ETCD Backup and Restore - CKA Exam Question and Answer !!


Command to backup the ETCD :

# ETCDCTL_API=3 etcdctl — endpoints=[ENDPOINT] — cacert=[CA CERT] — cert=[ETCD SERVER CERT] — key=[ETCD SERVER KEY] snapshot save [BACKUP FILE NAME]

1.ENDPOINT 
2.CA CERT 
3.ETCD SERVER CERT 
4.ETCD SERVER KEY 
5.BACKUP FILE NAME 

#ETCDCTL_API=3 etcdctl help  //We can get all the options which we need to use.

Finding the values: 

Method 1: 

#kubectl get pods -n kube-system 
  // Find ETCD container in kube-system namespace

#kubectl describe pod etcd-master -n kube-system 
   // look at running ETCD container details.

 endpoint:  — advertise-client-urls=https://192.17.0.15:2379
 ca certificate:  — trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
 server certificate :  — cert-file=/etc/kubernetes/pki/etcd/server.crt
 key:  — key-file=/etc/kubernetes/pki/etcd/server.key

Method 2:

#ETCDCTL_API=3 etcdctl version 
#cd /etc/kubernetes/manifest

#cat etcd.yaml    //look for the cert file and its location details 

Now we are done and ready to fire the backup command. 

#ETCDCTL_API=3 etcdctl --endpoints=https://192.17.0.15:2379  --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key memberlist 
#ETCDCTL_API=3 etcdctl --endpoints=  --cacert=/opt/ --cert=/client.crt --key=client.key snapshot save /tmp/etcd_bkp.db 

Verify the backed up file using below command:

#ETCDCTL_API=3 etcdctl --endpoints=  --cacert=<paste the path> --cert=<paste path> --key=<paste path> snapshot status /tmp/etcd_bkp.db -w table
 
Restore ETCD from backup file: 

Restore ETCD to new data directory

#ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 
     --cacert=/etc/kubernetes/pki/etcd/ca.crt \
     --cert=/etc/kubernetes/pki/etcd/server.crt 
     --key=/etc/kubernetes/pki/etcd/server.key \
     --data-dir /var/lib/etcd-from-backup \
     snapshot restore /opt/snapshot-pre-boot.db

Modify /etc/kubernetes/manifests/etcd.yaml:

Update ETCD POD to use the new hostPath directory /var/lib/etcd-from-backup by modifying the pod definition file at /etc/kubernetes/manifests/etcd.yaml. When this file is updated, the ETCD pod is automatically re-created as this is a static pod placed under the /etc/kubernetes/manifests directory. 

Update volumes and volume mounts to point to new path
 
  volumes:
  - hostPath:
      path: /var/lib/etcd-from-backup
      type: DirectoryOrCreate
    name: etcd-data
  - hostPath:
      path: /etc/kubernetes/pki/etcd
      type: DirectoryOrCreate
    name: etcd-certs


 Note2: If the etcd pod is not getting Ready 1/1, then restart it by kubectl delete pod -n kube-system etcd-controlplane and wait 1 minute.


#kubectl delete pod -n kube-system etcd-controlplane



Post a Comment

3 Comments

  1. Hi Madeswaran.. In the CKA exam, I see that the keys and certificate files are placed in the edge node and not on the master node. Is there a way to do etcd snapshot save and restore from edge node ? I was not able to copy the required key and certificate files to the master node.

    ReplyDelete
  2. Yes i am able to save snapshot but dono how to restore from edge server to master node. Pls guide us

    ReplyDelete