Command to backup the ETCD :
# ETCDCTL_API=3 etcdctl — endpoints=[ENDPOINT] — cacert=[CA CERT] — cert=[ETCD SERVER CERT] — key=[ETCD SERVER KEY] snapshot save [BACKUP FILE NAME]
1.ENDPOINT
2.CA CERT
3.ETCD SERVER CERT
4.ETCD SERVER KEY
5.BACKUP FILE NAME
#ETCDCTL_API=3 etcdctl help //We can get all the options which we need to use.
Finding the values:
Method 1:
#kubectl get pods -n kube-system
// Find ETCD container in kube-system namespace
#kubectl describe pod etcd-master -n kube-system
// look at running ETCD container details.
endpoint: — advertise-client-urls=https://192.17.0.15:2379
ca certificate: — trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
server certificate : — cert-file=/etc/kubernetes/pki/etcd/server.crt
key: — key-file=/etc/kubernetes/pki/etcd/server.key
Method 2:
#ETCDCTL_API=3 etcdctl version
#cd /etc/kubernetes/manifest
#cat etcd.yaml //look for the cert file and its location details
Now we are done and ready to fire the backup command.
#ETCDCTL_API=3 etcdctl --endpoints=https://192.17.0.15:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key memberlist
#ETCDCTL_API=3 etcdctl --endpoints= --cacert=/opt/ --cert=/client.crt --key=client.key snapshot save /tmp/etcd_bkp.db
Verify the backed up file using below command:
#ETCDCTL_API=3 etcdctl --endpoints= --cacert=<paste the path> --cert=<paste path> --key=<paste path> snapshot status /tmp/etcd_bkp.db -w table
Restore ETCD from backup file:
Restore ETCD to new data directory
#ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir /var/lib/etcd-from-backup \
snapshot restore /opt/snapshot-pre-boot.db
Modify /etc/kubernetes/manifests/etcd.yaml:
Update ETCD POD to use the new hostPath directory /var/lib/etcd-from-backup by modifying the pod definition file at /etc/kubernetes/manifests/etcd.yaml. When this file is updated, the ETCD pod is automatically re-created as this is a static pod placed under the /etc/kubernetes/manifests directory.
Update volumes and volume mounts to point to new path
volumes:
- hostPath:
path: /var/lib/etcd-from-backup
type: DirectoryOrCreate
name: etcd-data
- hostPath:
path: /etc/kubernetes/pki/etcd
type: DirectoryOrCreate
name: etcd-certs
Note2: If the etcd pod is not getting Ready 1/1, then restart it by kubectl delete pod -n kube-system etcd-controlplane and wait 1 minute.
#kubectl delete pod -n kube-system etcd-controlplane
3 Comments
Hi Madeswaran.. In the CKA exam, I see that the keys and certificate files are placed in the edge node and not on the master node. Is there a way to do etcd snapshot save and restore from edge node ? I was not able to copy the required key and certificate files to the master node.
ReplyDeleteYes i am able to save snapshot but dono how to restore from edge server to master node. Pls guide us
ReplyDeleteThanks for this guide .
ReplyDelete