSED_UNTIL="true"
    2. oc patch -n ${HC_CLUSTER_NS} hostedclusters/${HC_CLUSTER_NAME} -p '{"spec":{"pausedUntil":"'${PAUSED_UNTIL}'"}}' --type=merge
    3. oc patch -n ${HC_CLUSTER_NS} nodepools/${NODEPOOLS} -p '{"spec":{"pausedUntil":"'${PAUSED_UNTIL}'"}}' --type=merge
    4. oc scale deployment -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --replicas=0 kube-apiserver openshift-apiserver openshift-oauth-apiserver control-plane-operator

  3. Back up etcd and upload the data to an S3 bucket by running this bash script:

    Wrap this script in a function and call it from the main function.

    1. # ETCD Backup
    2. ETCD_PODS="etcd-0"
    3. if [ "${CONTROL_PLANE_AVAILABILITY_POLICY}" = "HighlyAvailable" ]; then
    4.   ETCD_PODS="etcd-0 etcd-1 etcd-2"
    5. fi
    7. for POD in ${ETCD_PODS}; do
    8.   # Create an etcd snapshot
    9.   oc exec -it ${POD} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -- env ETCDCTL_API=3 /usr/bin/etcdctl --cacert /etc/etcd/tls/client/etcd-client-ca.crt --cert /etc/etcd/tls/client/etcd-client.crt --key /etc/etcd/tls/client/etcd-client.key --endpoints=localhost:2379 snapshot save /var/lib/data/snapshot.db
    10.   oc exec -it ${POD} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -- env ETCDCTL_API=3 /usr/bin/etcdctl -w table snapshot status /var/lib/data/snapshot.db
    12.   FILEPATH="/${BUCKET_NAME}/${HC_CLUSTER_NAME}-${POD}-snapshot.db"
    13.   CONTENT_TYPE="application/x-compressed-tar"
    14.   DATE_VALUE=`date -R`
    15.   SIGNATURE_STRING="PUT\n\n${CONTENT_TYPE}\n${DATE_VALUE}\n${FILEPATH}"
    17.   set +x
    18.   ACCESS_KEY=$(grep aws_access_key_id ${AWS_CREDS} | head -n1 | cut -d= -f2 | sed "s/ //g")
    19.   SECRET_KEY=$(grep aws_secret_access_key ${AWS_CREDS} | head -n1 | cut -d= -f2 | sed "s/ //g")
    20.   SIGNATURE_HASH=$(echo -en ${SIGNATURE_STRING} | openssl sha1 -hmac "${SECRET_KEY}" -binary | base64)
    21.   set -x
    23.   # FIXME: this is pushing to the OIDC bucket
    24.   oc exec -it etcd-0 -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -- curl -X PUT -T "/var/lib/data/snapshot.db" \
    25.     -H "Host: ${BUCKET_NAME}.s3.amazonaws.com" \
    26.     -H "Date: ${DATE_VALUE}" \
    27.     -H "Content-Type: ${CONTENT_TYPE}" \
    28.     -H "Authorization: AWS ${ACCESS_KEY}:${SIGNATURE_HASH}" \
    29.     https://${BUCKET_NAME}.s3.amazonaws.com/${HC_CLUSTER_NAME}-${POD}-snapshot.db
    30. done

    For more information about backing up etcd, see “Backing up and restoring etcd on a hosted cluster”.

  4. Back up Kubernetes and OKD objects by entering the following commands. You need to back up the following objects:

    • HostedCluster and NodePool objects from the HostedCluster namespace

    • HostedCluster secrets from the HostedCluster namespace

    • HostedControlPlane from the Hosted Control Plane namespace

    • Cluster from the Hosted Control Plane namespace

    • AWSCluster, AWSMachineTemplate, and AWSMachine from the Hosted Control Plane namespace

    • MachineDeployments, MachineSets, and Machines from the Hosted Control Plane namespace

