Use this documentation to understand the behavior of the restore operation from an NSX backup that contains Antrea Kubernetes clusters, which are registered to NSX.
When you restore an
NSX backup, the following behavior occurs:
- All existing K8s resources of the registered Antrea Kubernetes clusters, for example, pods, services, namespaces, and so on, are not restored to their previous status when the NSX backup was taken. There is no impact to the Kubernetes cluster and it will continue to work.
- When NSX is restored from the backup file, DFW policies that were applied to Antrea K8s clusters return to their previous status (that is, the status when the backup was taken). However, K8s resources that are seen by the DFW rules, such as Ingress, Antrea Egress, services, namespaces, and so on, are at their latest (current) status. This causes inconsistency.
A resynchronization is automatically done after the NSX restore is completed. The resynchronization ensures that all K8s resources in the NSX inventory return to their current status, and all restored NSX DFW policies are realized to the Kubernetes cluster.
- If you delete an Antrea Kubernetes cluster after the backup is done, and then restore NSX from this backup, some orphan Management Plane resources are detected in NSX. You must clean-up the orphan resources manually, such as DFW policies, cluster control plane node, and Principal Identity.
- If you register a new Antrea Kubernetes cluster to NSX after the backup is done, and then restore NSX from this backup, the new Antrea Kubernetes cluster cannot connect to NSX Manager. The reason is that Principal Identity (PI) user and cluster control plane node of this new Antrea Kubernetes cluster are missing.
In this case, do the following steps:
- Deregister the Antrea Kubernetes cluster from NSX to ensure a clean-up. For more information, see Deregister an Antrea Kubernetes Cluster from NSX.
- Add the PI user again in NSX.
- Register the Antrea Kubernetes cluster to NSX again.
For more information, see Prerequisites for Registering an Antrea Kubernetes Cluster to NSX.