Support for Rancher Projects in CloudCasa
Summary
CloudCasa fully supports backup and restore of Rancher projects, making it possible to recover projects and their associated metadata. This is made possible by backing up both Rancher management (local) cluster and downstream (managed) clusters. Rancher stores all the data as Kubernetes custom resources so by backing up the management cluster, all that data will be part of CloudCasa recovery points. This includes data about projects. By combining this with backups of the downstream clusters, CloudCasa can cleanly restore Rancher Projects and their workloads.
Backup Configuration
On the Rancher Management cluster, configure full cluster backups (PVCs optional). This will backup all Rancher resources, including that of Projects.
On downstream workload clusters, configure backups to cover all resources which are used by your projects, including any PVCs and namespaces managed by Rancher.
Restores
We will cover the following three different restore scenarios:
A project has been deleted and needs to be recovered.
A workload namespace on a downstream cluster, that is part of a project, is lost and needs to be restored.
Both workload namespace and its project need to be restored.
Restoring only the project
In this case, a Project got deleted for some reason and it needs to be restored from the backup. Its constituent namespaces on the downstream clusters are intact.
Before continuing, you will need the Project ID (p-xxxx) and Cluster ID (c-m-xxxx) from the Rancher UI. If the project has already been deleted, you can also get the project ID from the CloudCasa recovery point browser.
Note that this procedure assumes that we have 2 recovery points available: one for the management cluster and one for the downstream cluster. Follow these steps to restore the project:
Restore the Project Resource (Management cluster).
Define a new restore job in CloudCasa using the management cluster recovery point.
In the “Select Resources” step, click the Specific Resources tab.
Open the resource browser by clicking Select resources and filter by “Type” for “Projects”. Find and select the target project (also note the project ID here if you need it).
Run the restore job. This will reinitialize the Project.
After the job is complete, the project will be visible in the Rancher UI, but project membership will have been reset to cluster defaults. We will restore these later, but for now manually delete ALL project members.
(Rancher UI: select the downstream cluster -> Cluster and Project Members -> Project Membership. Remove all members.)
Restore Project Backing Namespace (Management cluster).
Define another restore job in CloudCasa using the management cluster recovery point.
In the “Select Resources” step, stay on the Standard Selections tab and click Select Namespaces.
Select the backing namespace for the target project - it will be named “CLUSTER_ID-PROJECT_ID” (e.g. “c-m-5p6xzwqs-p-7czxw”).
Continue to the “Restore Transforms” step. Enable overwrite existing resources.
Run the restore job. Once completed, refresh the Rancher UI. Project user roles will be restored.
Patch the Project namespace(s) on the downstream cluster with the following annotation (replacing with your cluster/project ID):
kubectl annotate namespace <NAMESPACE> field.cattle.io/projectId='CLUSTER_ID:PROJECT_ID' --overwrite
Refresh the Rancher UI. All resources in the project namespace will have been restored and associated with the project.
Restoring namespaces in downstream clusters
In this scenario, users lost one or more namespaces in a downstream cluster that belong to a project. To recover them, define a restore job in CloudCasa using one of the downstream cluster’s recovery points. Select all namespaces associated with the project.
After the restore, the namespaces would automatically be associated with the project.
Restoring both namespaces and project
In this case, both the project and workload namespaces on the downstream cluster are lost and need to be recovered. In order to do that, follow the steps outlined in the above two scenarios.