Reconnecting OpenShift Container Platform cluster

The OpenShift® Container Platform cluster that is connected in a disaster recovery relationship or a Backup & Restore service with Hub and Spoke can face disasters, leading to a temporary unusable state. After recovery, it can still display an Unhealthy or UnManaged status in remote clusters. In such instances, this cluster must be reconnected to its corresponding connections.

About this task

If the cluster recovers before the expiration time, the cluster rejoins the connection automatically and no action is needed. However, if the cluster recovers after the expiration of the client cert, the connection must be cleaned and setup to rejoin the recovered cluster.

Procedure

  1. Run the following example command to login to cluster-a and list the connection names.
    oc login to cluster-a 
  2. List the connection names.
    oc get connections
    It lists all connection CRs that are used for Backup & Restore and disaster recovery. The following example shows connections among clusters:
    • If cluster-a is in a DR relationship, a connection exists for the other cluster.
    • If cluster-a is a Backup & Restore hub, there exists a connection for each spoke.
    • If cluster-a is a Backup & Restore spoke, one connection to the hub exists.
    The output includes the API endpoint of cluster-b.
    Example output
    NAME                    API_ENDPOINT                                     PHASE        HEALTHY_TO   HEALTHY_FROM   AGE
    connection-8414b9c84d   https://api.cluster-b.mydomain:6443   InProgress   Unhealthy    Unknown        25d
    % 
  3. Save the name of connection CR in cluster-a (a cluster in the hub and spoke or DR clusters) in connection-<id> format.
  4. Clean the connection.
    For the procedure to clean the connection, see Disabling the connection.
  5. Setup the connection between clusters.
    1. Log in to the cluster-b and get the bootstrap token for cluster-b.
      oc login to cluster-b
      oc create token isf-application-operator-cluster-bootstrap -n <Fusion Namespace of cluster-b>
      Note: The version of oc command line must be greater or equal to 4.11.
    2. Log in to cluster-a.
      oc login to cluster-a
    3. Create init secret on cluster-a with the bootstrap token and API endpoint of cluster-b.
      For example:
      
      apiVersion: v1
      kind: Secret
      metadata:
         name: <Init Secret Name>
         namespace: <Fusion Namespace of cluster-a>
      stringData:
         apiserver: <cluster-b API Endpoint>
         bootstrapToken: <cluster-b Token Generated in Step 3.a>
    4. Create connection CR on cluster-a with this init secret in spec:
      
      apiVersion: application.isf.ibm.com/v1
      kind: Connection
      metadata:
        name: <Connection Name Saved in Step 1>
        namespace: <Fusion Namespace of cluster-a>
      spec:
        remoteCluster:
          apiEndpoint: <cluster-b API Endpoint>
          initSecretName: <Init Secret Name>
          connectionOperatorNamespace: <Fusion Namespace of cluster-b>