Skip to content
For Self-Managed AI Platform users running v11.1, see the on-premise platform documentation

Restoring secrets and configuration

To run a DataRobot application with previously backed up configuration and secrets (encryption keys, custom certificates), you must apply that configuration and those secrets when installing a new DataRobot application instance via Helm chart values.

重要

Previously backed up secrets can only be restored during a new DataRobot chart installation. You cannot add them to an already deployed DataRobot application.

Restore procedures

The following describes:

  • Restoring encryption keys
  • Restoring custom certificates

Restore encryption keys

Before installing the application, add the backed-up values for your encryption keys to the values.yaml file of the DataRobot application chart. The following values.yaml example shows how to configure the cluster to use existing secrets (from your ASYMMETRIC_KEY_PAIR_MONGO_ENCRYPTION_KEY.txt and DRSECURE_MONGO_ENCRYPTION_KEY.txt backup files) instead of generating new secrets:

core:
  services:
    core:
      # Value from ASYMMETRIC_KEY_PAIR_MONGO_ENCRYPTION_KEY.txt (the decoded content)
      asymmetrickey: <your_asymmetric_key_content_here>
      # Value from DRSECURE_MONGO_ENCRYPTION_KEY.txt (the decoded content)
      drsecurekey: <your_drsecurekey_content_here>

Restore custom certificates

For each custom certificate you backed up, you must first recreate it as a Kubernetes Secret and then reference it in your values.yaml file.

  1. Create a Kubernetes Secret from your certificate file. This example uses rabbit-cert as the secret name. Replace $DR_CORE_NAMESPACE with your DataRobot namespace and ./path/to/certificate with the actual path to your backed-up certificate file (e.g., rabbit-cert.pem).

    kubectl -n $DR_CORE_NAMESPACE create secret generic rabbit-cert --from-file=rabbit-cert.pem=./path/to/certificate/rabbit-cert.pem

    (The --from-file key should match the path value in the YAML below, e.g., rabbit-cert.pem)

  2. In your values.yaml file, create a mapping for this Secret. Paths define where the certificate will be mounted inside the container, within the /opt/datarobot/etc/certs/ directory. 例:

    globals:
  certs:
    # Refers to the Kubernetes Secret created in the previous step
    - secret: rabbit-cert
      # This will be the filename at /opt/datarobot/etc/certs/rabbit-cert.pem
      path: rabbit-cert.pem

    Repeat this process for all custom certificates that need to be restored.