Skip to main content

Configure disaster recovery

This guide explains how to configure disaster recovery for Chef 360 Platform.

Chef 360 Platform’s built-in disaster recovery lets you recover your deployment after a complete cluster failure. It creates full system snapshots that include embedded PostgreSQL data, application configuration, secrets, and Kubernetes cluster state, then restores them to a target environment running the same Chef 360 Platform version.

Disaster recovery uses an active-passive model and doesn’t support active-active replication or continuous synchronization between clusters. Backups are full, not incremental. You can schedule them or initiate them manually. During recovery, you bring the restored cluster online and resume access through a DNS or load balancer cutover using the same tenant FQDN.

Chef 360 Platform supports both AWS S3 and MinIO as backup storage destinations. Any environment can use either storage option. For air-gapped environments where AWS S3 isn’t reachable, MinIO is the only supported option. With MinIO, you can run a local S3-compatible object store within your private network, enabling full disaster recovery without external internet access.

Prerequisites

Disaster recovery has the following requirements:

  • Chef 360 Platform 1.7.0 or later installed and running.

  • S3-compatible object storage accessible to the Chef 360 Platform cluster. The following storage options are supported:

    • AWS S3
    • MinIO: Must be configured to use HTTP or HTTPS with a certificate issued by a publicly trusted certificate authority. MinIO with self-signed certificates isn’t supported.

To configure disaster recovery, you’ll need the following S3-compatible object storage details:

  • Bucket name
  • Storage path prefix
  • Storage region
  • Access key ID and secret key
  • S3 endpoint URL (required for MinIO; optional for AWS S3)

License entitlements

Disaster recovery is a built-in feature of Chef 360 Platform that’s available to all Chef 360 Platform customers. No additional license is required to use disaster recovery.

If the Disaster Recovery tab isn’t visible in the Admin Console, follow these steps:

  1. Verify that you’re running Chef 360 Platform 1.7.0 or later.

  2. Sync your license based on your deployment type:

    • Internet-connected: Select License > Sync License.
    • Air-gapped: Download a new license file, then select the License tab and upload the file.

  3. Reload the Admin Console.

Configure PostgreSQL database backups

Configuring PostgreSQL backups is optional. Follow these steps only if you want continuous database backup.

Chef 360 Platform supports two PostgreSQL deployment options:

  • PostgreSQL: A self-managed database running inside your cluster. Chef 360 Platform manages the database, so you must configure backups using the steps below.
  • PostgreSQL RDS: Amazon’s managed database service. AWS handles backups natively through RDS automated backups and snapshots. Skip the following instructions if you use PostgreSQL RDS.

To configure PostgreSQL database backups, follow these steps:

  1. In the Admin Console, select Application > Config.

  2. In the Managed Services section, locate PostgreSQL Type and select PostgreSQL.

    This enables the backup configuration fields in the next step.

  3. Select Backup Object Storage Configuration.

  4. Select the Enable Backup checkbox.

    When enabled, all storage configuration fields become required.

  5. Configure storage settings by entering the following:

    • Destination Path: The S3 path where database backups are stored, in the format s3://<BUCKET_NAME>/<POSTGRES_BACKUP_PATH>. For example, s3://backup-bucket/chef-360-backups/postgresql.

    • Region: The region for your S3-compatible storage service. For example, us-east-2. The default value is us-east-1.

    • Access Key: The access key for your S3-compatible storage service. The key must have write permissions to the destination path.

    • Secret Key: The secret key paired with the access key, used for authentication to your storage service.

    • S3 Endpoint URL: The endpoint URL for an S3-compatible storage service.

      • For AWS S3, leave this field empty.

      • For MinIO, enter the MinIO server URL. The default MinIO server port is 9000.

