Ability to backup the cluster (probably initially without PVC data, later with), probably to some S3-compatible object storage, with or without encryption. This could then be used to in the bootstrap process of a new node to bootstrap from the backup.
Since this is for DR and such, we need a way to bootstrap decryption, probably by also asymmetrically encrypting the backup encryption key with a public key from one or more FIDO tokens or similar. Should probably be the same (at least from a config perspective) as the external bootstrap keys for recovery from a situation where all control plane nodes went down with integrity enabled.
Ability to backup the cluster (probably initially without PVC data, later with), probably to some S3-compatible object storage, with or without encryption. This could then be used to in the bootstrap process of a new node to bootstrap from the backup.
Since this is for DR and such, we need a way to bootstrap decryption, probably by also asymmetrically encrypting the backup encryption key with a public key from one or more FIDO tokens or similar. Should probably be the same (at least from a config perspective) as the external bootstrap keys for recovery from a situation where all control plane nodes went down with integrity enabled.