Kyvos on GCP- Disaster Recovery and Backup Plan
This section describes the backup and disaster recovery strategy for Kyvos deployed on Google Cloud Platform, including steps to replicate critical resources and recover the Kyvos environment in case of failures.
Note
Disaster Recovery is supported only with High Availability (HA) and an external repository.
Common Prerequisites for disaster recovery of deployment
All resources and settings that were enabled in the primary deployment must also be enabled in the secondary deployment. For example, if the primary deployment used Dedicated Compute with Load Balancer, then the secondary must also be configured the same way.
Ensure the secondary deployment uses the same region (DrRegion) as the primary deployment.
Both the primary and replica instances must be in the same VPC.
Your VPC must have at least two subnets:
One in the primary region.
One in the secondary (replica) region.
Ensure your Private Service Connect IP range has enough available IP addresses to accommodate both Cloud SQL instances.
Promote the read replica once, you want to run DR
Disaster recovery of deployment via Terraform script
Secondary Resources will be created, and the disaster recovery script will be executed automatically by the Terraform script.
Prerequisites
A primary Kyvos deployment is created when the enableDr (in the kyvosparams.tfvars file) parameter is set to true.
Recovering deployment by creating secondary resources
To create the secondary resources,
Set the value of the recoverKyvosCluster to true and enableDr to false in the kyvosparams.tfvars file located in the Terraform folder > Conf folder (available in GCP Installation Files). This indicates that the deployment will act as the disaster recovery cluster. For more details, click here.
Reuse the following configurations for secondary deployment. The following resources will not be recreated in the secondary deployment. Instead, they will be reused from the primary deployment:
Service Account
VPC Network and subnetwork
Secret Manager
Storage Bucket
CloudSQL
Trigger deploy.sh script (available in the GCP installation files). You can now access the Kyvos Manager using the secondary Kyvos Manager node.
NEXT: Perform Disaster Recovery from Kyvos Manager
After performing DR from Kyvos Manager, the secondary cluster will become the active Kyvos environment.
Manual disaster recovery and back up
Prerequisites
Set up cross-region replication for Secret manager, CloudSQL, and Cloud Storage bucket.
To replicate key resources across regions in Google Cloud Platform (GCP), perform the following steps.
Cloud SQL – Cross-Region Replication: To replicate a Cloud SQL instance to another region:
Go to the Cloud SQL section in the GCP Console.
Locate the instance you want to replicate.
Click the three-dot menu (︙) on the right-hand side.
Select Create read replica.
Choose a different region for the replica.
Cloud Storage (Buckets) – Manual Replication: GCP buckets do not automatically replicate across regions. To replicate a bucket:
Create a new bucket in your secondary region.
Manually copy the contents of your primary bucket to the secondary bucket.
Secret Manager – Manual Replication: Secret Manager does not natively support multi-region replication.
To replicate secrets:In your secondary region, create a new Secret Manager.
Manually copy each version of the secrets from the primary deployment.
To manually perform disaster recovery, perform the following steps.
Create secondary resources with the same configuration as that of primary resources deployment.
Download disaster recovery script (complete-disaster-recovery.sh) on secondary Kyvos Manager node from the bucket and execute it. The bucket path is <bucket-name>/user/engine_work/setup/scripts.
Now, you can access Kyvos Manager using the secondary Kyvos Manager node IP.
NEXT: Perform Disaster Recovery from Kyvos Manager