    • ControlPlane secrets from the Hosted Control Plane namespace

      1. mkdir -p ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS} ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}
      2. chmod 700 ${BACKUP_DIR}/namespaces/
      4. # HostedCluster
      5. echo "Backing Up HostedCluster Objects:"
      6. oc get hc ${HC_CLUSTER_NAME} -n ${HC_CLUSTER_NS} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/hc-${HC_CLUSTER_NAME}.yaml
      7. echo "--> HostedCluster"
      8. sed -i '' -e '/^status:$/,$d' ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/hc-${HC_CLUSTER_NAME}.yaml
      10. # NodePool
      11. oc get np ${NODEPOOLS} -n ${HC_CLUSTER_NS} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/np-${NODEPOOLS}.yaml
      12. echo "--> NodePool"
      13. sed -i '' -e '/^status:$/,$ d' ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/np-${NODEPOOLS}.yaml
      15. # Secrets in the HC Namespace
      16. echo "--> HostedCluster Secrets:"
      17. for s in $(oc get secret -n ${HC_CLUSTER_NS} | grep "^${HC_CLUSTER_NAME}" | awk '{print $1}'); do
      18.     oc get secret -n ${HC_CLUSTER_NS} $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/secret-${s}.yaml
      19. done
      21. # Secrets in the HC Control Plane Namespace
      22. echo "--> HostedCluster ControlPlane Secrets:"
      23. for s in $(oc get secret -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} | egrep -v "docker|service-account-token|oauth-openshift|NAME|token-${HC_CLUSTER_NAME}" | awk '{print $1}'); do
      24.     oc get secret -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/secret-${s}.yaml
      25. done
      27. # Hosted Control Plane
      28. echo "--> HostedControlPlane:"
      29. oc get hcp ${HC_CLUSTER_NAME} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/hcp-${HC_CLUSTER_NAME}.yaml
      31. # Cluster
      32. echo "--> Cluster:"
      33. CL_NAME=$(oc get hcp ${HC_CLUSTER_NAME} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o jsonpath={.metadata.labels.\*} | grep ${HC_CLUSTER_NAME})
      34. oc get cluster ${CL_NAME} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/cl-${HC_CLUSTER_NAME}.yaml
      36. # AWS Cluster
      37. echo "--> AWS Cluster:"
      38. oc get awscluster ${HC_CLUSTER_NAME} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awscl-${HC_CLUSTER_NAME}.yaml
      40. # AWS MachineTemplate
      41. echo "--> AWS Machine Template:"
      42. oc get awsmachinetemplate ${NODEPOOLS} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awsmt-${HC_CLUSTER_NAME}.yaml
      44. # AWS Machines
      45. echo "--> AWS Machine:"
      46. CL_NAME=$(oc get hcp ${HC_CLUSTER_NAME} -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o jsonpath={.metadata.labels.\*} | grep ${HC_CLUSTER_NAME})
      47. for s in $(oc get awsmachines -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --no-headers | grep ${CL_NAME} | cut -f1 -d\ ); do
      48.     oc get -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} awsmachines $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awsm-${s}.yaml
      49. done
      51. # MachineDeployments
      52. echo "--> HostedCluster MachineDeployments:"
      53. for s in $(oc get machinedeployment -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name); do
      54.     mdp_name=$(echo ${s} | cut -f 2 -d /)
      55.     oc get -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machinedeployment-${mdp_name}.yaml
      56. done
      58. # MachineSets
      59. echo "--> HostedCluster MachineSets:"
      60. for s in $(oc get machineset -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name); do
      61.     ms_name=$(echo ${s} | cut -f 2 -d /)
      62.     oc get -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machineset-${ms_name}.yaml
      63. done
      65. # Machines
      66. echo "--> HostedCluster Machine:"
      67. for s in $(oc get machine -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name); do
      68.     m_name=$(echo ${s} | cut -f 2 -d /)
      69.     oc get -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} $s -o yaml > ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machine-${m_name}.yaml
      70. done

  5. Clean up the ControlPlane routes by entering this command:

    1. $ oc delete routes -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --all

    By entering that command, you enable the ExternalDNS Operator to delete the Route53 entries.

  6. Verify that the Route53 entries are clean by running this script:

    1. function clean_routes() {
    3.     if [[ -z "${1}" ]];then
    4.         echo "Give me the NS where to clean the routes"
    5.         exit 1
    6.     fi
    8.     # Constants
    9.     if [[ -z "${2}" ]];then
    10.         echo "Give me the Route53 zone ID"
    11.         exit 1
    12.     fi
    14.     ZONE_ID=${2}
    15.     ROUTES=10
    16.     timeout=40
    17.     count=0
    19.     # This allows us to remove the ownership in the AWS for the API route
    20.     oc delete route -n ${1} --all
    22.     while [ ${ROUTES} -gt 2 ]
    23.     do
    24.         echo "Waiting for ExternalDNS Operator to clean the DNS Records in AWS Route53 where the zone id is: ${ZONE_ID}..."
    25.         echo "Try: (${count}/${timeout})"
    26.         sleep 10
    27.         if [[ $count -eq timeout ]];then
    28.             echo "Timeout waiting for cleaning the Route53 DNS records"
    29.             exit 1
    30.         fi
    31.         count=$((count+1))
    32.         ROUTES=$(aws route53 list-resource-record-sets --hosted-zone-id ${ZONE_ID} --max-items 10000 --output json | grep -c ${EXTERNAL_DNS_DOMAIN})
    33.     done
    34. }
    36. # SAMPLE: clean_routes "<HC ControlPlane Namespace>" "<AWS_ZONE_ID>"
    37. clean_routes "${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}" "${AWS_ZONE_ID}"

Verification

Check all of the OKD objects and the S3 bucket to verify that everything looks as expected.

