crypto-svc Deployment fails to startup after redeploying myk10

If the secret was deleted for some reason, You could recover from this situation by following Recovering K10 From a Disaster (provided you had K10 DR backups enabled and ran successfully before getting into this situation). For this reason, It is always recommended to enabled and run K10 DR policy so that you have a successful backup of K10 in such disasters.

Hi Jaiganeshjk,

Thanks for your detailed answer. Yes the secret was delete and I follow the doc to recover it. Now when I run this 

helm install k10-restore kasten/k10restore --namespace=kasten-io --set sourceClusterID=kubernetes-admin@kubernetes --set profile.name=nfs-storage

Job for restore run and then fail with this log. 

Usage:
  restorectl restore [flags]
Flags:
  -h, --help   help for restore
Global Flags:
  -c, --clusterid string       Specify the cluster ID captured during backup (required)
  -n, --namespace string       Specify the namespace where K10 is currently deployed (required)
  -t, --point-in-time string   Specify an optional point in time (RFC3339) at which to evaluate restore data
  -p, --profile string         Specify the profile that was used during backup (required)
  -s, --skipResource string    Specify if restore of policies,profiles,secrets needs to be skipped.
{"File":"kasten.io/k10/kio/tools/restorectl/root.go","Function":"kasten.io/k10/kio/tools/restorectl.Execute","Line":24,"cluster_name":"3c46c435-ee8a-4053-816c-da5cce7e7259","error":{"message":"Failed to get profile. A location profile must be created for K10 Disaster Recovery","function":"kasten.io/k10/kio/tools/restorectl.restoreK10","linenumber":83,"file":"kasten.io/k10/kio/tools/restorectl/restore.go:83","cause":{"message":"No profile detected. A location profile must be created for K10 Disaster Recovery","function":"kasten.io/k10/kio/tools/restorectl.getK10AndKanisterProfileCR","linenumber":51,"file":"kasten.io/k10/kio/tools/restorectl/utils.go:51","cause":{"message":"profiles.config.kio.kasten.io \"nfs-storage\" not found"}}},"hostname":"k10-restore-k10restore-tfr7f","level":"error","msg":"Failed","time":"2023-07-05T09:29:54.824Z"}

Can You please tell what exactly Cluster ID is? Is this my k8s cluster name or something related to K10 cluster? I found one Cluster ID from Kasten which is new one and job fail again.  

Best Regards,

Tauqeer.A

ClusterId is nothing but the UID of default namespace in your cluster.

Reference:https://docs.kasten.io/latest/operating/dr.html#cluster-id

From the above error message, the clusterID is wrong in your command and also the error message states that there is no profile with the name nfs-storage.

Also this will work if you already have the DR backups running before the secrets were deleted.

I don’t see the restorepoints or k10-disaster-recovery-policy created from your logs that you have shared in the case. 

Are you sure that you had DR backup in your location profile ?

Yes that is expected because k10 doesn’t have the encryption key to decrypt the data from the backups and do the restore. 

You will have to consider cleaning up the location profile target and then re-installing K10 to backup/export your application normally.

If you have lost some application and need to recover them, you could use the migration tokens from the earlier exports. You could try to save them safely, Uninstall k10 and run an import policy using those migrationtokens. This will have imported restorepoints from your older backup. You can use them to restore the application. 

However, newer exports to the same NFS or atleast the same Path won’t work. You will have to cleanup eventually.

If you don’t cleanup with the reinstall, you will end up in a situation similar to what it is mentioned in this KB article https://kb.kasten.io/knowledge/exports-dont-work-after-k10-reinstall

Sure @tauqeerahmad I will be glad to assist you on this.

There are multiple things you can do at this point.

1. If you are planning to just test the restore into a new cluster, then copy the migration token/receiveString from the policy/corresponding secret and use it with import policies on a second cluster. This will import the restorepoints to new cluster which you can then use to restore and test.
2. If you want to test restore of the old backups in the same cluster, you cannot do it in the current state. You don’t have the cluster passphrase and no way to retrieve it as well. You will need to uninstall current k10 installation and reinstall a fresh k10 installation. Once you have new K10 installation, you can import old application restorepoints if you want to test restore. Or if you want to use new K10 to backup/export your applications, then you need to cleanup your NFS directory where the old backups are stored. Your K10 doesn’t have the encryption key to decrypt it by default without the receiveString.

If you are planning to use the import, Don’t manually delete/move anything in the NFS profile. 

If you are still considering to use new k10 to do new exports, you can specify a different path while creating the location profile. 

In any case, I would suggest you to get in touch with a Veeam/Kasten Sales/SE team to help you with your use cases and PoC.