Runbook — Restore
Use restore only after choosing the recovery point and confirming the incident commander has approved data-plane changes. Prefer restoring into an isolated namespace first, then promote.
Preconditions
- Incident commander has selected the backup timestamp or full backup artifact.
- Target namespace is empty or explicitly approved for overwrite.
- Database credentials and encryption material are available.
- External ingress remains disabled until verification passes.
Steps
- Create an isolated restore namespace:bash
kubectl create ns finnest-restore - Install the chart with ingress disabled and restore values enabled:bash
helm upgrade --install finnest-power-restore oci://ghcr.io/finnestbr/charts/finnest-power \ -n finnest-restore \ -f infra/helm/finnest-power/values-bundles/local-dev.yaml \ -f restore-values.yaml \ --atomic --timeout 20m - Wait for PostgreSQL and service readiness.
- Run smoke tests against internal service URLs.
- Promote by switching ingress or by repeating the restore into the production namespace after approval.
Verification
- Database migrations match the deployed chart version.
- Tenant counts, consent counts, and recent audit rows match the selected recovery point.
- Service
/readyzendpoints are healthy. - No public traffic is enabled until verification is complete.