Skip to content

getting-started.md

Latest commit

 

History

History
174 lines (123 loc) · 5.27 KB

getting-started.md

File metadata and controls

174 lines (123 loc) · 5.27 KB
title Getting started
weight 20
aliases /trilio-cr/getting-started/

Deploying the pattern

Deployment

1. Clone the repository

git clone https://github.com/trilio-demo/trilio-continuous-restore
cd trilio-continuous-restore

2. Configure S3 bucket details

Edit values-hub.yaml and values-secondary.yaml to set your S3 bucket name and region:

# In both values-hub.yaml and values-secondary.yaml, under the trilio-operand app overrides:
overrides:
  - name: backupTarget.bucketName
    value: <your-bucket-name>
  - name: backupTarget.region
    value: <your-bucket-region>   # for example, us-east-1

3. Populate secrets

Create values-secret.yaml from the template:

cp values-secret.yaml.template ~/values-secret-trilio-continuous-restore.yaml

Edit ~/values-secret-trilio-continuous-restore.yaml and fill in your credentials:

secrets:
  - name: trilio-license
    vaultPrefixes:
    - global
    fields:
    - name: key
      value: <your-trilio-license-key>   # single unbroken line, no escape characters

  - name: trilio-s3
    vaultPrefixes:
    - global
    fields:
    - name: accessKey
      value: <your-s3-access-key>
    - name: secretKey
      value: <your-s3-secret-key>

Always update secrets in your home directory, never in the repo's values-secret.yaml.template so that secrets are never committed to git.

4. Install the pattern

./pattern.sh make install

This command:

  1. Bootstraps HashiCorp Vault and loads secrets from ~/values-secret-trilio-continuous-restore.yaml
  2. Installs the Validated Patterns operator on the hub
  3. Creates the ValidatedPattern CR which triggers ArgoCD to deploy all hub components

Monitor progress in the ArgoCD UI or by running:

oc get application -n openshift-gitops

All applications should reach Synced / Healthy within 10–15 minutes.

Alternative: manual secret population by using oc

To write or rotate secrets directly in HashiCorp Vault without re-running ./pattern.sh make install:

# Extract Vault root token
VAULT_TOKEN=$(oc get secret vaultkeys -n imperative \
  -o jsonpath='{.data.vault_data_json}' | \
  base64 -d | python3 -c "import sys,json; print(json.load(sys.stdin)['root_token'])")

# Write Trilio license
oc exec -n vault vault-0 -- env VAULT_TOKEN=$VAULT_TOKEN \
  vault kv put secret/global/trilio-license key="<your-license-key>"

# Write S3 credentials
oc exec -n vault vault-0 -- env VAULT_TOKEN=$VAULT_TOKEN \
  vault kv put secret/global/trilio-s3 accessKey="<key>" secretKey="<secret>"

You can also reload secrets from ~/values-secret-trilio-continuous-restore.yaml by running:

./pattern.sh make load-secrets

5. Verify hub deployment

Check that Trilio is healthy:

oc get triliovaultmanager -n trilio-system
# STATUS should be Deployed or Updated

oc get target -n trilio-system
# STATUS should be Available

Check the end-to-end DR status (updated automatically by the imperative framework):

make dr-status

Initial run: trilio-enable-cr and trilio-backup complete within the first two CronJob cycles (~20 minutes). Standard restore follows. All phases PASS indicates the hub is fully operational.

Spoke (DR cluster) onboarding

1. Import the DR cluster into ACM

Import the DR cluster through the ACM console or the oc CLI. Note the cluster name assigned during import.

2. Label and onboard

make onboard-spoke CLUSTER=<acm-cluster-name>

This labels the cluster with clusterGroup=secondary, which triggers ACM to deploy the spoke configuration through ArgoCD.

After running make onboard-spoke, kick the spoke-side ArgoCD application to sync immediately (run on the spoke cluster context):

oc patch application.argoproj.io main-trilio-continuous-restore-secondary \
  -n openshift-gitops --type merge \
  -p '{"operation":{"sync":{}}}'

3. Monitor spoke onboarding

make spoke-status CLUSTER=<acm-cluster-name>

Expected progression:

  1. Trilio operator installs (OLM subscription)
  2. TrilioVaultManager deploys (ESO delivers S3 + license secrets)
  3. BackupTarget becomes Available (EventTarget pod starts)
  4. ConsistentSets begin appearing as hub backups are detected (~10–20 minutes after the hub's CR backup completes)
  5. Spoke imperative restore runs automatically after the first ConsistentSet is Available

The full spoke onboarding sequence typically takes 15–25 minutes from label application to a running TrilioVaultManager. The imperative restore adds another 30–45 minutes on top of that for the first ConsistentSet to appear and the restore to complete.

Known: trilio-operand OutOfSync on spoke after onboarding

ArgoCD may show trilio-operand as OutOfSync / Missing immediately after spoke onboarding. This is a CRD timing issue — ArgoCD attempts to sync the TrilioVaultManager CR before the Trilio operator has finished registering its Custom Resource Definitions (CRDs).

The SkipDryRunOnMissingResource=true sync option is set in values-secondary.yaml to handle this automatically. If the issue persists after 5–10 minutes, manually refresh the ArgoCD application:

oc patch application trilio-operand -n main-trilio-continuous-restore-secondary \
  --type merge -p '{"operation":{"sync":{}}}'