openfaas-cloud icon indicating copy to clipboard operation
openfaas-cloud copied to clipboard
verified publisher icon openfaas

Migrate OFC from one environment to another (on Kubernetes)

Open alexellis opened this issue 7 years ago • 6 comments

Expected Behaviour

We need a strategy to migrate the community cluster from one Kubernetes cluster to another with as little impact as possible to users.

This includes:

  • exporting the SealedSecrets public/private key pair
  • reimporting them
  • exporting the deployments/services
  • reimporting them
  • exporting / importing ingress etc.

Some of the work is covered by the ofc-bootstrap project.

alexellis avatar Jan 10 '19 16:01 alexellis

exporting the SealedSecrets public/private key pair

@stefanprodan do you know how to approach the above point?

alexellis avatar Jan 10 '19 16:01 alexellis

Instead of import/export I would copy the SealedSecrets master key and do the whole bootstrap as it were a fresh install.

stefanprodan avatar Jan 28 '19 09:01 stefanprodan

If OFC is GitOps you should't have to import/export anything expect for the private key.

stefanprodan avatar Jan 28 '19 09:01 stefanprodan

This is to deploy the whole installation. The private key is generated upon installation with Helm of SealedSecrets.

How do you pass a private key to the helm installation? Is that something you've done before and can comment?

alexellis avatar Jan 28 '19 09:01 alexellis

To summarise the discussion on Slack:

  1. Get the private key from the old cluster: kubectl -n openfaas get secret sealed-secrets-key --export -oyaml > sealed-secrets-key.yaml

  2. Apply the private key on the new cluster: kubectl apply -f sealed-secrets-key.yaml

  3. Install SealedSecrets with Helm: helm install --namespace openfaas --name sealed-secrets stable/sealed-secrets

stefanprodan avatar Jan 28 '19 10:01 stefanprodan

Thanks that looks awesome.

alexellis avatar Jan 28 '19 10:01 alexellis