Restore Mirantis Kubernetes Engine from a backup

Important

Because the MKE restoration process is complicated, we strongly recommend contacting Mirantis support for assistance.

If you still decide to restore MKE from a backup on your own, you must scale down helm-controller on the cluster being restored if the MKE version of the affected cluster after the restore will differ from the MKE version in the ClusterRelease object that is set in MOSK Cluster objects in the management cluster:

• If you are restoring MKE on a management cluster: before starting the restore, scale down helm-controller on each affected MOSK cluster. This prevents unintended Ceph and OpenStack downgrades on MOSK clusters after the management cluster is restored.

• If you are restoring MKE on a MOSK cluster: immediately after the restore completes, scale down helm-controller. Because the restore rolls the cluster back to an older release, this prevents it from triggering a premature upgrade of Helm releases.

Before contacting Mirantis support for assistance with MKE restoration, perform the following steps:

1. Download the backup files from remote storage.

2. Decrypt the backup files:

   openssl enc -d -aes-256-cbc -pbkdf2 -pass file:<KEK> -in <BACKUP>.dek > dek.plain
   
   openssl enc -d -aes-256-cbc -pbkdf2 -pass file:dek.plain -in <BACKUP>.encrypted > backup.tar
   

   Replace <KEK> with the name of the file containing the KeyEncryptionKey value and <BACKUP> with the name of the backup file.

Send the decrypted backup.tar archive to Mirantis support for assistance.

Note

If remote backup storage and encryption are not configured, the backup archive is stored locally in the /srv/backup/ucp directory on one of the MKE manager nodes. In this case, send the local backup archive to Mirantis support for assistance.