Next steps

Restore your hosted cluster.

Restoring a hosted cluster

Gather all of the objects that you backed up and restore them in your destination management cluster.

Prerequisites

You backed up the data from your source management cluster.

Ensure that the kubeconfig file of the destination management cluster is placed as it is set in the KUBECONFIG variable or, if you use the script, in the MGMT2_KUBECONFIG variable. Use export KUBECONFIG=<Kubeconfig FilePath> or, if you use the script, use export KUBECONFIG=${MGMT2_KUBECONFIG}.

Procedure

  1. Verify that the new management cluster does not contain any namespaces from the cluster that you are restoring by entering these commands:

    1. # Just in case
    2. export KUBECONFIG=${MGMT2_KUBECONFIG}
    3. BACKUP_DIR=${HC_CLUSTER_DIR}/backup
    5. # Namespace deletion in the destination Management cluster
    6. $ oc delete ns ${HC_CLUSTER_NS} || true
    7. $ oc delete ns ${HC_CLUSTER_NS}-{HC_CLUSTER_NAME} || true

  2. Re-create the deleted namespaces by entering these commands:

    1. # Namespace creation
    2. $ oc new-project ${HC_CLUSTER_NS}
    3. $ oc new-project ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}

  3. Restore the secrets in the HC namespace by entering this command:

    1. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/secret-*

  4. Restore the objects in the HostedCluster control plane namespace by entering these commands:

    1. # Secrets
    2. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/secret-*
    4. # Cluster
    5. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/hcp-*
    6. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/cl-*

  5. If you are recovering the nodes and the node pool to reuse AWS instances, restore the objects in the HC control plane namespace by entering these commands:

    1. # AWS
    2. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awscl-*
    3. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awsmt-*
    4. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/awsm-*
    6. # Machines
    7. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machinedeployment-*
    8. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machineset-*
    9. $ oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}/machine-*

  6. Restore the etcd data and the hosted cluster by running this bash script:

    1. ETCD_PODS="etcd-0"
    2. if [ "${CONTROL_PLANE_AVAILABILITY_POLICY}" = "HighlyAvailable" ]; then
    3.   ETCD_PODS="etcd-0 etcd-1 etcd-2"
    4. fi
    6. HC_RESTORE_FILE=${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/hc-${HC_CLUSTER_NAME}-restore.yaml
    7. HC_BACKUP_FILE=${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/hc-${HC_CLUSTER_NAME}.yaml
    8. HC_NEW_FILE=${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/hc-${HC_CLUSTER_NAME}-new.yaml
    9. cat ${HC_BACKUP_FILE} > ${HC_NEW_FILE}
    10. cat > ${HC_RESTORE_FILE} <<EOF
    11.     restoreSnapshotURL:
    12. EOF
    14. for POD in ${ETCD_PODS}; do
    15.   # Create a pre-signed URL for the etcd snapshot
    16.   ETCD_SNAPSHOT="s3://${BUCKET_NAME}/${HC_CLUSTER_NAME}-${POD}-snapshot.db"
    17.   ETCD_SNAPSHOT_URL=$(AWS_DEFAULT_REGION=${MGMT2_REGION} aws s3 presign ${ETCD_SNAPSHOT})
    19.   # FIXME no CLI support for restoreSnapshotURL yet
    20.   cat >> ${HC_RESTORE_FILE} <<EOF
    21.     - "${ETCD_SNAPSHOT_URL}"
    22. EOF
    23. done
    25. cat ${HC_RESTORE_FILE}
    27. if ! grep ${HC_CLUSTER_NAME}-snapshot.db ${HC_NEW_FILE}; then
    28.   sed -i '' -e "/type: PersistentVolume/r ${HC_RESTORE_FILE}" ${HC_NEW_FILE}
    29.   sed -i '' -e '/pausedUntil:/d' ${HC_NEW_FILE}
    30. fi
    32. HC=$(oc get hc -n ${HC_CLUSTER_NS} ${HC_CLUSTER_NAME} -o name || true)
    33. if [[ ${HC} == "" ]];then
    34.     echo "Deploying HC Cluster: ${HC_CLUSTER_NAME} in ${HC_CLUSTER_NS} namespace"
    35.     oc apply -f ${HC_NEW_FILE}
    36. else
    37.     echo "HC Cluster ${HC_CLUSTER_NAME} already exists, avoiding step"
    38. fi