        MinIO supports the following configurations:

        • For HTTP without TLS: http://<MINIO_HOST_FQDN>:<PORT> (for example, http://minio.example.com:9000)
        • For HTTPS with a publicly trusted certificate: https://<MINIO_HOST_FQDN>:<PORT> (for example, https://minio.example.com:9000)

  6. Select Save Config to save your backup settings.

  7. Select Deploy to enable backups.

    The system validates S3 connectivity and enables continuous database backup operations.

Configure disaster recovery

To configure disaster recovery for the cluster, follow these steps:

  1. In the Admin Console, select the Disaster Recovery tab and then Settings & Schedule.

  2. In the Backup settings section, configure backup storage by entering the following:

    • Destination: Select S3-Compatible Storage.

    • Bucket: Your S3 bucket name.

    • Prefix: The path prefix under the bucket. For example, chef-360-backups/velero-backup.

      Use a different path prefix for PostgreSQL backups and disaster recovery backups to avoid conflicts.

    • Access Key ID: Your S3 access key.

    • Access Key Secret: Your S3 secret key.

    • Endpoint: The full S3 endpoint URL.

      • For AWS S3, enter the regional endpoint. For example, https://s3.us-east-2.amazonaws.com.

      • For MinIO, enter the MinIO server URL. MinIO supports the following configurations:

        • If MinIO is configured with HTTP (no TLS): http://<MINIO_HOST_FQDN>:<PORT> (for example, http://minio.example.com:9000)
        • If MinIO is configured with HTTPS and a publicly trusted certificate: https://<MINIO_HOST_FQDN>:<PORT> (for example, https://minio.example.com:9000)

    • Region: The region for your S3-compatible storage. For example, us-east-2.

  3. Select Update storage settings to save the configuration.

Schedule automatic backups

To schedule automatic backups:

  1. In the Scheduled backups pane, select Enable scheduled backups.
  2. Select a schedule: Hourly, Daily, or Weekly. Or, enter a custom cron expression (for example, 0 2 * * * to run daily at 02:00 UTC).
  3. Select Update schedule to save.

Scheduled backups run automatically according to the configured schedule. All backups appear in the Backups list with completion status and timing.

Configure retention policy

To set how long backups are retained, follow these steps:

  1. In the Retention policy pane, enter a retention value and select a time unit: Minutes, Hours, Days, Weeks, or Months.

  2. Select Update retention policy to save.

    This policy applies to both manual and scheduled backups.

Operational guidelines

  • Record the Chef 360 Platform version used to create each backup.

    To restore a backup, you must use the same Chef 360 Platform version that was used to create it.

  • Monitor storage usage with frequent scheduled backups.

  • Update retention policies based on compliance requirements.

  • Keep credentials secure but accessible during disaster scenarios.

Troubleshooting

If the Disaster Recovery tab isn’t visible in the Admin Console, follow these steps:

  1. Verify that you’re running Chef 360 Platform 1.7.0 or later.

  2. Sync your license based on your deployment type:

    • Internet-connected: Select License > Sync License.
    • Air-gapped: Download a new license file, then select the License tab and upload the file.

  3. Reload the Admin Console.

    Disaster recovery is a built-in feature of Chef 360 Platform and is available to all Chef 360 Platform customers.

If configuration fails, check for the following:

  • Missing s3:// prefix in the PostgreSQL destination path.
  • Incorrect region for the specified endpoint.
  • Endpoint missing protocol (must include http:// or https://).
  • Credentials that lack the required permissions for the storage paths.
  • Missing or incorrect S3 endpoint URL when using MinIO or another S3-compatible service.

If backups fail, check the following:

  • S3 connectivity and credentials.
  • Storage quotas and permissions.
  • Whether the PostgreSQL and DR backup paths are unique.
  • Whether the S3 endpoint URL is reachable from the cluster.
  • Chef 360 Platform doesn’t support MinIO deployments that use self‑signed certificates. Configure MinIO to run over HTTP or HTTPS with a publicly trusted CA‑signed certificate.

More information

Thank you for your feedback!

×