Is it at all possible to restore an RKE2 downstream cluster Rancher Users #general

Is it at all possible to restore an RKE2 downstrea...

salmon-morning-84088

03/10/2025, 8:53 AM

Is it at all possible to restore an RKE2 downstream cluster from etcd snapshots in Rancher, if the cluster is completely lost? If I enable storing the etcd snapshots in S3, then the snapshots are persisted. But I still need the RKE2 server token to restore the snapshot, and I don't think that is available anywhere if the downstream cluster gets deleted. Of course I can backup the downstream cluster's hosts, but it feels pretty wasteful to backup all that when I just need the server token… 😕 Is this case simply not handled by Rancher, or am I missing something?

creamy-pencil-82913

03/10/2025, 9:03 AM

yes. Rancher knows the token, if you provisioned the cluster via Rancher. As long as you have an etcd backup still on s3 you can recover from loss of all nodes.

salmon-morning-84088

03/10/2025, 11:47 AM

Oh, it does!? Great. Any idea where? I've been looking through the

cluster

objects to no avail… 😕

salmon-morning-84088

03/10/2025, 11:55 AM

Because the full token is required, right? It seems like the short credentials part of the token can be found in the secret

*-rke-state

in the

fleet-default

namespace. But I guess I also need the CA hash? 🤔

salmon-morning-84088

03/10/2025, 1:21 PM

No, it seems like the short token is sufficient to decrypt the snapshot and then the CA hash is extracted from the snapshot (I'm guessing). Thanks for pointing me in the right direction!

7 Views

Open in Slack

Previous Next