  7. If you are recovering the nodes and the node pool to reuse AWS instances, restore the node pool by entering this command:

    1. oc apply -f ${BACKUP_DIR}/namespaces/${HC_CLUSTER_NS}/np-*

Verification

  • To verify that the nodes are fully restored, use this function:

    1. timeout=40
    2. count=0
    3. NODE_STATUS=$(oc get nodes --kubeconfig=${HC_KUBECONFIG} | grep -v NotReady | grep -c "worker") || NODE_STATUS=0
    5. while [ ${NODE_POOL_REPLICAS} != ${NODE_STATUS} ]
    6. do
    7.     echo "Waiting for Nodes to be Ready in the destination MGMT Cluster: ${MGMT2_CLUSTER_NAME}"
    8.     echo "Try: (${count}/${timeout})"
    9.     sleep 30
    10.     if [[ $count -eq timeout ]];then
    11.         echo "Timeout waiting for Nodes in the destination MGMT Cluster"
    12.         exit 1
    13.     fi
    14.     count=$((count+1))
    15.     NODE_STATUS=$(oc get nodes --kubeconfig=${HC_KUBECONFIG} | grep -v NotReady | grep -c "worker") || NODE_STATUS=0
    16. done

Next steps

Shut down and delete your cluster.

Deleting a hosted cluster from your source management cluster

After you back up your hosted cluster and restore it to your destination management cluster, you shut down and delete the hosted cluster on your source management cluster.

Prerequisites

You backed up your data and restored it to your source management cluster.

Ensure that the kubeconfig file of the destination management cluster is placed as it is set in the KUBECONFIG variable or, if you use the script, in the MGMT_KUBECONFIG variable. Use export KUBECONFIG=<Kubeconfig FilePath> or, if you use the script, use export KUBECONFIG=${MGMT_KUBECONFIG}.

Procedure

  1. Scale the deployment and statefulset objects by entering these commands:

    1. # Just in case
    2. export KUBECONFIG=${MGMT_KUBECONFIG}
    4. # Scale down deployments
    5. oc scale deployment -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --replicas=0 --all
    6. oc scale statefulset.apps -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --replicas=0 --all
    7. sleep 15

  2. Delete the NodePool objects by entering these commands:

    1. NODEPOOLS=$(oc get nodepools -n ${HC_CLUSTER_NS} -o=jsonpath='{.items[?(@.spec.clusterName=="'${HC_CLUSTER_NAME}'")].metadata.name}')
    2. if [[ ! -z "${NODEPOOLS}" ]];then
    3.     oc patch -n "${HC_CLUSTER_NS}" nodepool ${NODEPOOLS} --type=json --patch='[ { "op":"remove", "path": "/metadata/finalizers" }]'
    4.     oc delete np -n ${HC_CLUSTER_NS} ${NODEPOOLS}
    5. fi

  3. Delete the machine and machineset objects by entering these commands:

    1. # Machines
    2. for m in $(oc get machines -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name); do
    3.     oc patch -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} ${m} --type=json --patch='[ { "op":"remove", "path": "/metadata/finalizers" }]' || true
    4.     oc delete -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} ${m} || true
    5. done
    7. oc delete machineset -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --all || true

  4. Delete the cluster object by entering these commands:

    1. # Cluster
    2. C_NAME=$(oc get cluster -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name)
    3. oc patch -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} ${C_NAME} --type=json --patch='[ { "op":"remove", "path": "/metadata/finalizers" }]'
    4. oc delete cluster.cluster.x-k8s.io -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --all

  5. Delete the AWS machines (Kubernetes objects) by entering these commands. Do not worry about deleting the real AWS machines. The cloud instances will not be affected.

