Connection setup after OpenShift Container Platform cluster recovery
The OpenShift® Container Platform cluster can have problems and become unusable. After you recover the cluster, rejoin the connections.
- Disaster recovery
-
- Two clusters must be connected to failover and failback applications
- Reconnect to another cluster
- Backup & Restore
-
- One hub cluster and more than one spoke clusters can be connected easily to manage application backups in multi clusters.
- Reconnect to the hub or spoke
If the cluster recovers before the expiration time, then no action is needed as the cluster
rejoins the connection automatically. If the cluster recovers after the client cert expires, then
clean the connection and setup again to rejoin the recovered cluster. You can get the client cert
effective time from the connection CR status, for
example:
oc get connection <connection_name> -n ibm-spectrum-fusion-ns
- lastTransitionTime: '2024-01-03T10:23:20Z' message: >- client certificate rotated starting from 2024-01-03 10:18:31 +0000 UTC to 2024-01-19 13:12:00 +0000 UTC reason: ClientCertificateUpdated status: 'True' type: ClusterCertificateRotated
Clean the connection and setup the connection between cluster-a and cluster-b again.
- Clean the connection:
Delete the connection CR in both cluster-a and cluster-b clusters:
- In cluster-a
oc delete connection <connection_cr_with_cluster-b_endpoint_in_spec> -n ibm-spectrum-fusion-ns
- In cluster-b
oc delete connection <connection_cr_with_cluster-a_endpoint_in_spec> -n ibm-spectrum-fusion-ns
- In cluster-a
- Set up the connection between clusters again.
- Get the bootstrap token in
cluster-a:
kubectl create token isf-application-operator-cluster-bootstrap -n <namespace of isf-application-operator>
- Create connection CR and
init
secret in cluster-b with the bootstrap token and API endpoint of cluster-a.For example, createinit
secret in cluster-b:apiVersion: v1 kind: Secret metadata: name: init-<cluster-a> namespace: ibm-spectrum-fusion-ns stringData: apiserver: <cluster-a api endpoint> bootstrapToken: <token generated in step 2.1>
- Get the bootstrap token in
cluster-a:
- Create connection CR with this
init
secret inspec
in cluster-b:apiVersion: application.isf.ibm.com/v1 kind: Connection metadata: name: <connection-name> namespace: ibm-spectrum-fusion-ns spec: remoteCluster apiEndpoint: <cluster-a api endpoint> initSecretName: init-<cluster-a>