Connection setup after OpenShift Container Platform cluster recovery

The OpenShift® Container Platform cluster can have problems and become unusable. After you recover the cluster, rejoin the connections.

Disaster recovery
  • Two clusters must be connected to failover and failback applications
  • Reconnect to another cluster
Backup & Restore
  • One hub cluster and more than one spoke clusters can be connected easily to manage application backups in multi clusters.
  • Reconnect to the hub or spoke
If the cluster recovers before the expiration time, then no action is needed as the cluster rejoins the connection automatically. If the cluster recovers after the client cert expires, then clean the connection and setup again to rejoin the recovered cluster. You can get the client cert effective time from the connection CR status, for example:
oc get connection <connection_name> -n ibm-spectrum-fusion-ns
    - lastTransitionTime: '2024-01-03T10:23:20Z'
      message: >-
        client certificate rotated starting from 2024-01-03 10:18:31 +0000 UTC
        to 2024-01-19 13:12:00 +0000 UTC
      reason: ClientCertificateUpdated
      status: 'True'
      type: ClusterCertificateRotated

Clean the connection and setup the connection between cluster-a and cluster-b again.

  1. Clean the connection:

    Delete the connection CR in both cluster-a and cluster-b clusters:

    • In cluster-a
      oc delete connection <connection_cr_with_cluster-b_endpoint_in_spec> -n ibm-spectrum-fusion-ns
    • In cluster-b
      oc delete connection <connection_cr_with_cluster-a_endpoint_in_spec> -n ibm-spectrum-fusion-ns
  2. Set up the connection between clusters again.
    1. Get the bootstrap token in cluster-a:
      kubectl create token isf-application-operator-cluster-bootstrap -n <namespace of isf-application-operator>
    2. Create connection CR and init secret in cluster-b with the bootstrap token and API endpoint of cluster-a.
      For example, create init secret in cluster-b:
      apiVersion: v1
      kind: Secret
      metadata:
        name: init-<cluster-a>
        namespace: ibm-spectrum-fusion-ns 
      stringData:
        apiserver: <cluster-a api endpoint>
        bootstrapToken: <token generated in step 2.1>
      
  3. Create connection CR with this init secret in spec in cluster-b:
    apiVersion: application.isf.ibm.com/v1
    kind: Connection
    metadata:
      name: <connection-name>
      namespace: ibm-spectrum-fusion-ns 
    spec:
      remoteCluster
        apiEndpoint: <cluster-a api endpoint>
        initSecretName: init-<cluster-a>