    1. # AWS Machines
    2. for m in $(oc get awsmachine.infrastructure.cluster.x-k8s.io -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} -o name)
    3. do
    4.     oc patch -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} ${m} --type=json --patch='[ { "op":"remove", "path": "/metadata/finalizers" }]' || true
    5.     oc delete -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} ${m} || true
    6. done

  6. Delete the HostedControlPlane and ControlPlane HC namespace objects by entering these commands:

    1. # Delete HCP and ControlPlane HC NS
    2. oc patch -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} hostedcontrolplane.hypershift.openshift.io ${HC_CLUSTER_NAME} --type=json --patch='[ { "op":"remove", "path": "/metadata/finalizers" }]'
    3. oc delete hostedcontrolplane.hypershift.openshift.io -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} --all
    4. oc delete ns ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME} || true

  7. Delete the HostedCluster and HC namespace objects by entering these commands:

    1. # Delete HC and HC Namespace
    2. oc -n ${HC_CLUSTER_NS} patch hostedclusters ${HC_CLUSTER_NAME} -p '{"metadata":{"finalizers":null}}' --type merge || true
    3. oc delete hc -n ${HC_CLUSTER_NS} ${HC_CLUSTER_NAME}  || true
    4. oc delete ns ${HC_CLUSTER_NS} || true

Verification

  • To verify that everything works, enter these commands:

    1. # Validations
    2. export KUBECONFIG=${MGMT2_KUBECONFIG}
    4. oc get hc -n ${HC_CLUSTER_NS}
    5. oc get np -n ${HC_CLUSTER_NS}
    6. oc get pod -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}
    7. oc get machines -n ${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}
    9. # Inside the HostedCluster
    10. export KUBECONFIG=${HC_KUBECONFIG}
    11. oc get clusterversion
    12. oc get nodes

Next steps

Delete the OVN pods in the hosted cluster so that you can connect to the new OVN control plane that runs in the new management cluster:

  1. Load the KUBECONFIG environment variable with the hosted cluster’s kubeconfig path.

  2. Enter this command:

    1. $ oc delete pod -n openshift-ovn-kubernetes --all

Running a script to back up and restore a hosted cluster

To expedite the process to back up a hosted cluster and restore it within the same region on AWS, you can modify and run a script.

Procedure

  1. Replace the variables in the following script with your information:

    1. # Fill the Common variables to fit your environment, this is just a sample
    2. SSH_KEY_FILE=${HOME}/.ssh/id_rsa.pub
    3. BASE_PATH=${HOME}/hypershift
    4. BASE_DOMAIN="aws.sample.com"
    5. PULL_SECRET_FILE="${HOME}/pull_secret.json"
    6. AWS_CREDS="${HOME}/.aws/credentials"
    7. CONTROL_PLANE_AVAILABILITY_POLICY=SingleReplica
    8. HYPERSHIFT_PATH=${BASE_PATH}/src/hypershift
    9. HYPERSHIFT_CLI=${HYPERSHIFT_PATH}/bin/hypershift
    10. HYPERSHIFT_IMAGE=${HYPERSHIFT_IMAGE:-"quay.io/${USER}/hypershift:latest"}
    11. NODE_POOL_REPLICAS=${NODE_POOL_REPLICAS:-2}
    13. # MGMT Context
    14. MGMT_REGION=us-west-1
    15. MGMT_CLUSTER_NAME="${USER}-dev"
    16. MGMT_CLUSTER_NS=${USER}
    17. MGMT_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${MGMT_CLUSTER_NS}-${MGMT_CLUSTER_NAME}"
    18. MGMT_KUBECONFIG="${MGMT_CLUSTER_DIR}/kubeconfig"
    20. # MGMT2 Context
    21. MGMT2_CLUSTER_NAME="${USER}-dest"
    22. MGMT2_CLUSTER_NS=${USER}
    23. MGMT2_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${MGMT2_CLUSTER_NS}-${MGMT2_CLUSTER_NAME}"
    24. MGMT2_KUBECONFIG="${MGMT2_CLUSTER_DIR}/kubeconfig"
    26. # Hosted Cluster Context
    27. HC_CLUSTER_NS=clusters
    28. HC_REGION=us-west-1
    29. HC_CLUSTER_NAME="${USER}-hosted"
    30. HC_CLUSTER_DIR="${BASE_PATH}/hosted_clusters/${HC_CLUSTER_NS}-${HC_CLUSTER_NAME}"
    31. HC_KUBECONFIG="${HC_CLUSTER_DIR}/kubeconfig"
    32. BACKUP_DIR=${HC_CLUSTER_DIR}/backup
    34. BUCKET_NAME="${USER}-hosted-${MGMT_REGION}"
    36. # DNS
    37. AWS_ZONE_ID="Z026552815SS3YPH9H6MG"
    38. EXTERNAL_DNS_DOMAIN="guest.jpdv.aws.kerbeross.com"

  2. Save the script to your local file system.

  3. Run the script by entering the following command:

    1. source <env_file>

    where: env_file is the name of the file where you saved the script.