- Generate a StackRox central bundle for secondary central
- Make sure the version is the same as your existing central
roxctl generate ...
- Save the existing TLS certs from your existing StackRox Central cluster
kubectl get secret central-tls -n stackrox -o yaml --export > ./tls-secret.yaml
- Copy the saved kubernetes secret object to your newly generate bundle
cp tls-secret.yaml ./central-bundle/central/
- Deploy seconday central
- Backup existing central
-
export CENTRAL_ADDRESS=<address>:<port-number> roxctl -p <admin-password> -e "$CENTRAL_ADDRESS" central db backup
-
- Restore to new (warn standby) central
-
export CENTRAL_ADDRESS=<address>:<port-number> roxctl -p <admin-password> -e "$CENTRAL_ADDRESS" central db restore <backup-filename>
-
- You can automate that backup/restore process once they are initially in-sync using the API token. There will obviously be a push and pull from a centralized location (like s3) in the middl
Created
August 11, 2020 22:56
-
-
Save logankimmel/e3001b1110d8a989b9f806d1226b65fb to your computer and use it in GitHub Desktop.
StackRox Central HA Failover
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment