![]() Since you did not create this resource using terraform, terraform is not aware That was configured during the Consul installation to enable multi-dc federation. The Consul Helm chart deploys a load balancer to support the mesh gateway To simulate the loss of your primary datacenter, you will delete the primaryĭatacenter using the platform specific instructions below. ![]() Review those files for an example of how you could configure your own 3rd party CA. Theĭc1/dc1-init.sh script generated this configuration and secret for this tutorial,Īnd the dc1/dc1-values.yaml file configured the Consul datacenter to use that secret. The connect.ca_config stanza you provided to Consul during the Helm install. If you use any 3rd party CA, Vault or otherwise, you must ensure you back up Times throughout the tutorial, it is not required if you use Consul as your CA. While this is required for this lab, and will be referenced several This is required for this lab, since it uses Notice, that in addition to the four secrets listed previously, the Vault CAĬonfiguration is also being exported. Or need to create a lab environment, feel free to skip ahead to the recovery steps The steps necessary to perform a primary datacenter recovery. In this next section, you will create a lab environment that you can use to practice We recommend that you automate the secrets rotation process,Īnd include a backup to an external secrets management solution as part of thatĪutomation. Term storage external to the Kubernetes secrets engine, so that they can surviveĭo not forget to update these values and take a new snapshot backup whenever It is your responsibility to manage these secrets in some form of long Without access to these four secrets you cannot recover from a disaster or long term
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |