Use this documentation to understand the behavior of the restore operation from an NSX backup that contains Antrea container clusters, which are registered to NSX.
When you restore an
NSX backup, the following behavior occurs:
- All existing K8s resources of the registered Antrea container clusters, for example, pods, services, namespaces, and so on, are not restored to their previous status when the NSX backup was taken. There is no impact to the Kubernetes cluster and it will continue to work.
- When NSX is restored from the backup file, DFW policies that were applied to Antrea container clusters return to their previous status (that is, status when the backup was taken). However, K8s resources that are seen by the DFW rules, such as services, namespaces, and so on, are at their latest (current) status. This causes inconsistency.
A resynchronization is automatically done after the NSX restore is completed. The resynchronization ensures that all K8s resources in the NSX inventory return to their current status, and all restored NSX DFW policies are realized to the Kubernetes cluster.
- If you delete an Antrea container cluster after the backup is done, and then restore NSX from this backup, some orphan Management Plane resources are detected in NSX. You must clean-up the orphan resources manually, such as DFW policies, cluster control plane node, and Principal Identity.
- If you register a new Antrea container cluster to NSX after the backup is done, and then restore NSX from this backup, the new Antrea container cluster cannot connect to NSX Manager. The reason is that Principal Identity (PI) user and cluster control plane node of this new Antrea container cluster are missing.
In this case, do the following steps:
- Deregister the Antrea container cluster from NSX to ensure a clean-up. For more information, see Deregister an Antrea Container Cluster from NSX-T Data Center.
- Add the PI user again in NSX.
- Register the Antrea container cluster to NSX again.
For more information, see Prerequisites for Registering an Antrea Container Cluster to NSX-T Data Center.