Perform the following steps to recover Entrust PKI Hub and the deployed solutions after a system crash.

As explained in Running clusterctl install, only installations in multi-node mode support disaster recovery, although such installations can indeed use a single node.

Recovering single-node installations

When a single-node installation crashes, recover the Entrust PKI Hub and the deployed solutions from a backup as explained in Restoring the state.

Recovering multi-node installations with a quorum

When your multi-node installation retains the quorum described in Recommended number of nodes, you must simply remove, restore and add the crashed nodes.

To recover a crashed node.

  1. Mark the node as unschedulable. 

    sudo /opt/entrust/kubectl cordon <node-to-delete>

  2. Drain the pods from the node to delete. 

    sudo /opt/entrust/kubectl drain <node-to-delete> --delete-emptydir-data --disable-eviction --force --ignore-daemonsets --timeout=600s

  3. Delete the node from the cluster. 

    sudo /opt/entrust/kubectl delete node <node-to-delete> --timeout=600s
  4. Restore the node and add it again to the cluster, as explained in Adding nodes.

Recovering multi-node installations without a quorum

When your multi-node installation does not retain the quorum described in Load balancing requirements, follow the steps below for recovery.

To recover a multi-node deployment without a quorum

  1. Run clusterctl uninstall in all the nodes to uninstall Entrust PKI Hub.
  2. Recover the Entrust PKI Hub and the deployed solutions from a backup as explained in Restoring the state.