Skip to content

Instantly share code, notes, and snippets.

@logankimmel
Created August 11, 2020 22:56
Show Gist options
  • Save logankimmel/e3001b1110d8a989b9f806d1226b65fb to your computer and use it in GitHub Desktop.
Save logankimmel/e3001b1110d8a989b9f806d1226b65fb to your computer and use it in GitHub Desktop.
StackRox Central HA Failover

Setting up a secondary StackRox central for HA failover

  • Generate a StackRox central bundle for secondary central
    • Make sure the version is the same as your existing central
    • roxctl generate ...
  • Save the existing TLS certs from your existing StackRox Central cluster
    • kubectl get secret central-tls -n stackrox -o yaml --export > ./tls-secret.yaml
  • Copy the saved kubernetes secret object to your newly generate bundle
    • cp tls-secret.yaml ./central-bundle/central/
  • Deploy seconday central
  • Backup existing central
    • export CENTRAL_ADDRESS=<address>:<port-number>
      roxctl -p <admin-password> -e "$CENTRAL_ADDRESS" central db backup
      
  • Restore to new (warn standby) central
    • export CENTRAL_ADDRESS=<address>:<port-number>
      roxctl -p <admin-password> -e "$CENTRAL_ADDRESS" central db restore <backup-filename>
      
  • You can automate that backup/restore process once they are initially in-sync using the API token. There will obviously be a push and pull from a centralized location (like s3) in the middl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment